lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 18, 2023 02:57 UTC
The email discusses various mitigations for lightning attacks in the context of disclosure mails.
One of the mentioned mitigations is bumping CLTV delta, which allows node operators to intervene and re-broadcast time-sensitive transactions on other interfaces if the first one is eclipsed. This is considered a basic line of defense against many lightning attacks.
Another mitigation mentioned is transaction re-signing, which imposes an economic cost (in fees/feerates) on the attack. However, it is unclear if this cost holds in terms of game theory. The deployment of stratum v2, which increases the number of miners and their individual block templates, can potentially make the attack harder as the attacker would need to continuously replace channels counterparties transactions in multiple miners' mempools. Having a replacement buffer or history of transactions at the mempool level could be a potential mitigation for this.
The email also mentions that fees have been identified as a challenging issue in the original lightning paper. It suggests that individuals like Tadge or Rusty, who were involved in the early design of lightning, may have more ideas for mitigations.