lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Bastien TEINTURIER

Posted on: October 19, 2023 08:12 UTC

Antoine's work on the issue has been acknowledged and it is confirmed that eclair v0.9.0 includes the mentioned mitigations.

Eclair has been monitoring the mempool for preimages since its early versions, utilizing Bitcoin Core's ZMQ notifications for incoming transactions. This ensures that the HTLC success transaction is observed, even if it is promptly replaced, as long as the ZMQ limits are not exceeded. However, Matt suggests that further work should be done at the bitcoin layer to enhance the resilience of L2 protocols against such attacks.