lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 19, 2023 16:23 UTC
The email discusses a proposed defense mechanism against an attack on the Lightning Network.
The author suggests that an honest node could aggressively fee-bump and retransmit the HTLC-timeout as the CLTV delta deadline approaches. This strategy involves increasing the fee by 1/10th of the HTLC value for each non-confirmation, starting within 10 blocks of the deadline.
The author refers to this approach as a "scorched earth" approach, as it may incur significant fees for the honest node. However, they argue that it would be even more costly for the attacker, as each replacement attempt would need to burn at least as much as the HTLC-timeout fees. Additionally, the attacker would need to perform a replacement every time the honest node fee bumps.
The email suggests that this fee-bumping policy would provide sufficient defense against the attack, even if the attacker is replacement-cycling directly in miners' mempools and the victim has no visibility into the attack. It implies that by employing this strategy, the honest node can effectively protect itself and make the attack economically unfeasible for the attacker.
Overall, the email explores a potential solution to counter an attack on the Lightning Network by utilizing aggressive fee-bumping and retransmission of the HTLC-timeout as the CLTV delta deadline approaches.