lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Antoine Riard

Posted on: October 19, 2023 17:22 UTC

In an email conversation between Matt and Antoine, the main topic revolves around a specific mitigation mentioned in an attached paper.

Antoine refers to subsection 3.4 of the paper titled "defensive fee-rebroadcasting" and provides a link to the paper on GitHub (https://github.com/ariard/mempool-research/blob/2023-10-replacement-paper/replacement-cycling.pdf).

Antoine highlights that when there is a mempool backlog and the defensive fractional fee HTLC-timeout becomes stuck, it gives an advantage to the attacker. Additionally, Antoine suggests that an attacker can replace-cycle multiple honest HTLC-timeouts with a single malicious HTLC-preimage, paying the absolute fee but only encumbering the RBF penalty. Although he hasn't tested this specific behavior, Antoine mentions that the "fees" math doesn't initially seem advantageous for the defenders.

Overall, the email focuses on the mentioned mitigation strategy and its potential implications in terms of advantages for attackers and disadvantages for defenders. The provided link to the attached paper allows for further exploration of the discussed topic.