lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Peter Todd

Posted on: October 20, 2023 10:31 UTC

The email discusses the problem of not utilizing RBF (Replace-By-Fee) effectively.

The sender suggests that the correct approach for pre-signed transactions is to pre-sign multiple different transactions to cover various fee requirements. They propose increasing the fee by 2x each time, resulting in a range of fees covered by pre-signed replacement transactions that can be extended up to 1024x. It is mentioned that this range can be further improved by adjusting the multiplier towards the end.

The sender emphasizes that the increase in per-transaction storage and bandwidth costs by around 10x or even 100x should not be a concern within the context of a highly scalable protocol like Lightning. They state that there is no valid reason for transactions from B to C to get stuck, considering it as a major flaw in the Lightning protocol that needs to be addressed.

Furthermore, the sender suggests applying the same fix to other aspects of the Lightning protocol, including channel opens, to ensure smooth and efficient operations. The email concludes with a link to Peter Todd's website (https://petertodd.org) and an email address (peter@petertodd.org).