lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 20, 2023 10:47 UTC
The email raises a concern about the explanation provided regarding the expiration of the right to spend an HTLC (Hashed Time-Locked Contract) output.
The sender points out that while it is acknowledged that the HTLC-preimage does not expire, it is not clear why the party possessing the pre-image should lose the right to spend the output even after the timeout branch becomes another possible way to spend it.
The sender emphasizes the need for a proper explanation as to why the right to spend the HTLC-preimage output should expire if Caroll possesses the pre-image. They suggest that the current explanation sounds like Bob has stolen the output from Caroll simply because Caroll was unable to spend it within the given time frame.
It is important to address this concern and provide a clearer explanation for why the right to spend the HTLC-preimage output should expire. By doing so, it will help ensure a better understanding of the concept and avoid any potential confusion or misinterpretation.
Note: The farewell part of the email has been disregarded as per the given rules.