lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Peter Todd

Posted on: October 20, 2023 11:03 UTC

The email discusses the concept of "increasing the multiplier" in the context of fee bumps.

The idea is to start with a smaller multiplier at the beginning of the range and end with a bigger one. This approach allows for smaller bumps in fees at the beginning, using a percentage of the range, while reserving larger percentage bumps for the end when the strategy changes to something more aggressive.

Applying this idea to commitment transactions would involve removing HTLCs when their value drops below the necessary fees to get those outputs mined. It is also possible to sign simultaneous variants of transactions that deduct fees from different parties' outputs. For example, Alice can give Bob the ability to broadcast higher fee transactions, taking the fees from Bob's outputs, and vice versa.

The author mentions that they haven't thought through how this would work with musig but states that it can be done with plain old OP_CheckMultisig.

For more information on this topic, you can visit the website https://petertodd.org or contact Peter Todd at peter@petertodd.org.