lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Jochen Hoenicke

Posted on: October 20, 2023 11:18 UTC

The email discusses a potential attack involving double-spending and HTLC (Hashed Time-Locked Contract) transactions.

The attack begins by double-spending the timeout HTLC transaction of the victim with a pre-image revealing HTLC transaction. However, this initial step is not considered an attack because the victim can use the pre-image to safely receive their incoming HTLC since the timeout has not expired.

The actual attack comes in when the attacker double-spends their own transaction before it reaches the blockchain. The third transaction involved in the attack also double-spends some input controlled by the attacker and used by the pre-image HTLC transaction. In an ideal scenario, the victim never sees the pre-image transaction, and they remain unaware of the pre-image itself.

It is important to note that the attacker's actions are limited to attacking the mempool of the mining nodes. This means that the victim may not even realize that their transaction has been replaced and may only be confused as to why it hasn't been mined.

Overall, the email highlights a potentially malicious attack involving double-spending and HTLC transactions, where the attacker takes advantage of the victim's timeout HTLC transaction and replaces it with a pre-image revealing HTLC transaction. The attack primarily targets the mempool of mining nodes, allowing the attacker to double-spend their own transaction without the victim's knowledge.