lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 20, 2023 21:05 UTC
The email discusses a potential attack on anchor channels in the context of Bitcoin Core and lightning network.
The attack can be performed on pre-anchor channels, where the HTLCs are signed with SIGHASH_SINGLE|ANYONECANPAY. However, with anchor channels, the attack can be performed by either side of the closure. The email suggests that fixing this issue on the lightning end is not the right approach, as it is ultimately a problem with the transaction broadcast ordering and the optimal set of transactions for fee revenue.
The author highlights that the fix for this issue should lie with Bitcoin Core or other parts of the mining stack. Fixing it in the Bitcoin Core stack would require unbounded memory, which is not feasible. However, the author proposes the idea of using external software to monitor the mempool for transactions that were replaced out but could potentially re-enter the mempool later with other replacements. This software could optimize the revenue of block template selection and unintentionally fix the issue.
Overall, the email raises the concern of an attack on anchor channels and suggests that the solution should be implemented at the Bitcoin Core level. The proposal involves using external software to monitor the mempool and optimize block template selection.