lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 21, 2023 01:03 UTC

The email from Peter Todd discusses the use of anchor outputs and the removal of pre-set fee rates in order to address issues with edge cases and the fee-inflation attack.

By allowing the broadcaster to choose which transaction to broadcast, the use of pre-signed transactions can avoid reintroducing these issues. However, Todd expresses skepticism about the use of multiple pre-signed transactions, citing concerns about increased fee overhead and the difficulty of keeping track of different variants across various fee rates. He views this as a policy bug that needs to be addressed at the policy/Bitcoin Core layer, rather than in the lightning world.