lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 21, 2023 01:55 UTC

In an email sent by Peter Todd, he discusses the issue of dealing with a large amount of data when using Lightning.

While Lightning currently doesn't generate significant amounts of data, when multiplied by 100, it becomes a challenge to store and manage the data for larger nodes. This becomes more difficult compared to dealing with smaller amounts like a GiB or twenty.

The main point Peter is making is that if they have the SIGHASH_SINGLE|ANYONECANPAY feature, they can combine multiple HTLC (Hash Time Locked Contract) claims into one transaction. On the other hand, if they rely on pre-signing, they would be stuck with numerous individual transactions.

This information highlights the potential scalability challenges associated with Lightning and the need for efficient data storage and management solutions. By combining multiple HTLC claims into a single transaction, the process can be streamlined and made more manageable, reducing the burden of dealing with a large volume of individual transactions.

It is important to note that this email does not provide any specific technical details or links to further information. However, the discussion around the scalability issues and potential solutions can be a starting point for further exploration and research on the topic.