lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 21, 2023 02:43 UTC
The email discusses the topic of storing ephemeral data, specifically HTLC (Hash Time-Locked Contract) transactions and commitment transactions.
It mentions that in the Lightning Network, disclosed secrets are used to invalidate old state, so there is no need to keep every signature from the counterparty indefinitely.
The email also mentions that RBF (Replace-By-Fee) has a minimum incremental relay fee of 1 sat/vByte by default. This means that if multiple SIGHASH_SINGLE transactions are combined together, the savings in terms of transaction size aren't significant. Only 18 bytes are saved for nVersion, nLockTime, and the txin and txout size fields. The HTLC-timeout transaction is 166.5 vBytes, resulting in a savings of just 11%.
However, if there is a need to fee bump and add an additional input, it takes up space and a change output may be required. In such cases, using a pre-signed transaction would have been more beneficial.
The email also mentions the assumption that there are many HTLCs in flight that need to be spent, but this is often not the case.
Overall, the email provides insights into the storage of ephemeral data and considerations related to transaction size and fee optimization in the context of HTLC and commitment transactions.