lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Nagaev Boris

Posted on: October 21, 2023 14:21 UTC

The email discusses the idea of interleaving presigned transactions based on their fees.

The suggestion is to have a sequence of transactions where each transaction alternates between sending funds to Alice and Bob. For example, transaction 1.1 goes to Alice, transaction 1.2 goes to Bob, transaction 1.3 goes to Alice, and so on.

The rationale behind this approach is to reduce the risks of mempool split. If multiple transactions with the same fee are sent simultaneously to Alice and Bob, there is a possibility that some nodes in the network will have one transaction in their mempools while the other half will have the other transaction. This scenario can potentially lead to issues, although it's not clear how exactly it could be exploited in replacement cycling attacks.

By interweaving the transactions, any new transaction in the chain would replace all previous transactions, ensuring consistency across the network. This strategy aims to prevent the aforementioned scenario and minimize potential risks.

Overall, the proposal suggests a method to improve the safety and integrity of presigned transactions by organizing them in a way that reduces the chances of mempool split and its associated complications.