lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Nadav Ivgi

Posted on: October 22, 2023 04:49 UTC

The email discusses a potential solution for addressing an issue related to the use of unconfirmed outputs in the HTLC-preimage-spending transaction.

The suggestion is to introduce a new opcode called OP_CSV_ALLINPUTS or OP_CSV_OTHERINPUTS, which would require all inputs to have a matching nSequence. By using 1 OP_CSV_ALLINPUTS in the HTLC preimage branch, it would prevent the usage of unconfirmed outputs in the transaction, thereby protecting it against the replacement cycling attack. Alternatively, if desired, the opcode could be named OP_CSV_OTHERINPUTS, allowing the HTLC output itself to be spent immediately via the preimage branch, while requiring confirmation for other inputs added for fees.

The proposed solution aims to enhance security by ensuring that all inputs in the HTLC-preimage-spending transaction adhere to a specific condition. This would effectively prevent the usage of unconfirmed outputs, mitigating the risk of the replacement cycling attack. The suggested opcode, whether OP_CSV_ALLINPUTS or OP_CSV_OTHERINPUTS, plays a crucial role in enforcing this condition.

By employing 1 OP_CSV_ALLINPUTS, the solution guarantees that all inputs must have a matching nSequence. Consequently, any attempt to include unconfirmed outputs in the HTLC-preimage-spending transaction would be rendered invalid. On the other hand, if OP_CSV_OTHERINPUTS is chosen, the HTLC output itself can be spent immediately via the preimage branch, requiring only confirmation for additional inputs introduced for fees. Both options provide a means to protect against the replacement cycling attack, with the latter offering more flexibility for immediate spending of the HTLC output.

The introduction of either OP_CSV_ALLINPUTS or OP_CSV_OTHERINPUTS opcode addresses the issue at hand by imposing a requirement on the inputs used in the HTLC-preimage-spending transaction. This requirement ensures that all inputs have a matching nSequence and are confirmed, preventing the utilization of unconfirmed outputs. The proposed solution presents an effective measure to safeguard against the replacement cycling attack and enhance the overall security of the transaction process.

In conclusion, the email suggests the implementation of a new opcode, either OP_CSV_ALLINPUTS or OP_CSV_OTHERINPUTS, to address the issue related to unconfirmed outputs in the HTLC-preimage-spending transaction. By enforcing the condition that all inputs must have a matching nSequence, the proposed solution provides protection against the replacement cycling attack. This enhancement enhances security by preventing the inclusion of unconfirmed outputs and ensuring that the transaction process adheres to specific requirements.