lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby David A. Harding

Posted on: October 23, 2023 08:49 UTC

In an email sent by Nadav Ivgi via bitcoin dev, the underlying problem of a replacement cycle is discussed.

The description provided by Riard outlines a replacement cycle where Bob broadcasts an HTLC-timeout and Mallory replaces it with an HTLC-preimage. Mallory then replaces the transaction that created input C, removing the HTLC-preimage from the mempool.

However, an alternative approach is proposed where Bob broadcasts an HTLC-timeout and Mallory replaces it with an HTLC-preimage. In this case, Mallory uses input C to replace the HTLC-preimage with a transaction that does not include input A, thereby removing the preimage from the mempool.

The original scenario requires input C to be from an unconfirmed transaction, making the use of OP_CSV_ALLINPUTS effective. However, in the alternative scenario, input C can come from a confirmed transaction, rendering OP_CSV_ALLINPUTS ineffective.

The discussion highlights the difference between the two approaches and their effectiveness in handling the replacement cycle.