lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 23, 2023 16:09 UTC

In an email conversation, Peter Todd brings up the point that although the proposed change may not seem significant in terms of its impact on lightning's trust model, it is still a valuable improvement considering the inherently chain-spammy nature of the system.

He mentions that in force-close cases, there are often repeated failures in several HTLCs (Hash Time-Locked Contracts). However, he suggests that instead of rushing to fix lightning, it would be more effective to address the issue at the ecosystem level to ensure a comprehensive solution.

Peter emphasizes the need for caution in implementing policy restrictions, as they should not only avoid disrupting the functionality of the L2 network but also prevent miners from receiving reduced payments. He considers this situation a policy bug that needs to be resolved properly rather than hastily.

Overall, Peter's email highlights the importance of thoroughly addressing the trust model and policy issues within the lightning network, taking into consideration the potential vulnerabilities and their potential impact on users and miners.