lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Peter Todd

Posted on: October 27, 2023 00:43 UTC

The email discusses a potential attack that involves the redemption of HTLC-preimage in Bitcoin transactions.

The sender clarifies that they are not claiming it is easy to execute this attack. They mention that there may be cases where it happens accidentally, such as when a node with a HTLC-preimage goes offline and comes back online at the right time to broadcast a redemption transaction with a higher fee than the timeout transaction. If the other node goes offline after broadcasting the timeout transaction, it may fail to notice the HTLC-preimage in the mempool and thus fail to redeem it. The sender suggests that using OP_Expire could help prevent this situation by making it impossible to redeem the HTLC-preimage after the timeout.

The email also includes a link to a website (https://petertodd.org) which provides further information on the topic. However, the specific content of the website is not mentioned in the email.

Please note that the farewell part of the email is not included in this summary.