diff options
| author | Peter Todd <pete@petertodd.org> | 2023-10-16 21:13:52 +0200 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2023-10-16 19:21:03 +0000 |
| commit | cdede347ae5bbc530cbe4d67fac01c4cd99f5651 (patch) | |
| tree | 419944514102e36d7b87c281fb8c6eadfee5dc71 | |
| parent | 09516b3c7c4fc3956cc68d674f1cdc6828aa5f95 (diff) | |
| download | pi-bitcoindev-cdede347ae5bbc530cbe4d67fac01c4cd99f5651.tar.gz pi-bitcoindev-cdede347ae5bbc530cbe4d67fac01c4cd99f5651.zip | |
Re: [bitcoin-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
| -rw-r--r-- | 3c/13cd66626de38576fe5911beb560eb08332d7f | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/3c/13cd66626de38576fe5911beb560eb08332d7f b/3c/13cd66626de38576fe5911beb560eb08332d7f new file mode 100644 index 000000000..b2b9cddeb --- /dev/null +++ b/3c/13cd66626de38576fe5911beb560eb08332d7f @@ -0,0 +1,121 @@ +Return-Path: <pete@petertodd.org> +Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) + by lists.linuxfoundation.org (Postfix) with ESMTP id D3077C0032 + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 16 Oct 2023 19:21:03 +0000 (UTC) +Received: from localhost (localhost [127.0.0.1]) + by smtp4.osuosl.org (Postfix) with ESMTP id 85FE0405D8 + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 16 Oct 2023 19:21:03 +0000 (UTC) +DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 85FE0405D8 +Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key, + unprotected) header.d=messagingengine.com header.i=@messagingengine.com + header.a=rsa-sha256 header.s=fm3 header.b=cZi3P8d9 +X-Virus-Scanned: amavisd-new at osuosl.org +X-Spam-Flag: NO +X-Spam-Score: -2.602 +X-Spam-Level: +X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 + tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, + RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] + autolearn=ham autolearn_force=no +Received: from smtp4.osuosl.org ([127.0.0.1]) + by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id EZs0aedz0lxD + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 16 Oct 2023 19:21:02 +0000 (UTC) +X-Greylist: delayed 421 seconds by postgrey-1.37 at util1.osuosl.org; + Mon, 16 Oct 2023 19:21:02 UTC +DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 235AF405AE +Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com + [66.111.4.29]) + by smtp4.osuosl.org (Postfix) with ESMTPS id 235AF405AE + for <bitcoin-dev@lists.linuxfoundation.org>; + Mon, 16 Oct 2023 19:21:02 +0000 (UTC) +Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) + by mailout.nyi.internal (Postfix) with ESMTP id 4F18E5C003F; + Mon, 16 Oct 2023 15:13:57 -0400 (EDT) +Received: from mailfrontend2 ([10.202.2.163]) + by compute7.internal (MEProxy); Mon, 16 Oct 2023 15:13:57 -0400 +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= + messagingengine.com; h=cc:content-transfer-encoding:content-type + :content-type:date:date:feedback-id:feedback-id:from:from + :in-reply-to:in-reply-to:message-id:mime-version:references + :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy + :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1697483637; x= + 1697570037; bh=ZGSvrI9lMrdz4AvT8KIc6NwAKoXgWbPZgEBLBaWNRgs=; b=c + Zi3P8d9Klfs1oRD3NKkc0V39KUHR2oYUhF27JLclDhbPLMqJWad9TeAA9Jx+LuQt + BbsWSCc4bYO+W2LDSQ9I4RHlV6wHU6SshdCjOZSLp1d5u4MVbG73TlAdSJHOEhaM + jXeejLJ/iyTch52+Gqj2jYfAQsTIiu8RtGU43rwYH9hpE8dvubHOC815JJLWroFA + R4Ptj156h5IFRQO+RE1+Av5YTdrfAu6GJnz87aJSdGbrLimDMfzuJg7NnABmlJJV + yU3ZhRRBQn8FeYRRKvrodpg2AfqfO+bdStwilR1Xs3poPb8YUh9Z3M7G1tD8Kkxw + m/H6nU+fdSUTJbAfWopEA== +X-ME-Sender: <xms:dIstZUejtKgTSyS1ZHoIaA1Fl0i0menEHGYf78EUJStOS_UdvGQGpw> + <xme:dIstZWNrBX_iLnVJ4FPBSgFjMX5gADDi2VmXT2pz9ZwanRlKYGBFSQRXgD1ORUQGS + y_aCp41AfbXmA1Y43k> +X-ME-Received: <xmr:dIstZVgDbsQWXmYEy1e_2quN_1UEFZJpG6CnNtF2xafFmQ-e_bEWP55u9X-cHA> +X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjedtgddufeduucetufdoteggodetrfdotf + fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen + uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne + cujfgurhepfffhvffufggjfhfkgggtgfesthhqmhdttderjeenucfhrhhomheprfgvthgv + rhcuvfhougguuceophgvthgvsehpvghtvghrthhouggurdhorhhgqeenucggtffrrghtth + gvrhhnpefhteeuleffvddujeejteejjefgjeefleeiieejudeiiedvueegffefueeglefg + ueenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvg + htvgesphgvthgvrhhtohguugdrohhrgh +X-ME-Proxy: <xmx:dYstZZ_o2yN5g6twbPZTOTiKbczJnUXX-4IdF7PtxsAdSx6-RCVDjw> + <xmx:dYstZQuqeGim9zc3VI3XVJ2fVvDTOHwgl1EL99wZ3ubEJVAOzqrFdQ> + <xmx:dYstZQHlMLFB64iNPig8oQPZD5Trx3xwttoI6l2DQY0Hc-Kt03hKMQ> + <xmx:dYstZcKJVtOu31MlaFU9hSZozIi06mt7mNktp3dOIuwcLAjtYIGTtg> +Feedback-ID: i525146e8:Fastmail +Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, + 16 Oct 2023 15:13:56 -0400 (EDT) +Date: Mon, 16 Oct 2023 21:13:52 +0200 +From: Peter Todd <pete@petertodd.org> +To: Antoine Riard <antoine.riard@gmail.com>, + Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +User-Agent: K-9 Mail for Android +In-Reply-To: <CALZpt+GdyfDotdhrrVkjTALg5DbxJyiS8ruO2S7Ggmi9Ra5B9g@mail.gmail.com> +References: <CALZpt+GdyfDotdhrrVkjTALg5DbxJyiS8ruO2S7Ggmi9Ra5B9g@mail.gmail.com> +Message-ID: <7ED2BCD8-BAE3-48E3-9749-A396F3724B6E@petertodd.org> +MIME-Version: 1.0 +Content-Type: text/plain; + charset=utf-8 +Content-Transfer-Encoding: quoted-printable +Subject: Re: [bitcoin-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 + / CVE-2023-40233 / CVE-2023-40234 "All your mempool are + belong to us" +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.15 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Mon, 16 Oct 2023 19:21:03 -0000 + + + +On October 16, 2023 6:57:36 PM GMT+02:00, Antoine Riard via bitcoin-dev <b= +itcoin-dev@lists=2Elinuxfoundation=2Eorg> wrote: +>(cross-posting mempool issues identified are exposing lightning chan to +>loss of funds risks, other multi-party bitcoin apps might be affected) +> +>As the HTLC-preimage spends an unconfirmed input that was already include= +d +>in the unconfirmed and unrelated child transaction (rule 2), pays an +>absolute higher fee of at least the sum paid by the HTLC-timeout and chil= +d +>transaction (rule 3) and the HTLC-preimage feerate is greater than all +>directly conflicting transactions (rule 6), the replacement is accepted= +=2E +>The honest HTLC-timeout is evicted out of the mempool=2E + +I think if you want people to understand this exploit, you need to explain= + in more detail how we have a situation where two different parties can spe= +nd the same HTLC txout, without the first party having the right to spend i= +t via their knowledge of the HTLC-preimage=2E + |