Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id A593CC0032 for ; Mon, 16 Oct 2023 22:10:20 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 7597B40180 for ; Mon, 16 Oct 2023 22:10:20 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 7597B40180 Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=Z2CyKDFo X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5D9NyZaZRzpa for ; Mon, 16 Oct 2023 22:10:18 +0000 (UTC) Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) by smtp2.osuosl.org (Postfix) with ESMTPS id 2C1044017A for ; Mon, 16 Oct 2023 22:10:18 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 2C1044017A Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-d9a58aa4983so6026157276.0 for ; Mon, 16 Oct 2023 15:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697494217; x=1698099017; darn=lists.linuxfoundation.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=1diPO6HFk8Orx+VZ4d0MGDuRM5r7yIJQevWHrpNjZko=; b=Z2CyKDFoeYcEI4pUycUgcUtfw6FSVb2Z7FDbKbAmz/6QN5cyVbTaEubJL2TDROYy0/ P9R2sfBD2foStxBoGcMKWpGy5c0yNenzXg1FEjC10brOKQe2f5IsoIMGequ/iEdokBgD eg2x5u2x5BtIca0KtSLCY0dY/XagWIfSd0DPMzcE5y3lt8r9i0baxa5rcFAp0nBAP181 nzm9kcVfQ5MIjKOkfZS1mFLj5P5jc+978G2iC5GauudIym3ZpXbl5W8bxvr5D6smBNXE naXqBFBBYCBapApN87iHAdxri1LJvh8p90AjYM9QGJDoFdhGHhrgIW1RUyZKE69ypoHV zOSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697494217; x=1698099017; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1diPO6HFk8Orx+VZ4d0MGDuRM5r7yIJQevWHrpNjZko=; b=UPhhrzqPWeXcWQARv3ZWpwMo/qZKwxWHpLulNCnBzS0Id4AUmNYpBiwH4j3RFLEPuz SekHg3YqHv+MWtPi+OMgY6h6h2gE+rNx1ux8mwSlqgDFuXiLhGZwLVNAxP79QGv/oimq /Pmyc/M3j2CWQrgNRh3SSK+0bSsQMjHorrUkPYNapNTA1wgbO07VixIV4UJ1QlStdvZI GkB+0PpGXOFsg2x0qth4SmM8GkTs9Xn/k9MLtWBmfDk02aaN1uujST5Z7xzaFDJTiPtI q+C9mF9vAy4Unjoh6EA7Ucdx0jj4RdyiBzRY97xSFGRJZapDdFA28OQSSNHD1IJXiAJh OaUQ== X-Gm-Message-State: AOJu0YymXO1cGXB6+TrVeknA3IPj0sysSlQzKPziEfgajoB6sQsNmrAK ay7qVNolxi0wpAKalAR05S/r2bNUbGW7oIZt5Qc= X-Google-Smtp-Source: AGHT+IEG31dmFv+R9DQooRSJIo9WJ+iBbecJmYJk0qomSRieVwfDy4zYVcxKfnbJu/+xxhIJh+Sytfqb0JvwmS83tsA= X-Received: by 2002:a25:ae0c:0:b0:d81:bb7e:f47f with SMTP id a12-20020a25ae0c000000b00d81bb7ef47fmr320972ybj.44.1697494217014; Mon, 16 Oct 2023 15:10:17 -0700 (PDT) MIME-Version: 1.0 References: <7ED2BCD8-BAE3-48E3-9749-A396F3724B6E@petertodd.org> In-Reply-To: <7ED2BCD8-BAE3-48E3-9749-A396F3724B6E@petertodd.org> From: Matt Morehouse Date: Mon, 16 Oct 2023 22:10:06 +0000 Message-ID: To: Peter Todd , Bitcoin Protocol Discussion Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Mon, 16 Oct 2023 22:46:12 +0000 Subject: Re: [bitcoin-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us" X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2023 22:10:20 -0000 On Mon, Oct 16, 2023 at 7:21=E2=80=AFPM Peter Todd via bitcoin-dev wrote: > I think if you want people to understand this exploit, you need to explai= n in more detail how we have a situation where two different parties can sp= end the same HTLC txout, without the first party having the right to spend = it via their knowledge of the HTLC-preimage. The two main ways of spending an "offered" HTLC txout: 1) With a presigned multisig covenant transaction paying to the offerer (a.k.a HTLC-timeout transaction) 2) With a preimage and the receiver's signature Since option 1 uses a presigned covenant held by the offerer, only the offerer can spend via that path. Since option 2 requires the receiver's signature, only the receiver can spend via that path. The exact script used is here: https://github.com/lightning/bolts/blob/master/03-transactions.md#offered-h= tlc-outputs.