1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
Return-Path: <pete@petertodd.org>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 02A97C0032;
Fri, 20 Oct 2023 10:40:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp1.osuosl.org (Postfix) with ESMTP id CBEED8480B;
Fri, 20 Oct 2023 10:40:50 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org CBEED8480B
Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key,
unprotected) header.d=messagingengine.com header.i=@messagingengine.com
header.a=rsa-sha256 header.s=fm3 header.b=iOvRbJYG
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001,
RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id jevWVKBXrt7j; Fri, 20 Oct 2023 10:40:49 +0000 (UTC)
X-Greylist: delayed 573 seconds by postgrey-1.37 at util1.osuosl.org;
Fri, 20 Oct 2023 10:40:48 UTC
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org EB05C847F7
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com
[64.147.123.21])
by smtp1.osuosl.org (Postfix) with ESMTPS id EB05C847F7;
Fri, 20 Oct 2023 10:40:48 +0000 (UTC)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
by mailout.west.internal (Postfix) with ESMTP id 786B93200980;
Fri, 20 Oct 2023 06:31:09 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
by compute4.internal (MEProxy); Fri, 20 Oct 2023 06:31:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:cc:content-type:content-type:date:date
:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
:message-id:mime-version:references:reply-to:sender:subject
:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
:x-sasl-enc; s=fm3; t=1697797868; x=1697884268; bh=DN6RdQAlPAzkK
XKo2MwNX4NKW6hJVKfU4ZUqL6FnQg0=; b=iOvRbJYGyG/UTErh6W7A8OAqZteRu
rWP9pQiu/RY01fwdk2uMk5IzKvbTjDZti2YS0JTPukDpiEh5JhoiFcw8gGG8/B6Q
q+0V+FxFasGToPtcMsvTz7pZE/OvLDRPddKI4R7DQapbHqYqSQ8r7KnkuWCjl3w0
kM9bJYQqmWCMjK5DoogI9xujBogxvNFmBfjwptE4Eqem1JHHSOmmEDkfGBQv8R8s
sA9+9O85ThW+93fBa4qiOqka9xLuu9LUguCyy1Imn5SrkEIHRvRuRTTCbchDwtM6
k0FK0ZVgiJJEXlHegMVbpJTAmjnVNLdmxKNTztoLC2XunC1+CLfIKuJyA==
X-ME-Sender: <xms:7FYyZULLFq_U82FFZKRKdZJujdvbf-fiIw4PKM5Z0xQuvhegnKXzlA>
<xme:7FYyZULzH-ynSgJKo0n4qjMEILxfvPXIehZ0Tgg1ITqceaRBYL52rYidziEiKZ5kl
60IEEQFt0qz4gAj32o>
X-ME-Received: <xmr:7FYyZUs3YLLdEBPybPtTdMoBcIeJhTwR9Ycwz7I7x38a41ZvRq4o4NG0gA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjeekgddvkecutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
fjughrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrvghtvghr
ucfvohguugcuoehpvghtvgesphgvthgvrhhtohguugdrohhrgheqnecuggftrfgrthhtvg
hrnhepledvleelffdtudekudffjefgfeejueehieelfedtgfetudetgeegveeutefhjedt
necuffhomhgrihhnpehpvghtvghrthhouggurdhorhhgnecuvehluhhsthgvrhfuihiivg
eptdenucfrrghrrghmpehmrghilhhfrhhomhepphgvthgvsehpvghtvghrthhouggurdho
rhhg
X-ME-Proxy: <xmx:7FYyZRZZrKweb8FMG0kfNLSSI-_g8ZSjlw15H6fX2cI6mSwuBhNFLg>
<xmx:7FYyZbZ2982RxeZn9ocsoC63DLdzdunnu6Rp5HdIFJ5NV4qU2yRUEg>
<xmx:7FYyZdCrs8sm_C3Oqk_hBJxknXgvxOxWdM412YpA_iQtT9Rp34I0Tw>
<xmx:7FYyZWxexlvMpWpj8tjzXxcrg6L3smunhLReAvrV3l8fjR0Ah9oW2w>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri,
20 Oct 2023 06:31:08 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
id 9BDCC5F844; Fri, 20 Oct 2023 10:31:03 +0000 (UTC)
Date: Fri, 20 Oct 2023 10:31:03 +0000
From: Peter Todd <pete@petertodd.org>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <ZTJW59wQ/4WLZt2h@petertodd.org>
References: <CALZpt+GdyfDotdhrrVkjTALg5DbxJyiS8ruO2S7Ggmi9Ra5B9g@mail.gmail.com>
<eW4O0HQJ2cbrzZhXSlgeDRWuhgRHXcAxIQCHJiqPh1zUxr270xPvl_tb7C4DUauZy56HaCq6BqGN9p4k-bkqQmLb4EHzPgIxZIZGVPlqyF0=@protonmail.com>
<64VpLnXQLbeoc895Z9aR7C1CfH6IFxPFDrk0om-md1eqvdMczLSnhwH29T6EWCXgiGQiRqQnAYsezbvNvoPCdcfvCvp__Y8BA1ow5UwY2yQ=@protonmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="+mk2Sy32npezIUMt"
Content-Disposition: inline
In-Reply-To: <64VpLnXQLbeoc895Z9aR7C1CfH6IFxPFDrk0om-md1eqvdMczLSnhwH29T6EWCXgiGQiRqQnAYsezbvNvoPCdcfvCvp__Y8BA1ow5UwY2yQ=@protonmail.com>
Cc: security@ariard.me,
"lightning-dev\\\\\\\\\\\\\\\\@lists.linuxfoundation.org"
<lightning-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Lightning-dev] Full Disclosure: CVE-2023-40231 /
CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are
belong to us"
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2023 10:40:51 -0000
--+mk2Sy32npezIUMt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Oct 17, 2023 at 10:34:04AM +0000, ZmnSCPxj via bitcoin-dev wrote:
> Good morning Antoine et al.,
>=20
> Let me try to rephrase the core of the attack.
>=20
> There exists these nodes on the LN (letters `A`, `B`, and `C` are nodes, =
`=3D=3D` are channels):
>=20
> A =3D=3D=3D=3D=3D B =3D=3D=3D=3D=3D C
>=20
> `A` routes `A->B->C`.
>=20
> The timelocks, for example, could be:
>=20
> A->B timeelock =3D 144
> B->C timelock =3D 100
>=20
> The above satisfies the LN BOLT requirements, as long as `B` has a `cltv_=
expiry_delta` of 44 or lower.
>=20
> After `B` forwards the HTLC `B->C`, C suddenly goes offline, and all the =
signed transactions --- commitment transaction and HTLC-timeout transaction=
s --- are "stuck" at the feerate at the time.
>
> At block height 100, `B` notices the `B->C` HTLC timelock is expired with=
out `C` having claimed it, so `B` forces the `B=3D=3D=3D=3DC` channel oncha=
in.
> However, onchain feerates have risen and the commitment transaction and H=
TLC-timeout transaction do not confirm.
The problem here is we're failing to use RBF.
As I have suggested before, the correct way to do pre-signed transactions i=
s to
pre-sign enough *different* transactions to cover all reasonable needs for
bumping fees. Even if you just increase the fee by 2x each time, pre-signin=
g 10
different replacement transactions covers a fee range of 1024x. And you
obviously can improve on this by increasing the multiplier towards the end =
of
the range.
Increasing per-tx (temporary) storage and bandwidth costs by ~10x or even ~=
100x
is not a big deal in the context of a highly scalable protocol like Lightni=
ng.
There is zero reason why the B->C transactions should be getting stuck. Thi=
s is
a major failing of the Lightning protocol that should be fixed. And of cour=
se,
this fix should be applied to other aspects of the lightning protocol, such=
as
channel opens, etc.
--=20
https://petertodd.org 'peter'[:-1]@petertodd.org
--+mk2Sy32npezIUMt
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmUyVtcACgkQLly11TVR
LzeQQA//XLxel/DWTNtDGuounMdKVYginnE2REUq9EUgEqqH9dsQhnY4jLZLIfRQ
vQlCyKOnZ2Fye+4mhh7vDs/yCp3oGxQ+JL1rU4Dq4GO3A6i7lWuJs+G+xcsDRYjN
JLjUVGCnvczqn1S8jfNbX9mndN3mXnBFGbO2plEcQR/GnEJ1QL9DSjZFO8Z7186+
r34Nc2Mpdp5R/tl6w1GlR03Uhg/xXw9PHykMPmFUjH0LNL+Z+tJepEQZ6DzRcLuc
gWU7kC8tqDRfDcfY6+A5d/xh3tpaJwnVhWbaet0WYk7nU/VVlStdHQrwCJjThzL5
8N99cK4UgSugDwwEQCMdSkBqcJ/UuPSheDs826cMfzEO/bu+SBm7I8HWennT6LVC
kDMNQJtrEv+hsZmEfy9/g/XlUDt70lHn+vQmk/C7xtzrfR4qHwMbw22lGWY403uM
9aQW80zPtsndnvfzw1+z3upVF0h6DEuv+PVjK6o9qv/oDglK/+kSY0GtyRgqT1Ki
YbaMBZTUPpjxbineGKjCMGvDOtapP1FsNfaIFCVtiq+AYwfJpgoL9ca+FI9YXIe9
G6RliZzPLN6USCpCWRI4CEcpmS9h6zYCof7kZYhoRtuOlhQRIckqzqlpgvwZ7B1d
OJYlDVJsavH+ywT9TUW+f/B6afzkJ+pZ5eetlAFT175GpMeCxqs=
=l1vV
-----END PGP SIGNATURE-----
--+mk2Sy32npezIUMt--
|
