Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 5DE15C0032; Sat, 21 Oct 2023 01:04:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 227E94EFA1; Sat, 21 Oct 2023 01:04:01 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 227E94EFA1 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=mattcorallo.com header.i=@mattcorallo.com header.a=rsa-sha256 header.s=1697848862 header.b=apCw4EtA; dkim=pass (2048-bit key) header.d=clients.mail.as397444.net header.i=@clients.mail.as397444.net header.a=rsa-sha256 header.s=1697848864 header.b=g2porrsX X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aiZdx9RZcCBD; Sat, 21 Oct 2023 01:03:56 +0000 (UTC) Received: from mail.as397444.net (mail.as397444.net [69.59.18.99]) by smtp4.osuosl.org (Postfix) with ESMTPS id 6CDB94EF69; Sat, 21 Oct 2023 01:03:54 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 6CDB94EF69 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mattcorallo.com; s=1697848862; h=In-Reply-To:From:References:Cc:To:Subject: From:Subject:To:Cc:Reply-To; bh=QaGU1HIC7XKSQ0YHmfAvF4ZkeUPlTDB/qrVO/UQCnhM=; b=apCw4EtAmnkgbBwgLCqIeFMn+Zmb1eMvoOXrx+ohj/+gQ+IC0Kuu8Bi9RkF4HzMdMRn0LM2eSLb 4JVIWgFgRVk9Q/zLjNq1mgRsQxFaxcVzM0YXx5L8+xRI0me0bRo+KENoXAiOZLSmxPjvzqhOiJIfn zX40HJyiabJD1pnKDg0jSIWCpP2rsKpUyUnBjkMchdjko+95t7vo9Q80hL/wAgYddUxt49XlEDMcA 80Tbzyr61KRspTebtt1ACYxAQDKfq/DNO3vclwVhgImavXmymTLOAHm55X7n/E/sZ1uTH+91scHJR fj1txaRGta92LHxzTH+Xe1aPlHmr4rrtahUg==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=clients.mail.as397444.net; s=1697848864; h=In-Reply-To:From:References:Cc: To:Subject:From:Subject:To:Cc:Reply-To; bh=QaGU1HIC7XKSQ0YHmfAvF4ZkeUPlTDB/qrVO/UQCnhM=; b=g2porrsXxV67ZEPOSNEhMNn8oy YwKUS66HyyqXM7vXvOX8assYom553FxkUHTbUDX2E0rdC5LHimd+IHX5mE6CN2zd54X0eRgt/Xonb K0SCRzakmftK8CU/ZHgdv9W69K8uBhib6PGiaw1EK5+qeO90VSbcWPCaj9XEXZhQMYg5XizW6Kd+b Vxj+kPbVMi3y1uGfY3p6h80DNqggggKfiWihfMxPt2aE+opigkeMSrjSdKfPln6z3jwdPhIkN+xp3 QrWZh3IKRIw85DMe5N0QAumAyBiBdkmvLZaVmUDWiokv5RarxVTopjSTQgqqjCGxEqEF3+zsVbxfC Z7nhBEMA==; X-DKIM-Note: Keys used to sign are likely public at X-DKIM-Note: https://as397444.net/dkim/mattcorallo.com and X-DKIM-Note: https://as397444.net/dkim/clients.mail.as397444.net X-DKIM-Note: For more info, see https://as397444.net/dkim/ Received: by mail.as397444.net with esmtpsa (TLS1.3) (Exim) (envelope-from ) id 1qu0P8-001YJs-2l; Sat, 21 Oct 2023 01:03:50 +0000 Message-ID: <24a18bdd-eef6-4f96-b8a5-05f64130a5c5@mattcorallo.com> Date: Fri, 20 Oct 2023 21:03:49 -0400 MIME-Version: 1.0 Content-Language: en-US To: Peter Todd References: <64VpLnXQLbeoc895Z9aR7C1CfH6IFxPFDrk0om-md1eqvdMczLSnhwH29T6EWCXgiGQiRqQnAYsezbvNvoPCdcfvCvp__Y8BA1ow5UwY2yQ=@protonmail.com> <1a84a36c-ec23-43b5-9a61-1aafdc188892@mattcorallo.com> From: Matt Corallo In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Bitcoin Protocol Discussion , security@ariard.me, "lightning-dev\\\\\\\\\\\\\\\\@lists.linuxfoundation.org" Subject: Re: [bitcoin-dev] [Lightning-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us" X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Oct 2023 01:04:01 -0000 On 10/20/23 8:15 PM, Peter Todd wrote: > On Fri, Oct 20, 2023 at 05:05:48PM -0400, Matt Corallo wrote: >> Sadly this only is really viable for pre-anchor channels. With anchor >> channels the attack can be performed by either side of the closure, as the >> HTLCs are now, at max, only signed SIGHASH_SINGLE|ANYONECANPAY, allowing you >> to add more inputs and perform this attack even as the broadcaster. >> >> I don't think its really viable to walk that change back to fix this, as it >> also fixed plenty of other issues with channel usability and important >> edge-cases. > > What are anchor outputs used for other than increasing fees? > > Because if we've pre-signed the full fee range, there is simply no need for > anchor outputs. Under any circumstance we can broadcast a transaction with a > sufficiently high fee to get mined. Indeed, that is what anchor outputs are for. Removing the pre-set feerate solved a number of issues with edge-cases and helped address the fee-inflation attack. Now, just using pre-signed transactions doesn't have to re-introduce those issues - as long as the broadcaster gets to pick which of the possible transactions they broadcast its just another transaction of theirs. Still, I'm generally really dubious of the multiple pre-signed transaction thing, (a) it would mean more fee overhead (not the end of the world for a force-closure, but it sucks to have all these individual transactions rolling around and be unable to batch), but more importantly (b) its a bunch of overhead to keep track of a ton of variants across a sufficiently granular set of feerates for it to not result in substantially overspending on fees. Like I mentioned in the previous mail, this is really a policy bug - we're talking about a transaction pattern that might well happen where miners aren't getting the optimal value in transaction fees (potentially by a good bit). This needs to be fixed at the policy/Bitcoin Core layer, not in the lightning world (as much as its pretty resource-intensive to fix in the policy domain, I think). Matt