Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id A271EC0032 for ; Fri, 20 Oct 2023 10:47:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 70DB04ECDD for ; Fri, 20 Oct 2023 10:47:45 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 70DB04ECDD Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm3 header.b=v9Jv3tPp X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K5QQ8IuOn-Bw for ; Fri, 20 Oct 2023 10:47:44 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by smtp4.osuosl.org (Postfix) with ESMTPS id 70C164ECAB for ; Fri, 20 Oct 2023 10:47:44 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 70C164ECAB Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 6AE0B32009CA; Fri, 20 Oct 2023 06:47:43 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Fri, 20 Oct 2023 06:47:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1697798862; x=1697885262; bh=PqTrfDRs/Av5b uO1TsOOCM8RBjNhVi1PvfxqIkR0tQA=; b=v9Jv3tPpgsxNd8ZucD4QkgwE86iaP 50h98S4ydzMYNEiKq2L7kveKaXsIdpl/+ugVQ6LnNCpabqwCpOgQ0OR2ZiHK0Iz1 CSRYjav4UJx6RgDUYj8DHs6cuGIj0LotKAjXfWx6TN9f83dj9sZkb7j5VP5wQhfb LEHU3La27Uc6DwNWzdG8OzBykLZyssh3VDoc2Tp77dD+tAW2S5bFKE7dV4cMlrQh wfYfvTv1VlmBAWnKHRKcHATEr8MWbhoaEkFZtSv+bEBfYWdnYhXq/7n05YzYFqtA 69HWjgVw56e4/Pol97IgyuOo9Jmw81Xkn376imJA45tWST0P7lNxhVeDA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjeekgdefudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrvghtvghr ucfvohguugcuoehpvghtvgesphgvthgvrhhtohguugdrohhrgheqnecuggftrfgrthhtvg hrnhepledvleelffdtudekudffjefgfeejueehieelfedtgfetudetgeegveeutefhjedt necuffhomhgrihhnpehpvghtvghrthhouggurdhorhhgnecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepphgvthgvsehpvghtvghrthhouggurdho rhhg X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 20 Oct 2023 06:47:42 -0400 (EDT) Received: by localhost (Postfix, from userid 1000) id 93F435F844; Fri, 20 Oct 2023 10:47:38 +0000 (UTC) Date: Fri, 20 Oct 2023 10:47:38 +0000 From: Peter Todd To: Antoine Riard Message-ID: References: <7ED2BCD8-BAE3-48E3-9749-A396F3724B6E@petertodd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="OeoqGIql4O7ZPeiE" Content-Disposition: inline In-Reply-To: Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us" X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2023 10:47:45 -0000 --OeoqGIql4O7ZPeiE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 17, 2023 at 02:11:20AM +0100, Antoine Riard wrote: > > I think if you want people to understand this exploit, you need to > explain in more detail how we have a situation where two different parties > can spend the same HTLC txout, without the first party having the right to > spend it via their knowledge of the HTLC-preimage. >=20 > If I'm correctly understanding your question, you're asking why we have a > situation where the spend of a HTLC output can be in competition between 2 > channel counterparties. No, you are not correctly understanding it. It's obvious that an HTLC output can be in competition between 2 different parties. Obviously, the HTLC-preimage doesn't expire. The problem is you haven't explained why the party with the HTLC pre-image should not *remain*= the party with the *right* to spend that output, even after the timeout branch becomes another possible way to spend it. > LN commitment transactions have offered HTLC outputs where a counterparty > Alice is pledging to her other counterparty Caroll the HTLC amount in > exchange of a preimage (and Caroll signature). >=20 > After the expiration of the HTLC timelock, if the HTLC has not been claim= ed > on-chain by Caroll, Alice can claim it back with her signature (and the > pre-exchanged Caroll signature). >=20 > The exploit works actually in Caroll leveraging her HTLC-preimage > transaction as a replace-by-fee of Alice's HTLC-timeout _after_ the > expiration of the timelock, the HTLC-preimage transaction staying consens= us > valid. That's precisely my point re: you not properly explaining the problem. If Caroll has the HTLC-preimage, she has the right to spend it. You need to explain why her right to spend that HTLC-preimage output should expire. If anything, the way you've explained it sounds like Bob has stolen the out= put =66rom Caroll by virtue of the fact that Caroll wasn't able to spend the HTLC-preimage output in time. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --OeoqGIql4O7ZPeiE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmUyWsgACgkQLly11TVR LzeTig//RWsawPzHRXmJnHmQxY2T9zj7TBpWjvys7E8Si0N62gWhLgwCeeRX4Acq N9zkhyVDJulrbVIcD20gKM9PqetswtmdtkD15w6zeptok3A9VrQWIMnLvEpDtfk+ 1jdII6IdbvuGSpMz0O2aSFSK4rDZlv39XXma3yPPnJWEAZFXvHQL1MPmtU9BjEHd vQS0R/wjmu+3v+3z122L4h76jfoj5ebZPJklzqEcUX8lORIROxrU3HYGsIDAnpa9 P1ytmJO5/h+Wmrhgo1pdAv5IAipwKcyCQZwnfaWoCDN2anAzsOnEECCEfhMMjUyB ktQRe89ZtCM8ZICEOC7xiBZ1L/a4PVJ/V0FHlXskme30eIJwQUYeP4sutAqZchnk +HCu163JWE5XXWd3+bkkzgRqlcISpdGHiu2+Za4pC8QOaDxRuG13dIOJypi/LyK7 hTxTTqmX/drNqOYO/b35qZUYC+/PTXW47zz19SdtQL9KX8RCaVlBFnw+/uHPbYFF yY5Ao2D+iebgWvjzc8BPFQjCuutsohn0Iu/0OTIuKa5O+mHXDfS26kT/1F5Ghiwk sVn7CQ2cY0k/cxKz1+H80sFJZtauuY0V9h/8viE9MMkcvO/zoCjDZIsKJM2AntVw P1kRQAAz7Jin8xknajNHjCQlQOkcJHNhRoLUyX8xBgCl2ZjL4H0= =Hb9N -----END PGP SIGNATURE----- --OeoqGIql4O7ZPeiE--