From pete at petertodd.org Sat Oct 21 00:15:21 2023 From: pete at petertodd.org (Peter Todd) Date: Sat, 21 Oct 2023 00:15:21 +0000 Subject: [Lightning-dev] [bitcoin-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us" In-Reply-To: <1a84a36c-ec23-43b5-9a61-1aafdc188892@mattcorallo.com> References: <64VpLnXQLbeoc895Z9aR7C1CfH6IFxPFDrk0om-md1eqvdMczLSnhwH29T6EWCXgiGQiRqQnAYsezbvNvoPCdcfvCvp__Y8BA1ow5UwY2yQ=@protonmail.com> <1a84a36c-ec23-43b5-9a61-1aafdc188892@mattcorallo.com> Message-ID: On Fri, Oct 20, 2023 at 05:05:48PM -0400, Matt Corallo wrote: > Sadly this only is really viable for pre-anchor channels. With anchor > channels the attack can be performed by either side of the closure, as the > HTLCs are now, at max, only signed SIGHASH_SINGLE|ANYONECANPAY, allowing you > to add more inputs and perform this attack even as the broadcaster. > > I don't think its really viable to walk that change back to fix this, as it > also fixed plenty of other issues with channel usability and important > edge-cases. What are anchor outputs used for other than increasing fees? Because if we've pre-signed the full fee range, there is simply no need for anchor outputs. Under any circumstance we can broadcast a transaction with a sufficiently high fee to get mined. -- https://petertodd.org 'peter'[:-1]@petertodd.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: