Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 02A97C0032; Fri, 20 Oct 2023 10:40:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id CBEED8480B; Fri, 20 Oct 2023 10:40:50 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org CBEED8480B Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm3 header.b=iOvRbJYG X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jevWVKBXrt7j; Fri, 20 Oct 2023 10:40:49 +0000 (UTC) X-Greylist: delayed 573 seconds by postgrey-1.37 at util1.osuosl.org; Fri, 20 Oct 2023 10:40:48 UTC DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org EB05C847F7 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by smtp1.osuosl.org (Postfix) with ESMTPS id EB05C847F7; Fri, 20 Oct 2023 10:40:48 +0000 (UTC) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 786B93200980; Fri, 20 Oct 2023 06:31:09 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Fri, 20 Oct 2023 06:31:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1697797868; x=1697884268; bh=DN6RdQAlPAzkK XKo2MwNX4NKW6hJVKfU4ZUqL6FnQg0=; b=iOvRbJYGyG/UTErh6W7A8OAqZteRu rWP9pQiu/RY01fwdk2uMk5IzKvbTjDZti2YS0JTPukDpiEh5JhoiFcw8gGG8/B6Q q+0V+FxFasGToPtcMsvTz7pZE/OvLDRPddKI4R7DQapbHqYqSQ8r7KnkuWCjl3w0 kM9bJYQqmWCMjK5DoogI9xujBogxvNFmBfjwptE4Eqem1JHHSOmmEDkfGBQv8R8s sA9+9O85ThW+93fBa4qiOqka9xLuu9LUguCyy1Imn5SrkEIHRvRuRTTCbchDwtM6 k0FK0ZVgiJJEXlHegMVbpJTAmjnVNLdmxKNTztoLC2XunC1+CLfIKuJyA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjeekgddvkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrvghtvghr ucfvohguugcuoehpvghtvgesphgvthgvrhhtohguugdrohhrgheqnecuggftrfgrthhtvg hrnhepledvleelffdtudekudffjefgfeejueehieelfedtgfetudetgeegveeutefhjedt necuffhomhgrihhnpehpvghtvghrthhouggurdhorhhgnecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepphgvthgvsehpvghtvghrthhouggurdho rhhg X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 20 Oct 2023 06:31:08 -0400 (EDT) Received: by localhost (Postfix, from userid 1000) id 9BDCC5F844; Fri, 20 Oct 2023 10:31:03 +0000 (UTC) Date: Fri, 20 Oct 2023 10:31:03 +0000 From: Peter Todd To: ZmnSCPxj , Bitcoin Protocol Discussion Message-ID: References: <64VpLnXQLbeoc895Z9aR7C1CfH6IFxPFDrk0om-md1eqvdMczLSnhwH29T6EWCXgiGQiRqQnAYsezbvNvoPCdcfvCvp__Y8BA1ow5UwY2yQ=@protonmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="+mk2Sy32npezIUMt" Content-Disposition: inline In-Reply-To: <64VpLnXQLbeoc895Z9aR7C1CfH6IFxPFDrk0om-md1eqvdMczLSnhwH29T6EWCXgiGQiRqQnAYsezbvNvoPCdcfvCvp__Y8BA1ow5UwY2yQ=@protonmail.com> Cc: security@ariard.me, "lightning-dev\\\\\\\\\\\\\\\\@lists.linuxfoundation.org" Subject: Re: [bitcoin-dev] [Lightning-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us" X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2023 10:40:51 -0000 --+mk2Sy32npezIUMt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 17, 2023 at 10:34:04AM +0000, ZmnSCPxj via bitcoin-dev wrote: > Good morning Antoine et al., >=20 > Let me try to rephrase the core of the attack. >=20 > There exists these nodes on the LN (letters `A`, `B`, and `C` are nodes, = `=3D=3D` are channels): >=20 > A =3D=3D=3D=3D=3D B =3D=3D=3D=3D=3D C >=20 > `A` routes `A->B->C`. >=20 > The timelocks, for example, could be: >=20 > A->B timeelock =3D 144 > B->C timelock =3D 100 >=20 > The above satisfies the LN BOLT requirements, as long as `B` has a `cltv_= expiry_delta` of 44 or lower. >=20 > After `B` forwards the HTLC `B->C`, C suddenly goes offline, and all the = signed transactions --- commitment transaction and HTLC-timeout transaction= s --- are "stuck" at the feerate at the time. > > At block height 100, `B` notices the `B->C` HTLC timelock is expired with= out `C` having claimed it, so `B` forces the `B=3D=3D=3D=3DC` channel oncha= in. > However, onchain feerates have risen and the commitment transaction and H= TLC-timeout transaction do not confirm. The problem here is we're failing to use RBF. As I have suggested before, the correct way to do pre-signed transactions i= s to pre-sign enough *different* transactions to cover all reasonable needs for bumping fees. Even if you just increase the fee by 2x each time, pre-signin= g 10 different replacement transactions covers a fee range of 1024x. And you obviously can improve on this by increasing the multiplier towards the end = of the range. Increasing per-tx (temporary) storage and bandwidth costs by ~10x or even ~= 100x is not a big deal in the context of a highly scalable protocol like Lightni= ng. There is zero reason why the B->C transactions should be getting stuck. Thi= s is a major failing of the Lightning protocol that should be fixed. And of cour= se, this fix should be applied to other aspects of the lightning protocol, such= as channel opens, etc. --=20 https://petertodd.org 'peter'[:-1]@petertodd.org --+mk2Sy32npezIUMt Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmUyVtcACgkQLly11TVR LzeQQA//XLxel/DWTNtDGuounMdKVYginnE2REUq9EUgEqqH9dsQhnY4jLZLIfRQ vQlCyKOnZ2Fye+4mhh7vDs/yCp3oGxQ+JL1rU4Dq4GO3A6i7lWuJs+G+xcsDRYjN JLjUVGCnvczqn1S8jfNbX9mndN3mXnBFGbO2plEcQR/GnEJ1QL9DSjZFO8Z7186+ r34Nc2Mpdp5R/tl6w1GlR03Uhg/xXw9PHykMPmFUjH0LNL+Z+tJepEQZ6DzRcLuc gWU7kC8tqDRfDcfY6+A5d/xh3tpaJwnVhWbaet0WYk7nU/VVlStdHQrwCJjThzL5 8N99cK4UgSugDwwEQCMdSkBqcJ/UuPSheDs826cMfzEO/bu+SBm7I8HWennT6LVC kDMNQJtrEv+hsZmEfy9/g/XlUDt70lHn+vQmk/C7xtzrfR4qHwMbw22lGWY403uM 9aQW80zPtsndnvfzw1+z3upVF0h6DEuv+PVjK6o9qv/oDglK/+kSY0GtyRgqT1Ki YbaMBZTUPpjxbineGKjCMGvDOtapP1FsNfaIFCVtiq+AYwfJpgoL9ca+FI9YXIe9 G6RliZzPLN6USCpCWRI4CEcpmS9h6zYCof7kZYhoRtuOlhQRIckqzqlpgvwZ7B1d OJYlDVJsavH+ywT9TUW+f/B6afzkJ+pZ5eetlAFT175GpMeCxqs= =l1vV -----END PGP SIGNATURE----- --+mk2Sy32npezIUMt--