05/35850ed7bebc3c6013be8c83b0d8327f865387


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

Delivery-date: Tue, 17 Jun 2025 20:05:29 -0700
Received: from mail-qk1-f183.google.com ([209.85.222.183])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBDZ3NVEJ5UFBB36ZZDBAMGQEPYFPSUQ@googlegroups.com>)
	id 1uRj7B-0003bU-8T
	for bitcoindev@gnusha.org; Tue, 17 Jun 2025 20:05:29 -0700
Received: by mail-qk1-f183.google.com with SMTP id af79cd13be357-7d38f565974sf63293985a.1
        for <bitcoindev@gnusha.org>; Tue, 17 Jun 2025 20:05:29 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1750215923; cv=pass;
        d=google.com; s=arc-20240605;
        b=Br7hl2v0damU4achDmUX8pCNsU0mduaW6WIH4k+/XvrzIN0BK4VsW84JvqUI7l+Egf
         WZQ9TVIO1hxom9HBebQ3ALOgexjZQoPKxczoaWkb9pvdR/1XisXHru+x+zHPAVu95I1+
         9nXe3T/MFjqArkyLWNfvrLg/gXqNr8yh88N1rFXP7Z3+A5ml2dvZy8sdZZOJQ0bg/5cl
         q8KESLbohfAu/CVTd3pTo8Ogf1EZw1tI4r4cVQKDwf++ezi3o8aZcHqaPw0vgamFFebc
         dOwspUHKIHImF7KetvJGPQzWk+Ho0Wsc8GmnV1X98byJ5JY+lBkKogEBHql8ne+vagwO
         rQbA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:message-id:references:in-reply-to
         :subject:cc:to:from:date:mime-version:sender:dkim-signature;
        bh=j7kSghD1ysjVVCxdiYMCGude58MFcMdgmpRBNdRhAxM=;
        fh=BvHIUfo7ABtpXaC1m5Efv1Lmi3Tt3ZuodCN1ZzedXMw=;
        b=DPMg5H+wTuy3C0YB+UOmmGZuSvyQkNiqz/Sg4eQOhkMRRm0ap1le5y+KpA123diRGl
         TpKAat15Ey84VLt3B5TvK96wiMB3mYEFwq3esWjA+V6Oznr5szu1uV970hAYSlRtQM2m
         D3eI++i32dr1yMI9lM6sbTpDmZybSBv/xJn5k01QIe1t55mkoS9QllXCmh5g1X/zrys0
         RzmN6XW54GgiUnqOVhP4TqlWWjxywJNNAsDKOhYxmTKmyx8DHhGsBkExtyJnT0+fjHvf
         oQeQJCkdZ3JI6NjnmDelNwUj9qUQxx32/eMbkflF9ea5PZNFBkuyv7/IsSCew+VhjJWi
         iBMw==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       spf=pass (google.com: domain of dave@dtrt.org designates 2607:fe70:0:3::d as permitted sender) smtp.mailfrom=dave@dtrt.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1750215923; x=1750820723; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:message-id:references:in-reply-to:subject:cc:to
         :from:date:mime-version:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=j7kSghD1ysjVVCxdiYMCGude58MFcMdgmpRBNdRhAxM=;
        b=oo0WICE30Tloq0Ll4axA7XMiVsLf6F6Yvg91OT1K66SANgSleo0pG6VkGo1Xv0zver
         BZd6f+xvbK2ruMHXeGC3OhuXdpaaCvD2VLbBOyrdzTsHo8e6yMMYH8hzXsjzzmoo+fpA
         JIyRphWCpTgM8/LHrle6yYiPe+rhCw3mU++lzmq66qtgsRZFBoM77GNxnYvCFyAfo54F
         K4Hr5rEImnOnWDl7wZWVQn1oyjjpOG6vZsFopB61MfUkdM0yjfvXWEdy+7thUqRjwteY
         SAG1boLjWAakmyq7hG21rjjjd13o1RzrlJG9k7rTLYZtuXADRlLmXJuBhwJFucJv6oo+
         ZNow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750215923; x=1750820723;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:message-id:references:in-reply-to:subject:cc:to
         :from:date:mime-version:x-beenthere:x-gm-message-state:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=j7kSghD1ysjVVCxdiYMCGude58MFcMdgmpRBNdRhAxM=;
        b=ZL+zGLdU9ExlabIVRgmfNX9JMP/y3aj7IoEtl0XxOZPczsjFDZ4f3hzqehtc8hxcaF
         43uwJNgh1XTT6I4V81P78EtGDNWRcVgFDoHI2cqj/17uqFGHDQJuits9Gl7lljOLTCMP
         iYz2GC9pnc/skPMrGt8U3cwGwzLG4IMATBZnZn0qiZZFn2eDdH0S+S2wxsuDNZHxGSI+
         5taz6EU+ELwbZ0NYKsUTQ40wlNR6rN6YvSdwGmtEk2D2Nkt1bTXbdE/aE9GGamUOnGb3
         NBTTB2cCsj2D/of0KAlJajc3ENEq7LYwFQSZhgeEiAWiU9L4tKTjZUDpvaCskJ0CQFIs
         SOMw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVpnL1x97U5tkiF5APTCZXRv8KJZHz3ci5PKb3U9E8CtJotrrMOyOXGKw5YxkwzP9u142SPr9p027lQ@gnusha.org
X-Gm-Message-State: AOJu0YyIWUEkAu4SiEa4nnXTE/WMoIuY5xpbubwSi86DAeJEbS2dYoSe
	CFS4TnMt7t1nh+Lhn+nrklDr+OmzNsMydcA0E7hrDIjh6KKGasdz/BI8
X-Google-Smtp-Source: AGHT+IEPO1bAV7uc4QaRQKH4uCoRMvE/I6Vakp4F5DrCusRxrvAZaDWjMPMg2jkwM7EZJZcyPZhX+g==
X-Received: by 2002:a05:620a:244a:b0:7ce:ed0e:423c with SMTP id af79cd13be357-7d3e93d7cdfmr156456485a.9.1750215922987;
        Tue, 17 Jun 2025 20:05:22 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZe2KO5N1PyfcTtgvF9GbEWAP4Okr4uhdC0K+uJCYiauTQ==
Received: by 2002:a05:6214:20ab:b0:6fa:fb8f:7fd7 with SMTP id
 6a1803df08f44-6fb35570a3cls127566516d6.2.-pod-prod-00-us; Tue, 17 Jun 2025
 20:05:19 -0700 (PDT)
X-Received: by 2002:a05:620a:440a:b0:7d2:26b4:66d2 with SMTP id af79cd13be357-7d3e943f0aamr126078985a.22.1750215919610;
        Tue, 17 Jun 2025 20:05:19 -0700 (PDT)
Received: by 2002:a05:620a:34b:b0:7c5:50d5:7703 with SMTP id af79cd13be357-7d3dff56090ms85a;
        Tue, 17 Jun 2025 19:17:00 -0700 (PDT)
X-Received: by 2002:a05:620a:2612:b0:7c5:d71c:6a47 with SMTP id af79cd13be357-7d3e9345eebmr149263585a.8.1750213019929;
        Tue, 17 Jun 2025 19:16:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1750213019; cv=none;
        d=google.com; s=arc-20240605;
        b=jpMT8SlQ1biFoFjFEYKov1VVXpI9FHgVwDj1RBCto26xOsR3Zjk0QOWicteLCCXZsJ
         LXiBa2aUq0ByGSrBqj7zBiXIfzgCSvF1zu5WaOc62TvwyJnGfZZXa6chTjF7UDKjU0nw
         MLJcK2xInZwxQ7QdueaX2gV5SptJn8FyxiV+/OdxbHaO7tHX+4k6yQ5OQL1iqeH5Ekrn
         1rpT645rY0s7U+z+enUdXugyJgiGuZx44eaJOM4yG5UMa6xMQ4WaECbfbcP1s5LSzUHx
         owCMJokECL7/XxPU/xbC1jBiYmt6M65dukcJadadh+0CYl1OyuZIlA75CHDF5cAYnfSd
         Gc7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:message-id:references:in-reply-to:subject
         :cc:to:from:date:mime-version;
        bh=psgDJ5r6fFOEXQC74+dvaqD8kv/NJ4UpVn+MCYMdRic=;
        fh=sapDHqhE46zLmMBeB1lkoe0zq8J9+V3Afx71/j8kvug=;
        b=LBpl6tF7SYR2xQNXSJ66xGTyxIE8i2MFlrVJAMFLf/rA2gjb/WQPAUnFOK9qwNHAwF
         hRPtRZMELN+AFiNVsxEWLgkOYzkHCmV1KDBi1EKKxStGed44CUiXyYf6j26h3CqBlTtc
         6MHjZB1fuBGrBwdhS3/DxBG3dWTYewX9tDramfKOOSsffqOUhjt/6ociTpbsAWfBv7JC
         KqpAhCoUh1MACx/uxhsDqwyFrAAmqCrwDPSAYnAHpZDoVUEfzQ0GUO+flBo68WaaX80T
         +ydEvU/qvciG64lkzWBzbaK4XwPku0DiQrGpQWftdzAh02j3n4WdONV0z9IAUx6w6JwW
         ulvg==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of dave@dtrt.org designates 2607:fe70:0:3::d as permitted sender) smtp.mailfrom=dave@dtrt.org
Received: from smtpauth.rollernet.us (smtpauth.rollernet.us. [2607:fe70:0:3::d])
        by gmr-mx.google.com with ESMTPS id af79cd13be357-7d3b8eb9b98si60636485a.7.2025.06.17.19.16.59
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 17 Jun 2025 19:16:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of dave@dtrt.org designates 2607:fe70:0:3::d as permitted sender) client-ip=2607:fe70:0:3::d;
Received: from smtpauth.rollernet.us (localhost [127.0.0.1])
	by smtpauth.rollernet.us (Postfix) with ESMTP id 4CF1E2800056;
	Tue, 17 Jun 2025 19:16:57 -0700 (PDT)
Received: from webmail.rollernet.us (webmail.rollernet.us [IPv6:2607:fe70:0:14::a])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(Client did not present a certificate)
	by smtpauth.rollernet.us (Postfix) with ESMTPSA;
	Tue, 17 Jun 2025 19:16:56 -0700 (PDT)
MIME-Version: 1.0
Date: Tue, 17 Jun 2025 16:16:56 -1000
From: "David A. Harding" <dave@dtrt.org>
To: Antoine Riard <antoine.riard@gmail.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Full-Disclosure: CVE-2025-27586 "No Santa Claus
 under the Lightning Sun"
In-Reply-To: <fe76185f-8d9c-41b2-ab15-117d7787a204n@googlegroups.com>
References: <fe76185f-8d9c-41b2-ab15-117d7787a204n@googlegroups.com>
Message-ID: <1b4a4871c6531da5a7fdcf67cd218848@dtrt.org>
X-Sender: dave@dtrt.org
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Rollernet-Abuse: mailto:abuse@rollernet.us https://www.rollernet.us/policy
X-Rollernet-Submit: Submit ID 7185.68522198.d6a75.0
X-Original-Sender: dave@dtrt.org
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
 (google.com: domain of dave@dtrt.org designates 2607:fe70:0:3::d as permitted
 sender) smtp.mailfrom=dave@dtrt.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.3 (/)

On 2025-06-12 09:03, Antoine Riard wrote:
> This class of attacks dubbed "fee-bumping reserves exhaustion attacks"
> [...]
> ## Timeline
> 
> - 2022-07-11: Report of the finding to XXX, Bastien Teinturier
> (Eclair), Lisa Neigut

Hi Antoine,

I read your post twice but everything in it seems obvious.  What am I 
missing?  It's obvious that (1) exogenous fee bumping requires keeping 
an independent reserve of sufficient funds and (2) that the amount of 
the reserve can vary depending on transaction size and prevalent 
feerates.  The earliest description of that problem I found is from more 
than a year before your report ( 
https://github.com/lightningnetwork/lnd/pull/4908 ), but I suspect I 
could find other even earlier discussion if I looked harder.

Is there more to this vulnerability report that I'm missing?

Thanks,

-Dave

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/1b4a4871c6531da5a7fdcf67cd218848%40dtrt.org.