On October 16, 2023 6:57:36 PM GMT+02:00, Antoine Riard via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>(cross-posting mempool issues identified are exposing lightning chan to
>loss of funds risks, other multi-party bitcoin apps might be affected)
>
>As the HTLC-preimage spends an unconfirmed input that was already included
>in the unconfirmed and unrelated child transaction (rule 2), pays an
>absolute higher fee of at least the sum paid by the HTLC-timeout and child
>transaction (rule 3) and the HTLC-preimage feerate is greater than all
>directly conflicting transactions (rule 6), the replacement is accepted.
>The honest HTLC-timeout is evicted out of the mempool.
I think if you want people to understand this exploit, you need to explain in
more detail how we have a situation where two different parties can spend the
same HTLC txout, without the first party having the right to spend it via their
knowledge of the HTLC-preimage.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
