On 10/16/23, Matt Morehouse via bitcoin-dev <[email protected]> wrote: > On Mon, Oct 16, 2023 at 7:21 PM Peter Todd via bitcoin-dev > <[email protected]> wrote: >> I think if you want people to understand this exploit, you need to explain >> in more detail how we have a situation where two different parties can >> spend the same HTLC txout, without the first party having the right to >> spend it via their knowledge of the HTLC-preimage. > > The two main ways of spending an "offered" HTLC txout: > 1) With a presigned multisig covenant transaction paying to the > offerer (a.k.a HTLC-timeout transaction) > 2) With a preimage and the receiver's signature > > Since option 1 uses a presigned covenant held by the offerer, only the > offerer can spend via that path. > Since option 2 requires the receiver's signature, only the receiver > can spend via that path. > > The exact script used is here: > https://github.com/lightning/bolts/blob/master/03-transactions.md#offered-htlc-outputs. > _______________________________________________ > bitcoin-dev mailing list > [email protected] > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >
Re: [bitcoin-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Undescribed Horrific Abuse, One Victim & Survivor of Many Fri, 20 Oct 2023 14:28:33 -0700
- Re: [bitcoin... Undescribed Horrific Abuse, One Victim & Survivor of Many
- Re: [bi... Undescribed Horrific Abuse, One Victim & Survivor of Many
