Author: Antoine Riard 2021-05-12 13:19:37
Published on: 2021-05-12T13:19:37+00:00
Unfortunately, the provided context is incomplete and lacks sufficient information to generate a detailed summary. It appears to mention a defect in Bitcoin Core BIP 125 logic that has minor security and operational implications for downstream projects. The Bip 125 specification describes signalling mechanisms that allow transactions to be replaced if they signal replaceability explicitly or through inheritance. However, there is an unconfirmed child transaction with nSequence = 0xff_ff_ff_ff spending an unconfirmed parent with nSequence as the child transaction signals "through inheritance," but Core's mempool rejects replacement attempts of an unconfirmed child transaction. The defect has not been patched yet.Downstream projects, including LN, Onchain DLC/Coinswap/Vault, Coinjoin/Cut-Through, and Simple wallets are affected by this defect. LN nodes operators concerned by this defect might favor anchor outputs channels, fully mitigating this specific pinning vector. Those contract protocols have also multiple stages of execution with time-sensitive transactions opening the way to pinning attacks. Coinjoin/Cut-Through: if CPFP is employed as a fee-bumping strategy, if the coinjoin transaction is still laying in network mempools, if a fee-bumping output is spendable by any protocol participant, this fee-bumping mechanism might be halted by a malicious protocol participant broadcasting an opt-out child.According to bip125, if the coinjoin parent tx signals replaceability, the child transaction should be replaceable, whatever its signaling. However, Core doesn't apply this policy. RBF of the coinjoin transaction itself should be used as a fallback. There is a lack of an established policy for coordinated security disclosures between a base layer implementation and its downstream projects. The lack of a clear methodology to identify downstream projects affected by a transaction relay policy wreckage. Finally, security implications for downstream projects provoked by base layer issues shouldn't be minimized as they do have a risk of windblow on base layer operations.A defect was disclosed to the LN projects maintainers, informing them that currently in deployment anchor outputs protocol upgrade was mitigating against this defect though old channels will stay vulnerable. It is important to note that without access to the full content of the post on the Lightning-Dev mailing list, it is impossible to provide a comprehensive summary.
Updated on: 2023-06-14T20:43:13.826121+00:00