pull down to refresh
111 sats \ 0 replies \ @om 23 Oct 2023 \ on: Can someone explain the recently-found LN security flaw in simple terms? bitcoin
There's a stupid mempool thing that if you have transactions X, Y and Z such that X conflicts with Y and Y conflicts with Z, then X could be ousted by Z even if they don't conflict. It goes like this: Y replaces X, then X is thrown out of mempool, then Z can replace Y.
In very specific circumstances this can be used maliciously to block somebody from posting a transaction. LN assumes that everybody is able to post a transaction within a certain time from the moment they desire to do so, but this assumption is invalidated by the attack.
In the specific case of LN, LN nodes can avoid the issue by scanning the mempool. But IMHO the mempool behaviour is the thing to fix.