[Lightning-dev] Full Disclosure: CVE-2021-41591/ CVE-2021-41592 / CVE-2021-41593 "Dust HTLC Exposure Considered Harmful"
Antoine Riard
antoine.riard at gmail.com
Mon Oct 4 16:14:20 UTC 2021
> The "dust limit" is arbitrarily decided by each node, and cannot be
relied
upon for security at all. Expecting it to be a given default value is in
itself a security vulnerability
Reality is that an increasing number of funds are secured by assumptions
around mempool behavior.
And sadly that's going to increase with Lightning growth and deployment of
other L2s.
Maybe we could dry-up some policy rules in consensus like the dust limit
one :)
Le lun. 4 oct. 2021 à 11:57, Luke Dashjr <luke at dashjr.org> a écrit :
> On Monday 04 October 2021 15:09:28 Antoine Riard wrote:
> > Still during August 2021, the Bitcoin Core dust limit was actively
> > discussed on the mailing list. Changes of this dust limit would have
> > affected the ongoing development of the mitigations.
>
> The "dust limit" is arbitrarily decided by each node, and cannot be relied
> upon for security at all. Expecting it to be a given default value is in
> itself a security vulnerability.
>
>
> P.S. It'd be nice if someone familiar with these could fill in
> https://en.bitcoin.it/wiki/CVEs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20211004/4f3f6154/attachment-0001.html>
More information about the Lightning-dev
mailing list