Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: chainId as part of signatures #174

Closed
Ivshti opened this issue Apr 8, 2022 · 1 comment · May be fixed by #202
Closed

Security: chainId as part of signatures #174

Ivshti opened this issue Apr 8, 2022 · 1 comment · May be fixed by #202
Labels
security

Comments

@Ivshti
Copy link
Member

Ivshti commented Apr 8, 2022
edited
Loading

Problem

Currently, we do not hash the chainId as part of the signable hash for the balance tree. As a result, if we have the same OUTPACE address and channel ID (hash) across two chains, replay attacks are possible

Solution

Hash the chainId together with hashToSign OR as part of the channelId, whichever is cheaper

Timeline

This has to be solved BEFORE we deploy Ambire AdEx to two separate chains
@Ivshti Ivshti added the security label Apr 8, 2022
@Ivshti
Copy link
Member Author

Ivshti commented Apr 29, 2024

solved, will be added

@Ivshti Ivshti closed this as completed Apr 29, 2024
@Ivshti Ivshti mentioned this issue Apr 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add chainId for security purposes AmbireTech/adex-protocol-eth
1 participant
@Ivshti