Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(fat0): Add timestamp to sigs to prevent replays of txs that were …
…invalid due to insufficient balance Previously, if a fat0.Transaction is invalid solely due to insufficient balance, then it could be replayed at any point in the future when the balance was sufficient. We add a timestamp to the ExtIDs to salt the signatures. The timestamp must fall within +/- 12 hours of the timestamp of the entry containing the fat0.Transaction. This causes signatures to expire after some time, which is controllable by how far in the past the timestamp salt is chosen. Since the timestamp provides a sufficient number of options for a salt, the fat0.Transaction.Salt field was removed. Additionally all ExtID validation, which is shared by the fat0 types, is now deduplicated entirely by moving those member functions to the Entry type that Transaction and Issuance both embed.
- Loading branch information
Showing
4 changed files
with
179 additions
and
125 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
package fat0 | ||
|
||
import ( | ||
"encoding/json" | ||
"fmt" | ||
|
||
"github.com/Factom-Asset-Tokens/fatd/factom" | ||
) | ||
|
||
// AddressAmountMap relates the RCDHash of an address to its amount in a | ||
// Transaction. | ||
type AddressAmountMap map[factom.Bytes32]uint64 | ||
|
||
// AddressAmount is used to marshal and unmarshal the JSON representation of a | ||
// list of inputs or outputs in a Transaction. | ||
type AddressAmount struct { | ||
Address factom.Address `json:"address"` | ||
Amount uint64 `json:"amount"` | ||
} | ||
|
||
// UnmarshalJSON unmarshals a list of addresses and amounts used in the inputs | ||
// or outputs of a transaction. Duplicate addresses or addresses with a 0 | ||
// amount cause an error. | ||
func (a *AddressAmountMap) UnmarshalJSON(data []byte) error { | ||
aam := make(AddressAmountMap) | ||
var aaS []AddressAmount | ||
if err := json.Unmarshal(data, &aaS); err != nil { | ||
return err | ||
} | ||
for _, aa := range aaS { | ||
if aa.Amount == 0 { | ||
return fmt.Errorf("invalid amount (0) for address: %v", aa.Address) | ||
} | ||
if _, duplicate := aam[aa.Address.RCDHash()]; duplicate { | ||
return fmt.Errorf("duplicate address: %v", aa.Address) | ||
} | ||
aam[aa.Address.RCDHash()] = aa.Amount | ||
} | ||
*a = aam | ||
return nil | ||
} | ||
|
||
// MarshalJSON marshals a list of addresses and amounts used in the inputs or | ||
// outputs of a transaction. Addresses with a 0 amount are omitted. | ||
func (a AddressAmountMap) MarshalJSON() ([]byte, error) { | ||
as := make([]AddressAmount, 0, len(a)) | ||
for rcdHash, amount := range a { | ||
rcdHash := rcdHash | ||
// Omit addresses with 0 amounts. | ||
if amount == 0 { | ||
continue | ||
} | ||
|
||
as = append(as, AddressAmount{ | ||
Address: factom.NewAddress(&rcdHash), | ||
Amount: amount, | ||
}) | ||
} | ||
return json.Marshal(as) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.