Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Protect against late blind vote publishing #2667

Conversation

Projects
None yet
3 participants
@ManfredKarrer
Copy link
Member

commented Apr 7, 2019

We want to wait with merge until we know how we will deploy it.

ManfredKarrer added some commits Apr 7, 2019

Remove DateTolerantPayload interface
The date check would not add real protection as the attacker could just
use a new date and we do not cross check the date with the tx date.
We could do that but it would add complexity and we have another
strategy which does not require that.
Add TODO for removing the date from BlindVotePayload at mainnet launch
We don't want to break consensus and persisted data at current
dao_regtest by removing the date now. It is not used anywhere so it is
irrelevant but would break things as the hash would be different and
persisted data would not be readable anymore. So we delay that change
to the mainnet launch.
Remove republishing of blind votes at vote reveal
As we do not accept blind votes from the network during hte vote reveal
phase the republishing does not make sense.
Check if not in voteReveal phase when receiving blindVotes
We do not accept blindVotePayloads when we are in the voteReveal phase
to protect against late publishing attacks.

@ManfredKarrer ManfredKarrer requested a review from sqrrm Apr 7, 2019

@ManfredKarrer ManfredKarrer added the in:dao label Apr 7, 2019

@ManfredKarrer ManfredKarrer added this to the v0.9.8 milestone Apr 7, 2019

@sqrrm

sqrrm approved these changes Apr 7, 2019

Copy link
Member

left a comment

utACK

This might be a better way than using the date, but I don't have a really good model in my head so I'm not saying this with conviction.

@ManfredKarrer ManfredKarrer marked this pull request as ready for review Apr 8, 2019

@ripcurlx
Copy link
Member

left a comment

utACK

@ripcurlx ripcurlx merged commit 2846b18 into bisq-network:master Apr 8, 2019

@ManfredKarrer ManfredKarrer deleted the ManfredKarrer:protect-against-late-blind-vote-publishing branch Apr 8, 2019

@sqrrm sqrrm referenced this pull request May 7, 2019

Open

Cycle 1 #282

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.