-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BREAKING: NUT-04: payment_hash
-> hash
#14
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK
Fixed in clarkmoody/cashu-rs@64102ea
LGTM |
merged on cashu-ts , not yet in a release |
Fixed in ngutech21/moksha@9e4020f |
@gohumble @ngutech21 @clarkmoody please confirm that the |
Fixed in cashubtc/cdk@d138135 |
it is hereby confirmed |
Yes, I'm encoding as hex. |
Thank you everyone for a smooth coordinated upgrade like the Solana people. |
Critical update. We need to fix NUT-04 to not use the bolt11
payment_hash
as this enables a third party to steal tokens from a user if they publicly post a Cashu invoice online or leak it in any other way. An attacker could compute thepayment_hash
and start hitting the mint withPOST /mint
requests until the invoice is paid. If the attacker is faster than the user, they get the ecash.What do we need to change?
Wallets:
payment_hash
tohash
inPOST /mint
. You received thehash
in the previous step when you calledGET /mint
.Mints:
NUT-03: GET /mint
, generate a random urlsafe string to look up the invoice state later inPOST /mint
. This either has to be stored in a database (so it can be mapped back to the invoice) or it could be encrypted with the private key of the mint (which would make it stateless).payment_hash
with the mint's private key (or: the hash of the private key string). Then pass that encrypted (random-looking) string we callhash
to the user uponGET /mint
. When the user then asks forPOST /mint
, the mint takeshash
, decrypts it with the private key and getspayment_hash
that can be used to look up the invoice state in the Lightning backend.Tracking progress of NUT-04 update (please report):
Ping: @Egge7 @BilligsterUser @gandlafbtc @clarkmoody @ngutech21 @gohumble @thesimplekid @KKA11010