Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BREAKING: NUT-04: payment_hash -> hash #14

Merged
merged 3 commits into from
Jun 3, 2023
Merged

BREAKING: NUT-04: payment_hash -> hash #14

merged 3 commits into from
Jun 3, 2023

Conversation

callebtc
Copy link
Contributor

@callebtc callebtc commented Apr 27, 2023
edited
Loading

Critical update. We need to fix NUT-04 to not use the bolt11 payment_hash as this enables a third party to steal tokens from a user if they publicly post a Cashu invoice online or leak it in any other way. An attacker could compute the payment_hash and start hitting the mint with POST /mint requests until the invoice is paid. If the attacker is faster than the user, they get the ecash.

What do we need to change?

Wallets:

  • Very easy: simply rename the URL param from payment_hash to hash in POST /mint. You received the hash in the previous step when you called GET /mint.
  • This is simply for semantic consistency (as we're not using a payment hash anymore). An option would be to make mints backwards compatible for a transition period and accept both parameters.

Mints:

  • Medium easy: instead of returning the payment hash in NUT-03: GET /mint, generate a random urlsafe string to look up the invoice state later in POST /mint. This either has to be stored in a database (so it can be mapped back to the invoice) or it could be encrypted with the private key of the mint (which would make it stateless).
  • Any comments on these approaches are appreciated, especially from mint devs.
  • Edit: It seems the easiest way to implement this in a mint would be to encrypt the payment_hash with the mint's private key (or: the hash of the private key string). Then pass that encrypted (random-looking) string we call hash to the user upon GET /mint. When the user then asks for POST /mint, the mint takes hash, decrypts it with the private key and gets payment_hash that can be used to look up the invoice state in the Lightning backend.

Tracking progress of NUT-04 update (please report):

Ping: @Egge7 @BilligsterUser @gandlafbtc @clarkmoody @ngutech21 @gohumble @thesimplekid @KKA11010

@BilligsterUser BilligsterUser mentioned this pull request Apr 27, 2023
Closed
BilligsterUser
BilligsterUser suggested changes Apr 27, 2023
View reviewed changes
Copy link
Contributor

@BilligsterUser BilligsterUser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

04.md Outdated Show resolved Hide resolved
@BilligsterUser
Copy link
Contributor

cashu-ts => pr #60

@BilligsterUser BilligsterUser mentioned this pull request Apr 27, 2023
Open
clarkmoody
clarkmoody approved these changes Apr 28, 2023
View reviewed changes
Copy link

@clarkmoody clarkmoody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

Fixed in clarkmoody/cashu-rs@64102ea

gohumble pushed a commit to cashubtc/cashu-feni that referenced this pull request Apr 28, 2023
fix cashubtc/nuts#14
3c7282b
gohumble pushed a commit to cashubtc/cashu-feni that referenced this pull request Apr 28, 2023
fix cashubtc/nuts#14
b5a4567
@gandlafbtc
Copy link
Collaborator

LGTM

@gandlafbtc
Copy link
Collaborator

merged on cashu-ts , not yet in a release

@ngutech21
Copy link
Collaborator

Fixed in ngutech21/moksha@9e4020f

@callebtc callebtc mentioned this pull request May 3, 2023
Merged
@callebtc
Copy link
Contributor Author

callebtc commented May 3, 2023
edited
Loading

@gohumble @ngutech21 @clarkmoody please confirm that the hash you're producing is urlsafe (since we're using it in a URL param)! 🙏

@thesimplekid thesimplekid mentioned this pull request May 3, 2023
Closed
@thesimplekid
Copy link
Collaborator

Fixed in cashubtc/cdk@d138135

@gandlafbtc
Copy link
Collaborator

https://github.com/cashubtc/cashu-ts/releases/tag/v0.7.2

@ngutech21
Copy link
Collaborator

@gohumble @ngutech21 @clarkmoody please confirm that the hash you're producing is urlsafe (since we're using it in a URL param)! 🙏

it is hereby confirmed

@callebtc callebtc mentioned this pull request May 10, 2023
Merged
@clarkmoody
Copy link

@gohumble @ngutech21 @clarkmoody please confirm that the hash you're producing is urlsafe (since we're using it in a URL param)! 🙏

Yes, I'm encoding as hex.

@callebtc callebtc mentioned this pull request May 16, 2023
Merged
@callebtc
Copy link
Contributor Author

callebtc commented Jun 3, 2023

Thank you everyone for a smooth coordinated upgrade like the Solana people.

@callebtc callebtc merged commit 01ce75c into main Jun 3, 2023
@callebtc callebtc deleted the nut04/rename_to_hash branch June 3, 2023 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clarkmoody clarkmoody clarkmoody approved these changes

@BilligsterUser BilligsterUser BilligsterUser approved these changes

@gandlafbtc gandlafbtc gandlafbtc approved these changes

@gohumble gohumble Awaiting requested review from gohumble

@Egge21M Egge21M Awaiting requested review from Egge21M

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@callebtc @BilligsterUser @gandlafbtc @ngutech21 @thesimplekid @clarkmoody