Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vout attack #160 #161

Merged
merged 4 commits into from
Feb 24, 2020
Merged

Fix vout attack #160 #161

merged 4 commits into from
Feb 24, 2020

Conversation

dtebbs
Copy link
Contributor

@dtebbs dtebbs commented Feb 18, 2020

Fixes #160

  • client adds his Ethereum address to the data to be signed
  • mixer contract uses eth.sender to reconstruct the data to be signed (rejecting the tx if the signature check fails, as now)

@dtebbs dtebbs changed the base branch from master to develop February 18, 2020 13:55
rrtoledo
rrtoledo suggested changes Feb 18, 2020
View reviewed changes
Copy link
Contributor

@rrtoledo rrtoledo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few questions here and there, a function seems underdefined, else the fix seems correct.

pyClient/zeth/joinsplit.py Show resolved Hide resolved
pyClient/zeth/utils.py Outdated Show resolved Hide resolved
zeth-contracts/contracts/Groth16Mixer.sol Show resolved Hide resolved
pyClient/test_commands/scenario.py Show resolved Hide resolved
@dtebbs dtebbs force-pushed the fix-vout-attack branch 2 times, most recently from 1e6a007 to 2d317c8 Compare February 21, 2020 17:47
@dtebbs
Copy link
Contributor Author

dtebbs commented Feb 21, 2020

Something has changed on mac travis machines. I'm looking into it, but the buidl will fail until then.

@dtebbs
Copy link
Contributor Author

dtebbs commented Feb 24, 2020

Something has changed on mac travis machines. I'm looking into it, but the buidl will fail until then.

Should be fixed now.

@AntoineRondelet
Copy link
Contributor

LGTM, thanks

@AntoineRondelet AntoineRondelet merged commit 0ccc36c into develop Feb 24, 2020
@AntoineRondelet AntoineRondelet deleted the fix-vout-attack branch February 26, 2020 12:25
AntoineRondelet added a commit that referenced this pull request May 6, 2020
@AntoineRondelet
Merge pull request #161 from clearmatics/fix-vout-attack
9680e7a 
Fix vout attack #160
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AntoineRondelet AntoineRondelet AntoineRondelet left review comments

@rrtoledo rrtoledo rrtoledo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Possible attack to steal vout
3 participants
@dtebbs @AntoineRondelet @rrtoledo