-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New payment verification mechanism #1119
Conversation
1160f99
to
fd329f1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
One possibly "breaking" comment, please have a look, will approve on reply / fix
Previous payment verification method was susceptible to tx hash re-using/stealing attack. A new mechanism has been implemented that requires payment drivers to sign a message with payment details with the same key that has been used to sign the blockchain transaction. Outdated `GetTransactionBalance` endpoint has been replaced with two new endpoints: `SignPayment` and `VerifySignature`. The new endpoints have been implemented in `dummy` and `base` driver crates. Signed-off-by: Adam Wierzbicki <awierzbicki@golem.network>
359068e
to
51f6be7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@maaktweluit Plz, approve again |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Previous payment verification method was susceptible to tx hash re-using/stealing attack. A new mechanism has been implemented that requires payment drivers to sign a message with payment details with the same key that has been used to sign the blockchain transaction.
Outdated
GetTransactionBalance
endpoint has been replaced with two new endpoints:SignPayment
andVerifySignature
. The new endpoints have been implemented indummy
andbase
driver crates.Task description: PAY-53
Notice:
erc-20
has been intentionally omitted because the implementation inbase
driver crate should covert it automatically once it is refactored to use that crate.Testing instructions: Run
invoice_flow
anddebit_note_flow
withdummy
andzksync
drivers.