You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Due to the preferred restriction of 1:1 relationship between indexer and Graphcast agent, there exist a vulnerability for indexers who submits a transaction to set their Graphcast agent, in which a malicious actor can frontrun transactions to disabled someone from setting the desired agent address.
POC
Alice wants to set her operator to 0x1234.
She calls setGossipOperator(0x1234).
Malicious Bob sees this in the mempool and sends another setGossipOperator(0x1234) with higher gas price.
After Bob's tx succeeds, Alice's will fail because operatorRegistered[0x1234] is already set.
Potential solutions
commit/reveal scheme like ENS: first transaction with hash of gossip address, second transaction reveals the preimage and claims it
Instead of requiring the address field for Graphcast operator, instead require a message signed by the operator private key. Message object should contain both operator address and the message sender address. The contract verify the msg.sender and message signature
The text was updated successfully, but these errors were encountered:
hopeyen
changed the title
Feat.Req -
Feat.Req - Address frontrun security
Feb 3, 2023
Due to the preferred restriction of 1:1 relationship between indexer and Graphcast agent, there exist a vulnerability for indexers who submits a transaction to set their Graphcast agent, in which a malicious actor can frontrun transactions to disabled someone from setting the desired agent address.
POC
Alice wants to set her operator to 0x1234.
She calls
setGossipOperator(0x1234).Malicious Bob sees this in the mempool and sends another
setGossipOperator(0x1234)with higher gas price.After Bob's tx succeeds, Alice's will fail because
operatorRegistered[0x1234]is already set.Potential solutions
addressfield for Graphcast operator, instead require a message signed by the operator private key. Message object should contain both operator address and the message sender address. The contract verify the msg.sender and message signatureThe text was updated successfully, but these errors were encountered: