You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 5, 2024. It is now read-only.
To check poc validity, we use the PoCOnionKeyHash which is first created with a validators heartbeat. This is submitted and selected by the CG. The originating validator then sees this OnionKeyHash (public key hash) being selected for PoC from the CG. It then generates the PoC. Later when checking if the PoC was valid, the PoCOnionKeyHash is used to validate ZoneRandState but the Keys supplied are never checked to match those for the submitted PoCOnionKeyHash. Which the private key is used to form the TargetRandState.
Without checking the PoCOnionKeyHash to the a re-hashed public key from the Keys, you could submit different Keys thus resulting in a deterministic TargetRandState for the PoC (potentially).
I feel that there should be a check between the PoCOnionKeyHash in the txn and the Keys submitted via the secret.
@anthonyra thanks for this. Validating the presented PocOnionKeyHash against the public key hash is good for correctness. Your suggestion also highlighted a wider weakness in that the txn is not verifying the key pair presented are actually a valid pair. I will address both in a PR shortly.
blockchain-core/src/transactions/v2/blockchain_txn_poc_receipts_v2.erl
Line 221 in fe2a572
To check poc validity, we use the PoCOnionKeyHash which is first created with a validators heartbeat. This is submitted and selected by the CG. The originating validator then sees this OnionKeyHash (public key hash) being selected for PoC from the CG. It then generates the PoC. Later when checking if the PoC was valid, the PoCOnionKeyHash is used to validate ZoneRandState but the Keys supplied are never checked to match those for the submitted PoCOnionKeyHash. Which the private key is used to form the TargetRandState.
Without checking the PoCOnionKeyHash to the a re-hashed public key from the Keys, you could submit different Keys thus resulting in a deterministic TargetRandState for the PoC (potentially).
I feel that there should be a check between the PoCOnionKeyHash in the txn and the Keys submitted via the secret.
The text was updated successfully, but these errors were encountered: