fast sync is insecure #1162
Labels
Milestone
Comments
ignopeverell
added
bug
consensus breaking
|
Fix is to:
|
|
If we are considering adding the output and kernel sums on the header (#1107) do we add both kernel MMR size and the corresponding output MMR size for consistency? |
|
I was still thinking of going minimal and only adding the size for 8 bytes. Kernel sums can be computed from that. Not sure about output MMR size, what do you think? |
|
Mmmh forgot about #1107, which makes sense as well. Okay, let's add those 33+8+8 bytes... |
|
Resolved in #1163 - we now rewind and check the kernel root against the root in the block header at each block height. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the current fast sync approach, we take the MMR commitments in the horizon header as the indisputable truth (as secured by the cumulative pow difficulty). But an attacker could have branched off from the previous block (or the one before that) and even mined 2000 blocks on top, to make up arbitrary MMRs at horizon,
which are presented to the syncer along with the horizon header. The syncer merely checks that the MMRs
have the correct commitment, but doesn't check their past evolution.
To be certain of the kernel MMR that the horizon cumulative diff is committed to, the syncer needs to go through all intermediate kernel MMR sizes at each height, compute their commitment, and check that this matches the one in the header at that height. Here it might help to have #kernels as a separate header field.
The text was updated successfully, but these errors were encountered: