Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracking issue for GHSA-2v6r-g342-282f #3779

Closed
bowenwang1996 opened this issue Jan 5, 2021 · 0 comments · Fixed by #4064
Closed

Tracking issue for GHSA-2v6r-g342-282f #3779

bowenwang1996 opened this issue Jan 5, 2021 · 0 comments · Fixed by #4064
Labels
A-transaction-runtime Area: transaction runtime (transaction and receipts processing, state transition, etc)

Comments

@bowenwang1996
Copy link
Collaborator

Tracks security advisory issue https://github.com/near/nearcore/security/advisories/GHSA-2v6r-g342-282f
@bowenwang1996 bowenwang1996 added the A-transaction-runtime Area: transaction runtime (transaction and receipts processing, state transition, etc) label Jan 5, 2021
@bowenwang1996 bowenwang1996 mentioned this issue Mar 9, 2021
Merged
near-bulldozer bot pushed a commit that referenced this issue Mar 11, 2021
@bowenwang1996
fix(runtime): add access key nonce range (#4064)
8c8af7f 
Address the access key nonce issue discussed [here](https://gov.near.org/t/issue-with-access-key-nonce/749) by setting nonce to `(block_height - 1) * 1e6` and capping the access key nonces of transactions included in a block to `block_height * 1e6`. Fixes #3779.

Test plan
---------
* `test_transaction_hash_collision`
* `test_chunk_transaction_validity`
* `test_transaction_nonce_too_large`
* nayduck
@Longarithm Longarithm mentioned this issue Nov 26, 2021
Merged
near-bulldozer bot pushed a commit that referenced this issue Nov 29, 2021
@Longarithm
fix: set access key nonce on implicit account creation (#5482)
d4b583e 
Fix access key nonce for implicit accounts to fully address the issue #3779.

The change is straightforward - formula for nonce should be the same as for explicit accounts, as here - https://github.com/near/nearcore/blob/7f7347fc008d592a2679101f4518cfdb8df4e617/runtime/runtime/src/actions.rs#L561-L562

## Test plan

- `test_transaction_hash_collision_for_implicit_account_[ok|fail]` - check that tx is applied or rejected depending on the protocol version.
@Longarithm Longarithm mentioned this issue Dec 13, 2021
Merged
near-bulldozer bot pushed a commit that referenced this issue Dec 14, 2021
@Longarithm
feat: stabilize nonce range for implicit accounts (#5802)
ee1dc47 
Stabilize #5482. Also, update changelog for 1.23.0 release.

## Reasoning

Previously, we changed formulas for tx nonce computation to avoid tx hash collisions: #3779 
Later we figured out that it was not enabled for implicit accounts - on its creation, we simply created new access key with nonce 0.
So we need this to make formula consistent among all accounts, and to get rid of tx hash collisions completely. The fix itself is straightforward.

## Testing 

Existing tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-transaction-runtime Area: transaction runtime (transaction and receipts processing, state transition, etc)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(runtime): add access key nonce range near/nearcore
1 participant
@bowenwang1996