You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 13, 2022. It is now read-only.
At the moment, closing_sig (receiver's closing signature for cooperative close) consists only in the receiver signing the sender's signed balance proof.
Reasons for changing this:
There is no known vulnerability at this point due to Ethereum's ECDSA using v to differentiate between the possible curve points for the same signature. Nonetheless, we should follow best practices and sign actual data instead of a signature.
tl;dr
closing_sig
should be the receiver's signature on:First proposed in #52
(note, this is the current EIP712 hash implementation - will change).
At the moment,
closing_sig
(receiver's closing signature for cooperative close) consists only in the receiver signing the sender's signed balance proof.Reasons for changing this:
There is no known vulnerability at this point due to Ethereum's ECDSA using
v
to differentiate between the possible curve points for the same signature. Nonetheless, we should follow best practices and sign actual data instead of a signature.Use EIP712, as we do in the balance proof message, for consistency. Also mentioned in the external audit of the smart contract (point 10 Documenting the external audit of the smart contract #135)
Previous discussions on the signature logic documented in #193.
To recap, current state is:
balance_msg_sig
is the sender's signature of:closing_sig
is the recever's signature onsha3(balance_msg_sig)
The text was updated successfully, but these errors were encountered: