Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harden messages against replay attacks #39

Closed
konradkonrad opened this issue May 17, 2016 · 2 comments
Closed

Harden messages against replay attacks #39

konradkonrad opened this issue May 17, 2016 · 2 comments
Assignees
@czepluch
Labels
Flag / Security Tag / Good First Issue

Comments

@konradkonrad
Copy link
Contributor

konradkonrad commented May 17, 2016
edited
Loading

Depending on the value of self.asset, messages could be re-applicable between two instances of the same state channel (between=[Alice, Bob], asset=BBCoin). Given that:

  • Alice and Bob opened+settled channel for BBCoin yesterday AND
  • Alice and Bob open a new channel for BBCoin

If self.asset resolves to the same value, there seems to be no value unique to the current instance, i.e. yesterdays messages could be valid in today's channel.

So: either the asset-address needs to be unique, or we should include the state-channel address in signed transfer messages.

See:
https://github.com/brainbot-com/raiden/blob/master/raiden/messages.py#L291
https://github.com/brainbot-com/raiden/blob/master/raiden/messages.py#L394
@czepluch
Copy link
Contributor

This should be taken care of with #93 that will introduce nonce ranges.

@czepluch czepluch mentioned this issue Dec 16, 2016
Merged
@LefterisJP LefterisJP modified the milestones: Sprint 1, MVP Dec 20, 2016
@konradkonrad konradkonrad mentioned this issue Dec 20, 2016
Closed
@czepluch
Copy link
Contributor

This can be closed with #287 that add nonce ranges and #211 that makes sure that the same lock cannot be unlocked twice.

@LefterisJP LefterisJP modified the milestones: MVP, Sprint 1 Jan 12, 2017
konradkonrad added a commit that referenced this issue Jan 27, 2017
@konradkonrad
Merge pull request #352 from LefterisJP/error_hardening_final
3343e21 
Final additions for the hardening against error conditions
Fixes #39
err508 pushed a commit that referenced this issue Aug 22, 2018
@loredanacirstea
Merge pull request #39 from loredanacirstea/update-privacy
95968d4 
Refactor SC - balance_hash, batch unlock
hackaugusto pushed a commit to hackaugusto/raiden that referenced this issue Dec 5, 2019
@ulope
Merge pull request raiden-network#39 from ulope/gevent_matrix
4f2410a 
Add gevent compatible matrix client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@czepluch czepluch

Labels
Flag / Security Tag / Good First Issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@czepluch @LefterisJP @heikoheiko @konradkonrad