-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Go through and check that all cryptography assumptions in the design are implemented in the code. #8587
Comments
@aeyakovenko This is not fully currently implemented: #8185 I havn't gotten hands on it due to imminent snapshot issues. |
@garious Seems like we should have a cryptography security doc in the design that goes over all the signatures and how they are used. |
Sorry a bit late; but I've just came up with; I know these are pretty obvious and may overlap with existing check points, but just in case These are what I'd would peek into if I'd determined to steal million SOLs ever. ;) Genesis hash
Poh
TX
Hashing/Signature coverageThe hashing and signing covers the following data structures exactly with no less and no more? When extra data is prepended/appended by tampering from an untrusted stream, it rejects the extra outright?
|
|
|
I'm slowly moving this by way of #9180. |
firstly, i audited those versioned tx mechanism. it seems it's correctly sanitizing/sig-verifying/pre-compiling things for both banking /replaying codepath. |
Problem
A large distributed team working asynchronously on a complex codebase may miss some things that everyone would think are obvious.
Proposed Solution
Go through important cryptography assumptions in the design and verify they are implemented in the code. File issues if integration or unit tests are missing.
TX signature checks
Validator Signature checks
Leader TX Signature Checks
PoH Verification
Gossip CRDS Values
Turbine
BankHash
Snapshots
tag: @mvines @garious
The text was updated successfully, but these errors were encountered: