fix: stop leak of value of recovered output #3558
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SWvheerden
force-pushed
the
sw_fix_value_leak
branch
from
7bcf19f
to
107c1a4
Compare
philipr-za
reviewed
Nov 11, 2021
| // Todo we need to look here that we might want to fail a specific output and not recover it as this | ||
| // will only work if the script is a Nop script. If this is not a Nop script the recovered input | ||
| // will not be spendable. | ||
| let script_key = PrivateKey::random(&mut OsRng); |
There was a problem hiding this comment.
Shouldn't we derive this key from the key manager?
There was a problem hiding this comment.
We can, but this is in effect a single-use key and can be anything. We can also change this on actual spending of the recovered utxo, so makes near enough no difference I think.
philipr-za
approved these changes
Nov 11, 2021
sdbondi
added a commit
to sdbondi/tari
that referenced
this pull request
Nov 18, 2021
* development: (32 commits) feat: add atomic swap refund transaction handling (tari-project#3573) feat: improve wallet connectivity status for console wallet (tari-project#3577) v0.21.1 feat: add error codes to LibWallet for CipherSeed errors (tari-project#3578) ci: split cucumber job into two (tari-project#3583) feat(wallet): import utxo’s as EncumberedToBeReceived rather than Unspent (tari-project#3575) docs: rfc 0250_Covenants (tari-project#3574) feat: get fee for transactions for stratum transcoder (tari-project#3571) test: make monerod stagenet usage resilient (tari-project#3572) feat: add atomic swap htlc sending and claiming (tari-project#3552) feat: implement prometheus metrics for base node (tari-project#3563) feat: implement multiple read single write for sqlite (tari-project#3568) feat: trigger time lock balance update when block received (tari-project#3567) test: reduce cucumber ci to critical only (tari-project#3566) test: fix cucumber console wallet startup (tari-project#3564) chore: add node id/public key to log mdc (tari-project#3559) fix: avoid implicit using of the time crate (tari-project#3562) feat: one-click installer - cli edition (tari-project#3534) ci: add workflow dispatch to libwallet build action (tari-project#3556) fix: stop leak of value of recovered output (tari-project#3558) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Updated the recovery of an output to not reuse the blinding factor to use as thescript_key, but rather generate a new key.
Motivation and Context
If the blinding factor is reused as the script_key, on spending you will reveal k.G, this makes guessing v.H trivial and this leaks the k.G value.
How Has This Been Tested?