absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 12:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Correct the prior documented TOCTOU

Browse Source 
Now, if a malicious validator set publishes a malicious `Batch` at the last
moment, it'll cause all future `Batch`s signed by the next validator set to
require a bool being set (yet they never will set it).

This will prevent the handover.

The only overhead is having two distinct `batch_message` calls on-chain.
This commit is contained in:
Luke Parker
2023-10-13 04:40:59 -04:00
parent e6aa9df428
commit d50fe87801
8 changed files with 45 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
coordinator/src/main.rs
View File

@@ -924,15 +924,6 @@ async fn handle_processor_messages<D: Db, Pro: Processors, P: P2p>(
MainDb::<D>::set_did_handover(&mut txn, spec.set());
}
// TODO: There is a race condition here. We may verify all `Batch`s from the prior
// set, start signing the handover Batch `n`, start signing `n+1`, have `n+1`
// signed before `n` (or at the same time), yet then the prior set forges a
// malicious Batch `n`.
//
// The malicious Batch `n` would be publishable to Serai, as Serai can't
// distinguish what's intended to be a handover `Batch`, yet then anyone could
// publish the new set's `n+1`, causing their acceptance of the handover.
Some(Transaction::Batch(block.0, id.id))
} else {
Some(Transaction::BatchPreprocess(SignData {