Alternate handover batch TOCTOU fix (#397)

* Revert "Correct the prior documented TOCTOU" This reverts commit d50fe87801. * Correct the prior documented TOCTOU d50fe87801 edited the challenge for the Batch to fix it. This won't produce Batch n+1 until Batch n is successfully published and verified. It's an alternative strategy able to be reviewed, with a much smaller impact to scope.
2025-12-08 12:19:24 +00:00 · 2023-10-13 12:14:59 -04:00
parent 7d0d1dc382
commit f6e8bc3352
9 changed files with 144 additions and 78 deletions
--- a/substrate/in-instructions/pallet/src/lib.rs
+++ b/substrate/in-instructions/pallet/src/lib.rs
@@ -155,21 +155,14 @@ pub mod pallet {
      // verify the signature
      let network = batch.batch.network;
      let (current_session, prior, current) = keys_for_network::<T>(network)?;
+      let batch_message = batch_message(&batch.batch);
      // Check the prior key first since only a single `Batch` (the last one) will be when prior is
      // Some yet prior wasn't the signing key
-      let valid_by_prior = if let Some(key) = prior {
-        key.verify(&batch_message(false, &batch.batch), &batch.signature)
-      } else {
-        false
-      };
+      let valid_by_prior =
+        if let Some(key) = prior { key.verify(&batch_message, &batch.signature) } else { false };
      let valid = valid_by_prior ||
        (if let Some(key) = current {
-          key.verify(
-            // This `== 0` is valid as either it'll be the first Batch for the first set, or if
-            // they never had a Batch, the first Batch for the next set
-            &batch_message((batch.batch.id == 0) || prior.is_some(), &batch.batch),
-            &batch.signature,
-          )
+          key.verify(&batch_message, &batch.signature)
        } else {
          false
        });
--- a/substrate/in-instructions/primitives/src/lib.rs
+++ b/substrate/in-instructions/primitives/src/lib.rs
@@ -84,6 +84,6 @@ impl Zeroize for SignedBatch {

 // TODO: Make this an associated method?
 /// The message for the batch signature.
-pub fn batch_message(is_first_batch_of_set: bool, batch: &Batch) -> Vec<u8> {
-  [b"InInstructions-batch".as_ref(), &(is_first_batch_of_set, batch).encode()].concat()
+pub fn batch_message(batch: &Batch) -> Vec<u8> {
+  [b"InInstructions-batch".as_ref(), &batch.encode()].concat()
 }