Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make chain ID available to contracts #2226

Merged
merged 10 commits into from
Aug 31, 2024
Merged

Make chain ID available to contracts #2226

merged 10 commits into from
Aug 31, 2024

Conversation

ureeves
Copy link
Member

@ureeves ureeves commented Aug 30, 2024

At the moment, contracts have no way to check which chain they're operating in. As a consequence, cross-chain replay attacks are made possible. In this PR we expose the chain ID to contracts and make use of it in our own transactions and calls where appropriate.

The changes effectively make it impossible to replay transactions on different chains, as well as allow contract developers to do the same with their own call data structures.

@ureeves
rusk-abi: add chain ID as queryable data
38377ba 
Contracts are given access to the ID of the chain being operated. This
will allow contracts to check if a call was made originally on this
chain, - by mixing the chain ID into a signature for example -
effectively allowing them to prevent replay of calls performed on other
chains.
@ureeves ureeves added fix:vulnerability Issues related to fix vulnerabilities of the architecture or software module:rusk-abi Issues related to rusk-abi module module:rusk Issues related to rusk module module:execution-core Issues related to execution-core labels Aug 30, 2024
@HDauven
Copy link
Member

HDauven commented Aug 30, 2024
edited
Loading

I'm wondering @ureeves, shouldn't we enforce this on a transaction level instead of on a contract level?

Never mind, I misinterpreted your PR message. LGTM

HDauven
HDauven previously approved these changes Aug 30, 2024
View reviewed changes
@ureeves ureeves requested a review from HDauven August 31, 2024 13:10
herr-seppia
herr-seppia approved these changes Aug 31, 2024
View reviewed changes
Copy link
Member

@herr-seppia herr-seppia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ureeves ureeves merged commit 29a8093 into master Aug 31, 2024
15 checks passed
@ureeves ureeves deleted the chain-id-host branch August 31, 2024 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@herr-seppia herr-seppia herr-seppia approved these changes

@miloszm miloszm Awaiting requested review from miloszm

@fed-franz fed-franz Awaiting requested review from fed-franz

@moCello moCello Awaiting requested review from moCello

@Neotamandua Neotamandua Awaiting requested review from Neotamandua

@fullstackjade fullstackjade Awaiting requested review from fullstackjade

@HDauven HDauven Awaiting requested review from HDauven

Assignees
No one assigned
Labels
fix:vulnerability Issues related to fix vulnerabilities of the architecture or software module:execution-core Issues related to execution-core module:rusk Issues related to rusk module module:rusk-abi Issues related to rusk-abi module
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ureeves @HDauven @herr-seppia