Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tx client needs proof of the last nonce for their account #3256

Open
4 tasks
cmwaters opened this issue Apr 4, 2024 · 0 comments
Open
4 tasks

Tx client needs proof of the last nonce for their account #3256

cmwaters opened this issue Apr 4, 2024 · 0 comments
Labels
bug Something isn't working WS: Maintenance 🔧 includes bugs, refactors, flakes, and tech debt etc

Comments

@cmwaters
Copy link
Contributor

cmwaters commented Apr 4, 2024
edited
Loading

Summary

This recent PR #3196 added the ability to retry submitting a transaction if the nonce was incorrect. The problem however is that we are trusting the consensus node that we are submitting the transaction to. They could simply lie and manipulate the client to sign the same transaction several times and by doing so, bypass replay protection. The client should actually request a proof of the state of their account and verify it.

For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged
  • Contributor assigned/self-assigned
@cmwaters cmwaters added the bug Something isn't working label Apr 4, 2024
@cmwaters cmwaters mentioned this issue Apr 4, 2024
Merged
cmwaters added a commit that referenced this issue Apr 5, 2024
@cmwaters
fix: disable automatic resigning for the signer pkg (#3257)
854ad5a 
Ref: #3256
@evan-forbes evan-forbes added WS: Maintenance 🔧 includes bugs, refactors, flakes, and tech debt etc needs:triage and removed needs:triage labels May 17, 2024
0xchainlover pushed a commit to celestia-org/celestia-app that referenced this issue Aug 1, 2024
@cmwaters
fix: disable automatic resigning for the signer pkg (#3257)
e0d457a 
Ref: celestiaorg/celestia-app#3256
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working WS: Maintenance 🔧 includes bugs, refactors, flakes, and tech debt etc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cmwaters @evan-forbes