Skip to content

Commit

Permalink
Merge branch 'ethereum:master' into portal
Browse files Browse the repository at this point in the history
  • Loading branch information
GrapeBaBa authored Apr 11, 2024
2 parents a476a6d + bd91810 commit e9b8018
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 15 deletions.
26 changes: 13 additions & 13 deletions cmd/clef/rules.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ It enables usecases like the following:

The two main features that are required for this to work well are;

1. Rule Implementation: how to create, manage and interpret rules in a flexible but secure manner
2. Credential managements and credentials; how to provide auto-unlock without exposing keys unnecessarily.
1. Rule Implementation: how to create, manage, and interpret rules in a flexible but secure manner
2. Credential management and credentials; how to provide auto-unlock without exposing keys unnecessarily.

The section below deals with both of them

## Rule Implementation

A ruleset file is implemented as a `js` file. Under the hood, the ruleset-engine is a `SignerUI`, implementing the same methods as the `json-rpc` methods
A ruleset file is implemented as a `js` file. Under the hood, the ruleset engine is a `SignerUI`, implementing the same methods as the `json-rpc` methods
defined in the UI protocol. Example:

```js
Expand All @@ -27,7 +27,7 @@ function asBig(str) {
return new BigNumber(str)
}

// Approve transactions to a certain contract if value is below a certain limit
// Approve transactions to a certain contract if the value is below a certain limit
function ApproveTx(req) {
var limit = big.Newint("0xb1a2bc2ec50000")
var value = asBig(req.transaction.value);
Expand Down Expand Up @@ -70,7 +70,7 @@ The Otto vm has a few [caveats](https://github.com/robertkrimen/otto):
Additionally, a few more have been added

* The rule execution cannot load external javascript files.
* The only preloaded library is [`bignumber.js`](https://github.com/MikeMcl/bignumber.js) version `2.0.3`. This one is fairly old, and is not aligned with the documentation at the github repository.
* The only preloaded library is [`bignumber.js`](https://github.com/MikeMcl/bignumber.js) version `2.0.3`. This one is fairly old, and is not aligned with the documentation at the GitHub repository.
* Each invocation is made in a fresh virtual machine. This means that you cannot store data in global variables between invocations. This is a deliberate choice -- if you want to store data, use the disk-backed `storage`, since rules should not rely on ephemeral data.
* Javascript API parameters are _always_ an object. This is also a design choice, to ensure that parameters are accessed by _key_ and not by order. This is to prevent mistakes due to missing parameters or parameter changes.
* The JS engine has access to `storage` and `console`.
Expand All @@ -88,8 +88,8 @@ Some security precautions can be made, such as:

##### Security of implementation

The drawbacks of this very flexible solution is that the `signer` needs to contain a javascript engine. This is pretty simple to implement, since it's already
implemented for `geth`. There are no known security vulnerabilities in, nor have we had any security-problems with it so far.
The drawback of this very flexible solution is that the `signer` needs to contain a javascript engine. This is pretty simple to implement since it's already
implemented for `geth`. There are no known security vulnerabilities in it, nor have we had any security problems with it so far.

The javascript engine would be an added attack surface; but if the validation of `rulesets` is made good (with hash-based attestation), the actual javascript cannot be considered
an attack surface -- if an attacker can control the ruleset, a much simpler attack would be to implement an "always-approve" rule instead of exploiting the js vm. The only benefit
Expand All @@ -105,7 +105,7 @@ It's unclear whether any other DSL could be more secure; since there's always th

## Credential management

The ability to auto-approve transaction means that the signer needs to have necessary credentials to decrypt keyfiles. These passwords are hereafter called `ksp` (keystore pass).
The ability to auto-approve transactions means that the signer needs to have the necessary credentials to decrypt keyfiles. These passwords are hereafter called `ksp` (keystore pass).

### Example implementation

Expand All @@ -127,8 +127,8 @@ The `vault.dat` would be an encrypted container storing the following informatio

### Security considerations

This would leave it up to the user to ensure that the `path/to/masterseed` is handled in a secure way. It's difficult to get around this, although one could
imagine leveraging OS-level keychains where supported. The setup is however in general similar to how ssh-keys are stored in `.ssh/`.
This would leave it up to the user to ensure that the `path/to/masterseed` is handled securely. It's difficult to get around this, although one could
imagine leveraging OS-level keychains where supported. The setup is however, in general, similar to how ssh-keys are stored in `.ssh/`.


# Implementation status
Expand All @@ -149,7 +149,7 @@ function big(str) {
// Time window: 1 week
var window = 1000* 3600*24*7;

// Limit : 1 ether
// Limit: 1 ether
var limit = new BigNumber("1e18");

function isLimitOk(transaction) {
Expand All @@ -163,7 +163,7 @@ function isLimitOk(transaction) {
if (stored != "") {
txs = JSON.parse(stored)
}
// First, remove all that have passed out of the time-window
// First, remove all that has passed out of the time window
var newtxs = txs.filter(function(tx){return tx.tstamp > windowstart});
console.log(txs, newtxs.length);

Expand All @@ -174,7 +174,7 @@ function isLimitOk(transaction) {
console.log("ApproveTx > Sum so far", sum);
console.log("ApproveTx > Requested", value.toNumber());

// Would we exceed weekly limit ?
// Would we exceed the weekly limit ?
return sum.plus(value).lt(limit)

}
Expand Down
2 changes: 1 addition & 1 deletion cmd/ethkey/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,4 @@ contains the password.

## JSON

In case you need to output the result in a JSON format, you shall by using the `--json` flag.
In case you need to output the result in a JSON format, you shall use the `--json` flag.
2 changes: 1 addition & 1 deletion rpc/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ func isSubscriptionType(t reflect.Type) bool {
return t == subscriptionType
}

// isPubSub tests whether the given method has as as first argument a context.Context and
// isPubSub tests whether the given method's first argument is a context.Context and
// returns the pair (Subscription, error).
func isPubSub(methodType reflect.Type) bool {
// numIn(0) is the receiver type
Expand Down

0 comments on commit e9b8018

Please sign in to comment.