Encode entity type into delegation signature #475

New Issue

Closed

opened 2023-07-24 23:26:27 +09:00 by davidyuk · 1 comment

davidyuk commented 2023-07-24 23:26:27 +09:00 (Migrated from gitlab.com)

Copy Link

Copy Source

I've found 3 types of delegation signatures:

1. network id + account address + contract address -- delegate AENS and Oracle operations
2. network id + account address + name hash + contract address -- delegate an AENS name to a contract
3. network id + query id + contract address -- delegate ability to reply to an oracle query

The addresses and ids are encoded as raw data, losing information on the entity type. In existing combinations, I can re-encode the current account address as an oracle query id and request the wallet to sign an oracle query delegation (3) and get a general delegation (1) instead.

If later we would introduce additional delegation signatures like network id + account address + channel address + contract address then functions signing a delegation of a new type can be misused to generate name delegation (2).

Currently, implementing a wallet API the correct way to name methods would be "sign network id, account address, and 32 bytes" instead of "sign network id, account address, and contract address".

The above issues may be solved by encoding address the same way as in transactions, using this mapping https://github.com/aeternity/aeserialization/blob/177bf604b2a05e940f92cf00e96e6e269e708245/src/aeser_id.erl#L97-L102

I've found 3 types of delegation signatures: 1. `network id + account address + contract address` -- delegate AENS and Oracle operations 2. `network id + account address + name hash + contract address` -- delegate an AENS name to a contract 3. `network id + query id + contract address` -- delegate ability to reply to an oracle query The addresses and ids are encoded as raw data, losing information on the entity type. In existing combinations, I can re-encode the current account address as an oracle query id and request the wallet to sign an oracle query delegation (3) and get a general delegation (1) instead. If later we would introduce additional delegation signatures like `network id + account address + channel address + contract address` then functions signing a delegation of a new type can be misused to generate name delegation (2). Currently, implementing a wallet API the correct way to name methods would be "sign network id, account address, and 32 bytes" instead of "sign network id, account address, and contract address". The above issues may be solved by encoding address the same way as in transactions, using this mapping https://github.com/aeternity/aeserialization/blob/177bf604b2a05e940f92cf00e96e6e269e708245/src/aeser_id.erl#L97-L102

zxq9 commented 2023-08-03 17:43:22 +09:00 (Migrated from gitlab.com)

Copy Link

Copy Source

Created by: hanssv

Again, good observation!
... and again - nothing really to do with the Sophia compiler.

*Created by: hanssv* Again, good observation! ... and again - nothing really to do with the Sophia compiler.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

prh-docs-fix

uw-mldsa-crypto

uw-rename-fix-deps

bump_gmserialization

zomp

ceres

gh-pages

gh-485

dependabot/pip/dot-github/workflows/pygments-2.15.0

old_ceres

ghallak/split-typechecker

gh-400

new_ceres

loop-op

type-env

ghallak/229

option-force-msg

6.0.2

lima

call-fee

fix-ets

mergesort

lima-master-merge

optionally_generate_aci

changelog-update

make-return-reserved-word

radrow-patch-2

aens-subdomains

aens-at-full-node-ver

pt-166866806-claim-with-name-fee

extend-aci-interface

generalized_accounts_no_abi_move

roma

quickcheck-ci

v7.5.0

v7.4.0

v7.3.0

v7.2.1

v7.2.0

v7.1.0

v7.0.1

v7.0.0

v6.1.0

v6.0.2

v6.0.1

v6.0.0

v5.0.0

v4.3.0

v4.2.0

v4.1.0

v4.1.0-rc1

v4.0.0

v4.0.0-rc5

v4.0.0-rc4

v4.0.0-rc3

v4.0.0-rc1

v3.2.0

v3.1.0

v3.0.0

v2.1.0

v2.0.0

roma-v1

v2

Labels

Clear labels

WIP

bug

consensus-breaking

dependencies

documentation

duplicate

effort: high

effort: low

effort: medium

effort: trivial

enhancement

good first issue

help wanted

invalid

maintenance

question

task/feature

todo-in-rewrite

wontfix

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

pig lipstick

Muggle-facing enhancements

question

More information is needed

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Dagadunn Pickmick dimitar.p.ivanov flambard (Markus Flambard) gchewy hans_sv pharpend spivee (Jarvis Carroll) thescientress (Cecille de Jesus) uwiger (Ulf Wiger) zxq9 (Craig Everett)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: QPQ-AG/sophia#475