Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add chain id #1064

Merged
merged 5 commits into from
Apr 6, 2023
Merged

add chain id #1064

merged 5 commits into from
Apr 6, 2023

Conversation

zqhxuyuan
Copy link
Contributor

@zqhxuyuan zqhxuyuan commented Apr 6, 2023
edited
Loading

Description

Before we can approve this PR for merge, please make sure that all the following items have been checked off:

  • Connected to an issue with discussion and accepted design using zenhub "Connect issue" button below
  • Added one label out of the L- group to this PR
  • Added one or more labels from the A- and C- groups to this PR
  • Explicitly labelled A-calamari, A-dolphin and/or A-manta if your changes are meant for/impact either of these (CI depends on it)
  • Re-reviewed Files changed in the Github PR explorer.

Situational Notes:

  • If adding functionality, write unit tests!
  • If importing a new pallet, choose a proper module index for it, and allow it in BaseFilter. Ensure every extrinsic works from front-end. If there's corresponding tool, ensure both work for each other.
  • If needed, update our Javascript/Typescript APIs. These APIs are officially used by exchanges or community developers.
  • If modifying existing runtime storage items, make sure to implement storage migrations for the runtime and test them with try-runtime. This includes migrations inherited from upstream changes, and you can search the diffs for modifications of #[pallet::storage] items to check for any.

@zqhxuyuan
add chain id
7ad8052 
Signed-off-by: zqhxuyuan <zqhxuyuan@gmail.com>
@zqhxuyuan zqhxuyuan added L-fixed Log: Issues and PRs related to bug fixes A-calamari Area: Issues and PRs related to the Calamari Runtime C-enhancement Category: An issue proposing an enhancement or a PR with one labels Apr 6, 2023
ghzlatarev
ghzlatarev previously approved these changes Apr 6, 2023
View reviewed changes
@zqhxuyuan
fix clippy
df6a30e 
Signed-off-by: zqhxuyuan <zqhxuyuan@gmail.com>
@github-actions
Copy link

github-actions bot commented Apr 6, 2023
edited
Loading

⚠️ Congestion test: 1-day congestion cost (calamari) is NOT above target_daily_congestion_cost_kma

Dengjianping
Dengjianping previously approved these changes Apr 6, 2023
View reviewed changes
ferrell-code
ferrell-code previously approved these changes Apr 6, 2023
View reviewed changes
Copy link
Contributor

@ferrell-code ferrell-code left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose it is more of a product decision whether we should accept any chain_id. This is fine on runtime side

@zqhxuyuan
fix benchmark
f8cb928 
Signed-off-by: zqhxuyuan <zqhxuyuan@gmail.com>
@zqhxuyuan zqhxuyuan dismissed stale reviews from ferrell-code and Dengjianping via f8cb928 April 6, 2023 16:40
@Garandor
Copy link
Contributor

Garandor commented Apr 6, 2023
edited
Loading

The BAB owner generates a ZKP, signs it from his BSC account and makes an SBT.
Now he gives the ZKP to a friend, who signs it from his ETH account and gets the same SBT (e.g. by manually calling the backend if the frontend doesn't allow him to).
prevented by the eip712 signature, so attacker must hold the corresponding private key

or

a fake frontend tricks the BAB owner into generating the ZKP and then provides a signature from some fake chain ID where the attacker controls the BAB owner's public address to steal the minted SBT from its owner.
You can add custom networks to metamask, so creating a fake chain like that which will provide a valid signature shouldn't be hard
Or even better, a fake chain that just send true on any signing request for any account.
prevented by it having to be a valid eip712 signature, so attacker must hold the corresponding private key

What makes this impossible?

maybe remove the admin setting, and only accept chain id as parameters, that will not cause any confuse?

i like this. the chain_info.chainid setting is meaningless in this case. just make the parameter non-Option

@Garandor Garandor merged commit 34b9459 into manta Apr 6, 2023
@Garandor Garandor deleted the eth_chainid branch April 6, 2023 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Garandor Garandor Garandor approved these changes

@ferrell-code ferrell-code ferrell-code approved these changes

@Dengjianping Dengjianping Dengjianping left review comments

@ghzlatarev ghzlatarev Awaiting requested review from ghzlatarev

Assignees
No one assigned
Labels
A-calamari Area: Issues and PRs related to the Calamari Runtime C-enhancement Category: An issue proposing an enhancement or a PR with one L-fixed Log: Issues and PRs related to bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@zqhxuyuan @Garandor @Dengjianping @ghzlatarev @ferrell-code