Currently, we do not hash the chainId as part of the signable hash for the balance tree. As a result, if we have the same OUTPACE address and channel ID (hash) across two chains, replay attacks are possible
Solution
Hash the chainId together with hashToSign OR as part of the channelId, whichever is cheaper
Timeline
This has to be solved BEFORE we deploy Ambire AdEx to two separate chains
Ivshti
commented
7 months ago
Problem
Currently, we do not hash the chainId as part of the signable hash for the balance tree. As a result, if we have the same OUTPACE address and channel ID (hash) across two chains, replay attacks are possible
Solution
Hash the chainId together with
hashToSignOR as part of the channelId, whichever is cheaperTimeline
This has to be solved BEFORE we deploy Ambire AdEx to two separate chains