Salt needs to be added to function calls to increase the security of GPACTv2.
The GPACT v2 relies of salted message digests as part of its security. That is, in the call execution tree, there is are message digests called FunctionCallHashes.
FunctionCallData = transaction call data (that is function selector and function data)
FunctionHash = Keccak256(abi.encode(FunctionCallData, Salt))
FunctionCallHash = Keccak256(abi.encodePacked(blockchain id, contract address, FunctionHash)
The code as currently written has FunctionHash = Keccak256(FunctionCallData)
The best way to have the Salt carried around with FunctionCallData is to concatenate it when generating the FunctionCallData, in the sdk. As the Salt is at the end of the call data, it will be ignored by function call processing in the EVM. Having the Salt as part of the FunctionCallData will mean that an extra variable won't need to be passed around. However, when comparing expected and actual function call data, the code will need to ignore the Salt.
The Salt needs to be a standard size. 128 bits will provide adequate security.
Salt needs to be added to function calls to increase the security of GPACTv2.
The GPACT v2 relies of salted message digests as part of its security. That is, in the call execution tree, there is are message digests called FunctionCallHashes.
FunctionCallData = transaction call data (that is function selector and function data) FunctionHash = Keccak256(abi.encode(FunctionCallData, Salt)) FunctionCallHash = Keccak256(abi.encodePacked(blockchain id, contract address, FunctionHash)
The code as currently written has FunctionHash = Keccak256(FunctionCallData)
The best way to have the Salt carried around with FunctionCallData is to concatenate it when generating the FunctionCallData, in the sdk. As the Salt is at the end of the call data, it will be ignored by function call processing in the EVM. Having the Salt as part of the FunctionCallData will mean that an extra variable won't need to be passed around. However, when comparing expected and actual function call data, the code will need to ignore the Salt.
The Salt needs to be a standard size. 128 bits will provide adequate security.