Convex-Dev / convex

Convex Main Repository - Decentralised platform for the Internet of Value
https://convex.world
Other
94 stars 30 forks source link

Key security with Schedule #174

Open mikera opened 3 years ago

mikera commented 3 years ago

Convex provides the facility for a "schedule" of operations to be executed a later time from any Account.

There is a potential security risk, given the ability to rotate keys, that the schedule could be used to attack someone who might mistakenly assume that the current (rotated) key is secure, when in fact the scheduled op was issued earlier by a different (insecure) key.

Probably need to either:

mikera commented 3 years ago

Probable solution: add a timestamp *schedule-start* which defines at what time scheduled operations can begin. This can be cleared to block all scheduled operations.