search

SpankChain / general-state-channels

Spankchain PoC implementation of generalized state channels
https://spankchain.com/
GNU Affero General Public License v3.0
156 stars 24 forks source link

counterfactual addresses can be made to point to arbitrary code #1

Closed ldct closed 6 years ago

ldct commented 6 years ago
  1. Alice and Bob agree to be bound by a contract C
  2. deployCTF is called as part of a dispute with arguments _ctfbytes, _state, v, r, s, where the bytecode of C is included in _ctfbytes as well as _state. This creates a contract with bytecode C at counterfactual address A
  3. a third-party attacker calls deployCTF with arguments attackerBytes, _state, v, r, s. Now counterfactual address A points to a contract with code attackerBytes
nginnever commented 6 years ago

Thank you for the issue! Updated the registry in latest commit.

To address this, Alice and Bob now sign a message of the following form:

[address Alice]
[address Bob]
[CTFcode]

deployCTF no longer takes arbitrary bytecode to be deployed along side the sigs, the bytecode is now pulled from the state and the signatures are checked to match those that are in the message so that only CTF bytecode that has been signed off by both parties should be deployed.

Let me know if you find another whole in this logic.