search

anoma / namada

Rust implementation of Namada, a Proof-of-Stake L1 for interchain asset-agnostic privacy
https://namada.net
GNU General Public License v3.0
2.39k stars 948 forks source link

Malleable MASP Witness Data #3440

Closed murisi closed 1 month ago

murisi commented 3 months ago

The MaspTx section is identified by the TxId digest described https://zips.z.cash/zip-0244#txid-digest . This is problematic because the TxId digest does not cover witness data like zero-knowledge proofs, authorization signatures, and binding signatures meaning that those entries are malleable. We should probably hash MASP Transaction serialization bytes when trying to prevent tampering and the TxId digest to facilitate hardware wallet signing.

cwgoes commented 3 months ago

Good catch. I agree, we need to commit to this data. We should have no malleable data in transactions at all, really, not that I can think of at least.

cwgoes commented 1 month ago

@murisi This has since been fixed, right?

@grarco Could you check this quickly?

grarco commented 1 month ago

Closed by #3463