dusk-network / rusk

The reference Dusk platform implementation and tools
Mozilla Public License 2.0
159 stars 60 forks source link

consensus: Candidate messages do not sign ConsensusHeader #2089

Closed fed-franz closed 1 month ago

fed-franz commented 2 months ago

Summary

The current implementation of signable for Candidate payload only returns the block hash. This leaves room for malleability. While not critical, this should be addressed.

Detailed Description

ConsensusHeader structure includes prev_block_hash, round, and iteration fields. All such info is already included in the block Header structure, making the signature already protecting the candidate's authenticity and integrity. However, the ConsensusHeader could be altered while leaving the message as valid (as the signature would keep being valid). This should be avoided

Possible Solution

There are three possible solutions:

autholykos commented 2 months ago

For the sake of simplicity let's just hash the consensus header