Closed ian0371 closed 1 year ago
The provided pseudo code and description only verify the correctness of the randomReveal
value and do not verify the value of mixHash
.
This lack of verification opens up the possibility for an attacker to manipulate the mixHash
value when they become a proposer, for example, setting it to zero. However, even if this attack is feasible, it is unclear how it could be exploited, as the randomReveal
value still acts as a barrier that the attacker cannot bypass. It is possible that there might be another attack vector associated with this gadget, but without further information or analysis, it is difficult to determine. Additional comments or insights on potential attack vectors would be helpful for a more comprehensive understanding.
@hyunsooda Thank you for review. I added the verification logic in pseudocode.
Without mixHash verification, a single malicious proposer can affect every usage of mixHash
in the protocol. For example, an attacker can arbitrarily select a proposer in KIP-146. opRandom based on mixHash would not be a secure random (if we choose to introduce it in Klaytn).
Changes
predictability
and tips for application developers
has been rewritten
KIP-114 is a proposal for signature-based random in block headers. See this PR in markdown Closes #114