The istanbul upgrade for ethereum includes EIP1344 which introduces a new assembly chainid opcode allowing a contract to query the chainID of the network it is running on.
We'd need to upgrade to solidity 0.5.12
We should add validation for it to prevent cross-chain replay attacks whereby a message signed off-chain could be re-used on a different chain if the same keys are used.
This can be done by adding a new 32-byte word to the _auxData field for tickets.
We can then add a method that verifies the chain ID
e.g.
which would then be called in requireValidTicketAuxData()
require(
isValidChainID(_auxData),
"ticket chainID is not compatible with the network being used"
);
extra
We currently check the length of _auxData in the getCreationRoundAndBlockHash(_auxData) helper, I would suggest moving this at the top of requireValidTicketAuxData() instead so we don't have to validate the length in the functions called in that body. We'd also have to increase the length check to 96 bytes if we're adding a word.
The istanbul upgrade for ethereum includes EIP1344 which introduces a new assembly
chainidopcode allowing a contract to query the chainID of the network it is running on.We'd need to upgrade to solidity 0.5.12
We should add validation for it to prevent cross-chain replay attacks whereby a message signed off-chain could be re-used on a different chain if the same keys are used.
This can be done by adding a new 32-byte word to the
_auxDatafield for tickets.We can then add a method that verifies the chain ID e.g.
which would then be called in
requireValidTicketAuxData()extra We currently check the length of
_auxDatain thegetCreationRoundAndBlockHash(_auxData)helper, I would suggest moving this at the top ofrequireValidTicketAuxData()instead so we don't have to validate the length in the functions called in that body. We'd also have to increase the length check to 96 bytes if we're adding a word.