search

oasisprotocol / sapphire-paratime

Oasis Sapphire - the confidential EVM-compatible ParaTime for the Oasis Network
https://oasisprotocol.org/sapphire
Apache License 2.0
35 stars 26 forks source link

contracts: add gaspad and gasused precompiles #205

Closed CedarMist closed 10 months ago

CedarMist commented 11 months ago

Unfortunately this has different semantics than was initially intended as the initial gas cost for the calldata is added after the transaction is executed.

This means that there will be a 12 gas difference, even after padding, between every NULL and non-NULL byte of the calldata. While this has a very small impact and won't reveal too much sensitive information, it will still reveal some information about the encrypted calldata.

A suggested workaround is to add bytes calldata fuz argument and filling it with one non-zero byte for every zero byte in the other arguments.

matevz commented 10 months ago

I'm considering the threat model of the gas attacks. By using the new gaspad(), an external observer really cannot know how much gas the actual transaction spent. But, by calling gaspad() on an adversarial node, the attacker could see that the call was being made (the attacker knows the location of the gaspad() function inside the sapphire runtime), but he cannot determine how much gas was padded. Am I correct?

CedarMist commented 10 months ago

I'm not sure about the threat model for an adversarial node.