Open thec00n opened 4 years ago
On the other hand, due to our sadly despot tx bytes not unique issue, the exitId relies on utxoPos
for deposit tx while not needed for normal tx. In other words, for normal tx we can ask user to pass in utxoPos but it will be useless. This create another attacking surface as well.
Issue Type
Current Behavior
Currently when challenging a standard exit it is required to pass in an exit id. This increases attack surface on the challenge standard exit function as malicious users can pass in arbitrary exit ids to the function that do not relate to the exiting tx.
https://github.com/omisego/plasma-contracts/blob/7c3f79631ec0657b96cdd2077b0f52b2ec292261/plasma_framework/contracts/src/exits/payment/controllers/PaymentChallengeStandardExit.sol#L84.
Expected Behavior
Generate the exit id based on the exiting tx with
getStandardExitId
and remove the exit id as a function parameter.