slavamirovsky
commented
5 years ago Thanks for sharing @paulperegud . Let's brainstorm on it. FYI @whoisjeremylam @kasima @boolafish
Open paulperegud opened 5 years ago
slavamirovsky
commented
5 years ago Thanks for sharing @paulperegud . Let's brainstorm on it. FYI @whoisjeremylam @kasima @boolafish
boolafish
commented
5 years ago I will note down the implication of this problem, this means we are at best RC without solving this.
boolafish
commented
5 years ago [throw out some idea] Currently we got three possible proof, multi-sig, SGX, zk-snark. Alternative solution is to protect that on confirm sig.
slavamirovsky
commented
5 years ago Thanks for sharing.
I have got an impression SGX thing looks good for now. I would risk going for it during MVP1. This is practically "Plasma level security". Did we get a feedback from this super hacker from Warsaw? (@paulperegud did our friend get back from holidays?)
Last option is the coolest. But do we have some progress on snarks that let us hope for it?
paulperegud
commented
5 years ago @Nikodemek18 yep, here is the result of my meeting with him: https://github.com/omisego/research/issues/95#issuecomment-499614468
boolafish
commented
5 years ago [Pepesza's idea] Potentially use snark to prove the "chained txs" within a block is valid, so you can replace input with output.
paulperegud
commented
5 years ago This trick might work because: 1) venue has quite a lot of time to compute such snark 2) CPU time is cheap, and venue is well motivated to do that
If we will improve the situation and use recursive snarks, everyone (not only venue) will be able to compute a snark that summarizes mapping between inputs of trades and outputs of trades for a whole block.
boolafish
commented
5 years ago We can probably solve this by decreasing challenge period, or just make sure challenge period is, for instance, half of the period of “exitable” waiting period.
By doing so, trader would have enough time to start next exit when data withheld.
boolafish
commented
5 years ago Ok, that only works when not chaining :(
paulperegud
commented
5 years ago We can probably solve this by decreasing challenge period, or just make sure challenge period is, for instance, half of the period of “exitable” waiting period.
I believe that any challenge period specific to role can be exploited by operator impersonating such role. I.e. this does not work in general. MoreVP restriction that some claims can be done only in first period is something else - it's about limits on claims, not on limits on challenges to claims.
boolafish
commented
5 years ago I believe that any challenge period specific to role can be exploited by operator impersonating such role. I.e. this does not work in general
Can you elaborate the reason for this? I am lost on this statement. @paulperegud Or let's sync in our call session.
In case when venue and operator are both hacked.
1) Trader makes a deposit and issues an order. 2) Venue creates a settlement, operator places into block that steals and withholds the block. 3) Trader attempts to exit a deposit. 4) Venue waits for the last moment to challenge the exit with trade settlement transaction. 5) It is too late for trader to exit from settlement outputs, so hacker steals funds on venue related to orders
This attack works for both MVP and MoreVP. Tx state transition proofs do not help here.
Possible solution - since venue holds funds in the name of the trader, instead of cancelling the exit, replace the exit from inputs of settlement with exit from outputs belonging to the trader, while preserving original exit priority.
The issues with this solution are: