search

onflow / flow-go

A fast, secure, and developer-friendly blockchain built to support the next generation of games, apps, and the digital assets that power them.
GNU Affero General Public License v3.0
533 stars 179 forks source link

[SN Permissionless-5] Fix malleability issue #5687

Open franklywatson opened 7 months ago

franklywatson commented 7 months ago

This is affecting our code base broadly, will all implementations of the Entity interface.

Example:

One of the central functions of an ExecutionResult is to commit to the end state of the executed block.

The current implementation gets the end state from (👉 code):

I think at the moment, this might not be a problem, because ExecutionResult.ID serializes the entire execution receipt and then hashes it. However, this is easily broken probably without noticing (see for example the proposal in https://github.com/dapperlabs/flow-go/issues/6864)

For broader discussion of this topic 👉 Technical Product Meeting on March 16, 2023 (recoding)

github-actions[bot] commented 4 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.