search

onflow / flow-go

A fast, secure, and developer-friendly blockchain built to support the next generation of games, apps, and the digital assets that power them.
GNU Affero General Public License v3.0
534 stars 179 forks source link

[Malleability C] TransactionBody #6719

Closed UlyanaAndrukhiv closed 6 days ago

UlyanaAndrukhiv commented 1 week ago

Problem description

TransactionBody's ID() method makes use of MakeID() function that calls Fingerprint()under the hood to hash data structure. Fingerprint() is implemented on TransactionBody without capturing all necessary fields. The number of usages of this type is huge. We have to fix the Fingerprint() function, review the dependent code and tests, and make sure we did not break anything

https://github.com/onflow/flow-go/blob/edf27b03b6f809ce66cacd607a41b889c12cd2b3/model/flow/transaction.go#L13-L49 https://github.com/onflow/flow-go/blob/edf27b03b6f809ce66cacd607a41b889c12cd2b3/model/flow/transaction.go#L96-L102 https://github.com/onflow/flow-go/blob/edf27b03b6f809ce66cacd607a41b889c12cd2b3/model/flow/transaction.go#L56-L66

Proposed solution

Fix Fingerprint() function so that it covers all fields of a transaction body

illia-malachyn commented 6 days ago

Update: Fingerprint() correctly hashes all the required fields