netrome
commented
1 year ago A simple solution to this would be to sign the the txid of the first input to the sBTC transaction in addition to the amount and recipient scriptPubKey in the withdrawal data.
Open netrome opened 1 year ago
netrome
commented
1 year ago A simple solution to this would be to sign the the txid of the first input to the sBTC transaction in addition to the amount and recipient scriptPubKey in the withdrawal data.
stale[bot]
commented
6 months ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
In the current design, anyone could replay a withdrawal request and cause the protocol to withdraw someone else's sBTC. We should not allow this.
Definition of done
The protocol has been updated so that withdrawal payloads are not replayable.