Security issue: insecure dep is used, upgrade to something better

stellar / js-stellar-base

The lowest-level stellar helper library. It consists of classes to read, write, hash, and sign Stellar xdr

https://stellar.github.io/js-stellar-base/

Apache License 2.0

106 stars 138 forks source link

Security issue: insecure dep is used, upgrade to something better #600

Open paulmillr opened 1 year ago

paulmillr commented 1 year ago

You are using tweetnacl, which allows forged signatures.

I suggest to upgrade to noble-curves, which are modern, audited, support ESM+Common.js and a bunch of other stuff. The noble libraries are used all over Ethereum and Solana ecosystems already.

silence48 commented 1 year ago

When you say it allows forged signatures, do you mean it can easily generate forged signatures, or it validates forged signatures? Could you link to a cve or some vulnerability report so i can review this? Thank you.

silence48 commented 1 year ago

It seems to have to do with the verification of the signature using the ed25519 class provided by tweetnacl, referencing your issue in the parent repo was helpful https://github.com/dchest/tweetnacl-js/issues/253 I agree we should probably find a way to negate this.

paulmillr commented 1 year ago

https://github.com/paulmillr/noble-curves fixes this, it's very easy to switch

Shaptic commented 1 year ago

I hope you can understand why someone would hesitate to move a mission-critical security library that has been stable for years to someone promoting their own repository, whose code was audited prior to a 1.0 release.

Notably, this isn't a Stellar issue (the network itself uses libsodium), and tweetnacl.js is a fallback library here, but I'd still like to investigate whether https://github.com/dchest/tweetnacl-js/issues/253 can affect the ecosystem somehow and whether a fork would be a preferred solution to limit generating a new attack surface. The report is deeply appreciated!

paulmillr commented 1 year ago

someone promoting their own repository, whose code was audited prior to a 1.0 release

Yeah, I promote it, and because of the promotion it's been funded by ethereum foundation, optimism, used in many wallets, protonmail, and others.

I don't see any problem with promotion and proper competition. Do you?

paulmillr commented 1 year ago

Also not sure what this means

whose code was audited prior to a 1.0 release

I've released noble-ed25519 in june 2019, 4 years ago. Promoting a new player in the field was hard and time-consuming. The first audit of secp was executed in april 2021, 26 months ago.

Uzlopak commented 1 year ago

It's time to hack stellar.