barryWhiteHat
commented
4 years ago Lets also add a rollup ID, i am concerned that if we use the same account tree for multiple optimistic rollups that transactions on one opru and be replayed on another.
Closed vaibhavchellani closed 3 years ago
barryWhiteHat
commented
4 years ago Lets also add a rollup ID, i am concerned that if we use the same account tree for multiple optimistic rollups that transactions on one opru and be replayed on another.
kilic
commented
4 years ago Do you think using rollup contract address instead of chainID + rollupID would make it?
ChihChengLiang
commented
3 years ago I think the relay attack between different oprus is resolved now. We currently have a variable appID that's the hash of Rollup.sol's contract address. In signature verification, appID will be passed as the domain when we hash the message to the curve point. So that if you relay a tx with it's signature from opru A to another opru B, the signature check fails at opru B, thus the attack is prevented.
To prevent relay attacks we need to add chainID to the transaction