Closed vaibhavchellani closed 3 years ago
Lets also add a rollup ID, i am concerned that if we use the same account tree for multiple optimistic rollups that transactions on one opru and be replayed on another.
Do you think using rollup contract address instead of chainID + rollupID would make it?
I think the relay attack between different oprus is resolved now. We currently have a variable appID
that's the hash of Rollup.sol's contract address. In signature verification, appID will be passed as the domain when we hash the message to the curve point. So that if you relay a tx with it's signature from opru A to another opru B, the signature check fails at opru B, thus the attack is prevented.
To prevent relay attacks we need to add chainID to the transaction