Block number restriction can be problematic

[om26er]

Currently we don't allow a signature to be older than 5 blocks, this can be problematic and is easy to reproduce.

We just need to create send 5 onboarding requests using different email/username and verify in a FIFO order and we'll be hit by that code path https://github.com/crossbario/xbr-protocol/blob/06b5b9b7e324f783683a071031af59382539c0af/contracts/XBRNetwork.sol#L121

[oberstet]

Ganache (not mainnet stacks like geth) creates a new block for each and every blockchain transaction, so a limit of 5 blocks hits particularily quick.

The average number of transactions per block on ethereum mainnet is much larger:

• https://etherscan.io/chart/blocksize
• https://www.blockchain.com/charts/n-transactions-per-block
• https://bitinfocharts.com/

The average bloc time is ~15s currently https://bitinfocharts.com/comparison/confirmationtime-eth-sma7.html

So 6 hours is ~1440 blocks, which might be a more reasonable value for the limit

[oberstet]

also, this limit should be defined centrally

public constant uint256 XBRTypes.PRESIGNED_TXN_MAX_AGE = 1440;

[oberstet]

^ it should either be a constant, or there should be a maintainer-only setter or XBRNetwork

[oberstet]

fixed in https://github.com/crossbario/xbr-protocol/pull/112

[oberstet]

no, not yet competely fixed: above PR makes this a parameter, but I had to leave it for now at "4", as there is an issue specific to the CI (when the blockchain has only a few blocks at all) ..