search

yetanotherco / aligned_layer

Aligned is a verification layer for zero-knowledge proofs using EigenLayer. Our mission is to accelerate the adoption of zero-knowledge and validity proofs on Ethereum.
https://alignedlayer.com/
MIT License
146 stars 342 forks source link

fix(aggregator): attack on aggregator race condition censoring a batch #975

Open entropidelic opened 2 months ago

entropidelic commented 2 months ago

Problem

When a BLS signature is responded to the aggregator, there is a batchResponses[operator_id] that is updated. This was done to prevent errors that appear due to some operators responding more than one time.

The problem is that there is no validation of the signature before updating the map, so an invalid SignedTaskResponse will still cause the map to be updated. If an attacker sends many invalid STRs, they could cause the batchResponse map to be set most of the time, so when a valid STR is received, it will likely be ignored as if it had already been received.

Solution A (WIP, doesn't work)

This solution must be done on ProcessOperatorSignedTaskResponseV2

An address of the operator can be found on the SignedTaskResponse

Use the address received in the task we need to call GetOperatorInfo from OperatorsInfoServiceInMemory.

With this we can get the OperatorID and a operatorInfo.

operatorInfo contains Pubkeys, with a PublicKey on G1, and G2. These are two different public keys, one is used in some cases, the other one in others.

Having this information, the following must be enforced

The purpose is to avoid impersonations, it's not necessary to check if the Operator is actually registered and the stakes, so it's simpler than the verification of the BlsService

MauroToscano commented 1 month ago

This issue is on a standby, Eigen has the PR fixing the bug of the double signature, so we can fix it by removing our code to solve this