Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Murisi/masp ibc replay protection using txdata #3406

Merged
merged 9 commits into from
Jul 5, 2024

Conversation

murisi
Copy link
Contributor

@murisi murisi commented Jun 12, 2024

Describe your changes

An attempt to address issue #3300. The approach taken is to include the IBC receiver in the pre-image of shielded Transaction outputs. More specifically, the following changes have been made:

  • The target of outgoing shielded actions is the hash of the IBC receiver (plus a 1 byte tag indicating an IBC recipient)
    • For non-IBC receivers, we just prepend a 1 byte tag to the target Address indicating a non-IBC recipient
  • Modified IBC transactions to use the raw integer representation of amounts rather than the human readable decimal representation. This involved:
    • Modifying the client to be able to derive the denominations of IBC tokens. This is done by essentially looking up the base token corresponding to an IBC token and finding the denomination of that
    • Making the protocol return no denomination for IBC token instead of a zero
    • This was necessary because MASP uses raw amounts, so we need to make sure that MASP-IBC computations utilize the same units
  • Modifying the MASP validity predicate to check MASP transaction inputs and outputs against IBC packets. This involved:
    • Deriving the token Address that corresponds to an transfer PacketData and checking that the transparent inputs and outputs use that
    • Checking that the transparent outputs of a MASP Transaction go to the receiver stated in PacketData in the case of an outgoing shielded action
    • Checking that the transparent inputs of a MASP Transaction are the IBC internal address in the case of a refund or an incoming shielded action

Compared to #3320 this PR extracts the IBC messages from the Tx instead of the IBC events.

Closes #3300

Indicate on which release or other PRs this topic is based on

Namada v0.37.0
Hermes 1.8.2 using this branch for the Namada SDK

Checklist before merging to draft

  • I have added a changelog
  • Git history is in acceptable state

Copy link

codecov bot commented Jun 12, 2024

Codecov Report

Attention: Patch coverage is 2.25564% with 390 lines in your changes missing coverage. Please review.

Project coverage is 53.73%. Comparing base (6dc1612) to head (0ae6f2b).
Report is 177 commits behind head on main.

Files Patch % Lines
crates/namada/src/ledger/native_vp/masp.rs 0.00% 284 Missing ⚠️
crates/core/src/masp.rs 0.00% 41 Missing ⚠️
crates/sdk/src/rpc.rs 0.00% 35 Missing ⚠️
crates/sdk/src/masp.rs 0.00% 9 Missing ⚠️
crates/ibc/src/storage.rs 0.00% 8 Missing ⚠️
crates/vp_env/src/lib.rs 0.00% 7 Missing ⚠️
crates/node/src/bench_utils.rs 0.00% 3 Missing ⚠️
crates/core/src/token.rs 0.00% 1 Missing ⚠️
crates/ibc/src/actions.rs 0.00% 1 Missing ⚠️
crates/sdk/src/tx.rs 0.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3406      +/-   ##
==========================================
- Coverage   53.89%   53.73%   -0.16%     
==========================================
  Files         314      314              
  Lines      105704   105944     +240     
==========================================
- Hits        56968    56931      -37     
- Misses      48736    49013     +277     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@brentstone brentstone merged commit 438a4ab into main Jul 5, 2024
13 of 19 checks passed
@brentstone brentstone deleted the murisi/masp-ibc-replay-protection-using-txdata branch July 5, 2024 21:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Replay Protect Shielded Actions
2 participants