Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refine IBC parts for masp ibc replay protection #3422

Closed
wants to merge 28 commits into from
Closed

Refine IBC parts for masp ibc replay protection #3422

wants to merge 28 commits into from

Conversation

yito88
Copy link
Member

@yito88 yito88 commented Jun 18, 2024
edited
Loading

Describe your changes

Indicate on which release or other PRs this topic is based on

#3409
Diff: 76fab4c...5c3b3ab

Checklist before merging to draft

  • I have added a changelog
  • Git history is in acceptable state

murisi added 11 commits May 28, 2024 12:29
@yito88 yito88 mentioned this pull request Jun 18, 2024
Merged
2 tasks
@murisi murisi force-pushed the murisi/masp-ibc-replay-protection-using-txdata-on-0.39.0 branch 3 times, most recently from 439e5a9 to fb0ed6f Compare June 19, 2024 11:10
@murisi murisi force-pushed the murisi/masp-ibc-replay-protection-using-txdata-on-0.39.0 branch from fb0ed6f to 0c999bd Compare June 19, 2024 11:26
@yito88 yito88 force-pushed the yuji/murisi/masp-ibc-replay-protection-using-txdata-on-0.39.0 branch from 14fe5d5 to 05c584a Compare June 19, 2024 15:05
@murisi murisi force-pushed the murisi/masp-ibc-replay-protection-using-txdata-on-0.39.0 branch from 4de6577 to 0a5d480 Compare June 20, 2024 16:55
murisi
murisi reviewed Jun 21, 2024
View reviewed changes
crates/namada/src/ledger/native_vp/masp.rs Outdated
// message cannot be found, then ignore this message. Though this check
// is done in the IBC VP, the test is repeated here to avoid making
// assumptions about how the IBC VP interprets the given message.
if self
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we keep this check or have something with similar effect so that we avoid making assumptions about the execution of the IBC VP? See also #3409 (comment) .

murisi
murisi requested changes Jun 21, 2024
View reviewed changes
Copy link
Contributor

@murisi murisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall could the assumptions that the MASP VP makes about the execution of the IBC VP be reduced? See a more precise description of the potentially problematic assumptions here #3409 (comment) .

crates/namada/src/ledger/native_vp/masp.rs Outdated
&packet.chan_id_on_a,
packet.seq_on_a,
);
if !keys_changed.contains(&ack_key) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Putting aside assumptions about the behaviour/judgement of the IBC VP, is there a chance that an IBC packet that has been previously acknowledged in a previous state change could be replayed here successfully and be used to fool the MASP VP into, say, reshielding funds from the packet?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is possible if IBC VP isn't triggered. I'll revert this.

crates/namada/src/ledger/native_vp/masp.rs Outdated
// Mirror how the IBC token is derived in
// gen_ibc_shielded_transfer in the non-refund case
let ibc_denom = self.query_ibc_denom(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussion here: #3409 (comment) . Would the above comment about "mirror"ing still be correct with this change?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed it to check the packet receipt

@yito88 yito88 force-pushed the yuji/murisi/masp-ibc-replay-protection-using-txdata-on-0.39.0 branch from a51f3eb to a942176 Compare June 21, 2024 11:50
@yito88
Copy link
Member Author

yito88 commented Jun 21, 2024

IBC E2E tests run_ledger_ibc_with_hermes and ibc_namada_gaia passed with the updated Hermes

@yito88 yito88 changed the title masp ibc replay protection for nft transfer Refine IBC parts for masp ibc replay protection Jun 24, 2024
@yito88 yito88 marked this pull request as ready for review June 24, 2024 07:41
@murisi murisi requested review from grarco and cwgoes June 24, 2024 09:32
yito88
yito88 commented Jun 24, 2024
View reviewed changes
crates/sdk/src/rpc.rs Outdated
if let Address::Internal(InternalAddress::IbcToken(ibc_token_hash)) =
token
{
extract_base_token(context, ibc_token_hash.clone(), None).await
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no guarantee that the base token of the source chain is the same as that of the destination(this) chain.
We should use zero denomination for all IbcTokens.

@yito88
Copy link
Member Author

yito88 commented Jun 24, 2024

Tested NFT transfers between local Namada and Stargaze testnet.

Stargeze -> Namada tnam -> Stargaze - (Shielding) -> Namada znam1 - (Shielded) -> Namada znam2 - (Unshielding) -> Stargaze

@yito88 yito88 requested a review from murisi June 25, 2024 07:32
@yito88 yito88 mentioned this pull request Jul 1, 2024
Merged
2 tasks
@yito88 yito88 changed the base branch from murisi/masp-ibc-replay-protection-using-txdata-on-0.39.0 to main July 1, 2024 20:56
@codecov Codecov
Copy link

codecov bot commented Jul 1, 2024

Codecov Report

Attention: Patch coverage is 9.62838% with 535 lines in your changes missing coverage. Please review.

Project coverage is 53.74%. Comparing base (879a326) to head (61db5a4).
Report is 4 commits behind head on main.

Files Patch % Lines
crates/namada/src/ledger/native_vp/masp.rs 0.00% 376 Missing ⚠️
crates/ibc/src/trace.rs 41.55% 45 Missing ⚠️
crates/core/src/masp.rs 0.00% 41 Missing ⚠️
crates/ibc/src/lib.rs 0.00% 20 Missing ⚠️
crates/sdk/src/masp.rs 0.00% 10 Missing ⚠️
crates/vp_env/src/lib.rs 0.00% 10 Missing ⚠️
crates/ibc/src/context/common.rs 50.00% 9 Missing ⚠️
crates/ibc/src/storage.rs 0.00% 8 Missing ⚠️
crates/core/src/token.rs 0.00% 5 Missing ⚠️
crates/node/src/bench_utils.rs 0.00% 3 Missing ⚠️
... and 4 more
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3422      +/-   ##
==========================================
- Coverage   53.92%   53.74%   -0.19%     
==========================================
  Files         317      318       +1     
  Lines      107575   107887     +312     
==========================================
- Hits        58011    57980      -31     
- Misses      49564    49907     +343

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@yito88
Copy link
Member Author

yito88 commented Jul 5, 2024

merged with #3444

@yito88 yito88 closed this Jul 5, 2024
@yito88 yito88 deleted the yuji/murisi/masp-ibc-replay-protection-using-txdata-on-0.39.0 branch July 5, 2024 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grarco grarco Awaiting requested review from grarco

@cwgoes cwgoes Awaiting requested review from cwgoes

@murisi murisi Awaiting requested review from murisi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yito88 @murisi