Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[high severity] Owner/update of the price #12

Open
deuszx opened this issue Jul 14, 2023 · 1 comment
Open

[high severity] Owner/update of the price #12

deuszx opened this issue Jul 14, 2023 · 1 comment

Comments

@deuszx
Copy link
Collaborator

deuszx commented Jul 14, 2023

Looking at the code, it's clear that only an "owner" or an "updater" can change the state of the Oracle. Access is based on the comparison of caller's public key (account ID).

This means that the design has a single point of failure which can lead to number of problems:

  1. if that key is lost or binary/process/machine that updates the prices goes offline - the Oracle stops updating.
  2. if single key is compromised the Oracle can get updated with wrong prices, cause liquidations or other problems

Do you plan on using a multisignature account here?

@kaythxbye
Copy link
Collaborator

Hey,
this approach is chosen for flexibility, and the sender wallet can either be hosted by us or any customer who wants to self-custody the updater.
With a solution like Gnosis safe (or a simple updater smart contract) this can be extended to a multisig setup if needed.
Also, we are currently testing an approach (on EVM only so far) where our API generates a signature that is also submitted and checked on-chain for validity. In such a model no wallet owner check is needed for the update, as the update itself is signed.
However, this only works for Eth-style addresses at the moment (ECDSA) and we would need to extend the signature scheme for having it work in Aleph Zero as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants