enclaves: light client check #69
Conversation
…ave-light-client-check
This PR basically adds checks to the apps' enclave code to make sure that the input indeed exists on the blockchain (smart contract). This gives us the guarantee that the enclave was run with the correct input and didn't tamper with or (selectively) censor it. We do this by attaching a light client & merkle proof to the enclave request (i.e. the gRPC request sent to the enclave by the host in listen.sh) and verifying that proof in the enclave before processing the input request. And I just realized that I haven't updated the scripts for that. 😅 (probably because there's no listen.sh for mtcs app but I should update the listen.sh script for the transfers app) I propose we get back to this after merging #82 and #96. |
|
Okay lets wait for those 2 to be merged! |
| @@ -39,19 +39,60 @@ REPORT_SIG_FILE="/tmp/${USER}_datareportsig" | |||
| if echo "$CLEAN_MSG" | grep -q 'wasm-transfer'; then | |||
| echo "---------------------------------------------------------" | |||
| echo "... received wasm-transfer event!" | |||
|
|
|||
There was a problem hiding this comment.
This block seems important. Without it, it seems as though the latest request (i.e. the one that triggered this event) is not cleared/processed. I think this has to do with the way wasmd deals with events, i.e. events are sent out before the store is committed so at this point, the latest request is not written to the store and so the query below gives us old state.
I do remember this issue being discussed before but we probably lost it or did something to fix it.
…com:informalsystems/cycles-quartz into hu55a1n1/22-mtcs-enclave-light-client-check
Closes: #22