Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: prevent double spends after upgrades for transfer channels #5646

Closed
wants to merge 2 commits into from
Closed

fix: prevent double spends after upgrades for transfer channels #5646

wants to merge 2 commits into from

Conversation

colin-axner
Copy link
Contributor

Description

Packet receipts are used to check if a packet has already been received on an unordered channel. After an upgrade, it's possible to resubmit a historical proof to allow an attacker to double spend.

A secondary fix will be needed to prevent double spends when upgrading from ordered to unordered. This will be discussed internally tomorrow

The pruning tests need to be cleaned up a little before merge (I didn't update all the tests)
closes: #XXXX

Commit Message / Changelog Entry

type: commit message

see the guidelines for commit messages. (view raw markdown for examples)

Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

  • Targeted PR against the correct branch (see CONTRIBUTING.md).
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the module structure standards and Go style guide.
  • Wrote unit and integration tests.
  • Updated relevant documentation (docs/) or specification (x/<module>/spec/).
  • Added relevant godoc comments.
  • Provide a commit message to be used for the changelog entry in the PR description for review.
  • Re-reviewed Files changed in the Github PR explorer.
  • Review Codecov Report in the comment section below once CI passes.

@colin-axner colin-axner added channel-upgradability Channel upgradability feature audit Feedback from implementation audit priority PRs that need prompt reviews backport-to-v8.1.x labels Jan 17, 2024
@colin-axner colin-axner added this to the 04-channel upgrades RC milestone Jan 17, 2024
@colin-axner colin-axner mentioned this pull request Jan 18, 2024
Merged
9 tasks
@colin-axner
Copy link
Contributor Author

we will go with the solution outlined in #5651

@colin-axner colin-axner deleted the colin/double-spend branch January 18, 2024 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AdityaSripal AdityaSripal Awaiting requested review from AdityaSripal AdityaSripal will be requested when the pull request is marked ready for review AdityaSripal is a code owner

@gjermundgaraba gjermundgaraba Awaiting requested review from gjermundgaraba gjermundgaraba will be requested when the pull request is marked ready for review gjermundgaraba is a code owner

@srdtrk srdtrk Awaiting requested review from srdtrk srdtrk will be requested when the pull request is marked ready for review srdtrk is a code owner

Assignees
No one assigned
Labels
audit Feedback from implementation audit channel-upgradability Channel upgradability feature priority PRs that need prompt reviews
Projects
None yet
Milestone
04-channel upgrades RC
Development

Successfully merging this pull request may close these issues.
1 participant
@colin-axner