Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Missing length check when parsing SignatureShareRequest #1166

Open
1 task
djordon opened this issue Dec 18, 2024 · 0 comments
Open
1 task

[Bug]: Missing length check when parsing SignatureShareRequest #1166

djordon opened this issue Dec 18, 2024 · 0 comments
Assignees
@xoloki
Labels
bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer communication Communication across sBTC bootstrap signers.
Milestone
sBTC: Key rotation

Comments

@djordon
Copy link
Contributor

djordon commented Dec 18, 2024

Bug - Missing length check when parsing SignatureShareRequest

1. Description

We do not check the length of the contents of SignatureShareRequests. This can lead to resource exhaustion of the signer, since a malicious coordinator can jam up the system by broadcasting signature share requests with lots of junk. What's more, going through the SignatureShareRequest takes a lot more time than generating the request itself, so doing basic validation is crucial here.

1.1 Context & Purpose

We do not want to make it easy for a malicious signer to lock the protocol. Doing basic validation on the request is necessary to ensure that an attacker cannot compromise the protocol.

2. Technical Details:

There is a ticket for this in WSTS at Trust-Machines/wsts#108. The fix in this repo is to update to use it.

2.1 Acceptance Criteria:

  • A malicious signer cannot exhaust other signer resources by sending bad SignatureShareRequest messages.

3. Related Issues and Pull Requests (optional):
@djordon djordon added bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer communication Communication across sBTC bootstrap signers. labels Dec 18, 2024
@github-project-automation github-project-automation bot moved this to Needs Triage in sBTC Dec 18, 2024
@djordon djordon moved this from Needs Triage to In Progress in sBTC Dec 18, 2024
@djordon djordon moved this from In Progress to Todo in sBTC Dec 18, 2024
@djordon djordon added this to the sBTC: Release polish milestone Dec 18, 2024
@djordon djordon moved this from Todo to In Review in sBTC Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xoloki xoloki

Labels
bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer communication Communication across sBTC bootstrap signers.
Projects
sBTC
Status: In Review
Milestone
sBTC: Key rotation
Development

No branches or pull requests
2 participants
@xoloki @djordon