Comments (6)
This looks like an issue to me as well. Phrasing the issue in my own words: executions require full verification to avoid malleability attacks. There is a tradeoff between spam reduction (if we abort on partial transaction contents) v.s. censorship resistance (if we abort on the full transaction). The latter seems more important to me.
Fortunately, deployments don't have this particular malleability issue, so a quickfix can be to only call early should_abort_transaction
on deployments, which are most expensive to verify: https://github.com/AleoHQ/snarkVM/pull/2452
I think a similar issue is possible when a malicious validator replaces global_state_root/proof/verifying_keys - given that those are not included in the transaction id calculation: https://github.com/AleoHQ/snarkVM/blob/mainnet/ledger/block/src/transaction/merkle.rs#L138 . This might be intentional design, to enable delegation of proofs while retaining deterministic transaction ids.
from snarkvm.
After additional consideration, we have decided to only partially mitigate this for now and prioritize DoS prevention. Slashing can likely properly mitigate this censorship issue in the future.
from snarkvm.
This looks like an issue to me as well.
from snarkvm.
IIRC we weren't considering any slashing methods; has anything changed since then?
from snarkvm.
IIRC we weren't considering any slashing methods; has anything changed since then?
I view it as likely to be essential to add post-mainnet launch.
from snarkvm.
Doesn't sound like we'd block mainnet for this. Marking as such. Feel free to argue.
from snarkvm.
Related Issues (20)
- [Feature] Adding DB usage metrics to SnarkVM
- [Feature] Add self.address to the Aleo instructions
- [Feature] Better UI for Users HOT 1
- Price in time-intensive finalize scopes HOT 5
- [Bug]rustc version
- [Bug]rusc version
- Optimizations to struct deserialization HOT 1
- [Feature] HOT 1
- [Bug] Aleo variable index array access HOT 1
- [Optimization] Inefficient fetching of `credits.aleo` PKs HOT 2
- Multiple crates missing `repository` field HOT 1
- [Bug] Truncated `ARCHOR_HEIGHT` leads to less `coinbase_reward` than expected HOT 5
- [Bug] No constant `BLOCK_TIME` with Bullshark HOT 6
- bug: incorrect timestamp in explorer HOT 1
- No need to create a credits with microcredits =0 HOT 2
- [Bug] Credits.aleo HOT 6
- When you are going build with rust on Linux HOT 5
- [Bug] The delegator may fail to execute unbond_public
- Flaky Tests on CI HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from snarkvm.