Git Product home page Git Product logo

Comments (4)

hackaugusto avatar hackaugusto commented on September 7, 2024 1

To document our discussion:

Take into consideration the MediatedTransfer and CancelTransfer expiration in the netting contract

Is done and it is using the current block number. The current block number is the correct approach, the alternative is to use the closing block and it is wrong, here is why:

For a transaction using the nodes ABC, where Alice is the initiator, Bob is the only mediator and Charlie is the target, Bob needs the guarantee that if Charlie claims the lock form the BC channel then Bob will also be able to claim from the AB channel.

To achieve that each node has a reveal timeout configuration used as expire(BC.lock) <= expire(AB.lock) - reveal_timeout, the reveal timeout needs to be sufficient for Bob to learn the secret, call close, and then unlock. If we did use the closing block instead of the current block this doesnt hold.

Let's assume that all three nodes are using the defaults and these are:

settle_timeout = 15
reaveal_timeout = 5

then

expire(AB.lock) == 10
expire(BC.lock) == 5

if the *close block number* is used to check expiration, then:

An attacker that controls A and C:

- Calls BC.close at block 5
- Waits for block 11 and do not close I-M
- AB.unlock(lock) will work in this *example* since the closing block is used to validate the lock
- BC.unlock(lock) will not work in this *example* since the channel is not closed and the lock becomes expired

ie. if we did use the close block number we expand the lifetime of the lock up to settle_timeout blocks, and that is would not be correct.

from raiden.

hackaugusto avatar hackaugusto commented on September 7, 2024

Expiration is part of the lock and not of the transfers messages, the use of the expiration is to guarantee that a given secret will be released either through the network or the blockchain before a given channel can be settled, so it only needs to be considered for locks in the settlement and there is no need to add a expiration into the DirectTransfer.

from raiden.

czepluch avatar czepluch commented on September 7, 2024

Expirations on locks should be compared to closing block instead of current block in order to determine if they're valid or not.

from raiden.

czepluch avatar czepluch commented on September 7, 2024

After discussions with @hackaugusto, we agree that this is not a problem, and that the current behaviour is correct.

from raiden.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.