Comments (4)
To document our discussion:
Take into consideration the MediatedTransfer and CancelTransfer expiration in the netting contract
Is done and it is using the current block number. The current block number is the correct approach, the alternative is to use the closing block and it is wrong, here is why:
For a transaction using the nodes ABC, where Alice is the initiator, Bob is the only mediator and Charlie is the target, Bob needs the guarantee that if Charlie claims the lock form the BC channel then Bob will also be able to claim from the AB channel.
To achieve that each node has a reveal timeout configuration used as expire(BC.lock) <= expire(AB.lock) - reveal_timeout
, the reveal timeout needs to be sufficient for Bob to learn the secret, call close, and then unlock. If we did use the closing block instead of the current block this doesnt hold.
Let's assume that all three nodes are using the defaults and these are:
settle_timeout = 15
reaveal_timeout = 5
then
expire(AB.lock) == 10
expire(BC.lock) == 5
if the *close block number* is used to check expiration, then:
An attacker that controls A and C:
- Calls BC.close at block 5
- Waits for block 11 and do not close I-M
- AB.unlock(lock) will work in this *example* since the closing block is used to validate the lock
- BC.unlock(lock) will not work in this *example* since the channel is not closed and the lock becomes expired
ie. if we did use the close block number we expand the lifetime of the lock up to settle_timeout blocks, and that is would not be correct.
from raiden.
Expiration is part of the lock and not of the transfers messages, the use of the expiration is to guarantee that a given secret will be released either through the network or the blockchain before a given channel can be settled, so it only needs to be considered for locks in the settlement and there is no need to add a expiration into the DirectTransfer.
from raiden.
Expirations on locks should be compared to closing block instead of current block in order to determine if they're valid or not.
from raiden.
After discussions with @hackaugusto, we agree that this is not a problem, and that the current behaviour is correct.
from raiden.
Related Issues (20)
- Setup topology and prepare test
- Adding Capabilities HOT 2
- Split test logs on CI breaks with some node addresses
- GET `api/v1/notifications` is not idempotent HOT 2
- Turn secret decryption mock into fixture
- Check immutable metadata compatibility with LC HOT 1
- Investigate E2E-interoperability test failure HOT 4
- Switch to EIP-1559 transactions HOT 2
- Eth node version warning about geth 1.10.6
- Use `TokenNetwork.openChannelWithDeposit`
- Investigate CI performance HOT 3
- OSError: [Errno 24] Too many open files HOT 10
- Release 3.0.0
- Python client does not call openChannelWithDeposit function HOT 1
- Create docker images HOT 1
- Ask for a question about meditation fee rules HOT 2
- Endpoint in API to indicate ChainId
- Find solution for dependency management and release process HOT 3
- MatrixSyncMaxTimeoutReached in SP runs
- Extract shared code used by other raiden network components HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from raiden.