-
Notifications
You must be signed in to change notification settings - Fork 649
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insufficient htlc_extend_operation validation #1696
Comments
Related, the fee_payer for that operation: bitshares-core/libraries/chain/include/graphene/chain/protocol/htlc.hpp Lines 168 to 169 in 11432f3
with no check if the The question is whether this is a bug or a feature. |
This is clearly a bug. BSIP-44 specifies checks on both update_issuer and time:
How the hell did we miss that? |
By the way, the bitshares-core/libraries/chain/htlc_evaluator.cpp Lines 100 to 121 in 11432f3
An issue related to this is: bitshares-core/libraries/chain/db_notify.cpp Lines 265 to 272 in 11432f3
which means the real |
As for htlc_redeem: I cannot think of a scenario where it would be advantageous to allow someone else to execute an HTLC. I think we should validate that the redeemer is the "from". If someone can think of a scenario, then we can conditionally add "to" to the _impacted collection. I do not feel this redeem issue is urgent. I await the opinions of others. |
@jmjatlanta in the scenario: A initialized a HTLC to transfer to B, C redeemed, get_account_history of A contains a create and a redeemed, history of B contains only a create, history of C contains only a redeem. It would be a bit strange that B doesn't have a history entry while the balance increased. Actually, if we can prevent another account from redeeming the HTLC, this issue would be gone. That said, we should validate that the redeemer is the "to". |
Done as part of #1699. Please take a look. |
https://github.com/bitshares/bsips/blob/master/bsip-0044.md#redeem specifies that
IMO the correct fix is to include |
I guess we should follow the spec. #1699 updated. |
I agree that it's good to follow the spec. However, it means the history object numbering of new code is different than 3.0.0, thus we need to force everyone to upgrade to avoid potential data mismatching issues (which would be messy). So IMHO under the current situation it's easier and more practicable to apply a more strict rule (can be witness-only) even if |
Fixed by #1699. |
Bug Description
Everyone can extend a HTLC, which means funds inside can be locked forever (although need to pay per-day fee).
bitshares-core/libraries/chain/htlc_evaluator.cpp
Lines 123 to 127 in 11432f3
Theoretically the sender can overflow a HTLC and got refunded (although may need to pay a large per-day fee).
bitshares-core/libraries/chain/htlc_evaluator.cpp
Lines 129 to 136 in 11432f3
Impacts
Describe which portion(s) of BitShares Core may be impacted by this bug. Please tick at least one box.
CORE TEAM TASK LIST
The text was updated successfully, but these errors were encountered: