Consider whether or not we want to trust the full node by default for post commands #2322
Comments
|
I thought the plan was to do merkle proofs for account querying? You would then have sequence number, account number, etc. |
|
Well - the sender needs to sign the message anyways - so if the signed message doesn't make the sequence number amounts etc. the message would just fail (would fees be deducted however? - I don't think so because we check the signatures before deducting the fees) meh, so I don't see how this is really an issue, the worst a node could do would be not broadcast your transaction |
|
Fees won't be deducted if the sequence number is invalid, so I agree, this does seem like a non-issue as long as your connected to multiple full nodes. |
|
Closing this as the lite client proof system is undergoing a refactor. |
We should explicitly consider this griefing vector though. |
|
What is the griefing vector? Spam? |
Getting the client to sign an invalid transaction by returning the wrong current account nonce or account number. |
|
Yes, but I don't think this issue is the right spot to track that. Going to close. |
|
Where's the best place to track that? |
|
Currently writes default to trust the node and queries default to not trust. Going to go ahead and close this issue. If reopening, please add an actionable item. |
e.g. sending a transaction
I think perhaps not - otherwise a full node could lie about sequence number, account number, etc.
cc @HaoyangLiu
ref https://github.com/cosmos/cosmos-sdk/pull/2210/files#diff-38b4a4a9824366646939d96f3dc02184L65
The text was updated successfully, but these errors were encountered: