Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not allow relays to have point-at-infinity pubkey #493

Merged
merged 4 commits into from
Apr 19, 2023
Merged

Do not allow relays to have point-at-infinity pubkey #493

merged 4 commits into from
Apr 19, 2023

Conversation

jtraglia
Copy link
Collaborator

@jtraglia jtraglia commented Apr 18, 2023
edited
Loading

📝 Summary

  • Return an error if a relay is configured with the point-at-infinity (all-zero) pubkey.
  • Delete blank lines in test cases (just a nit picky thing I want to fix).
  • Rename a test case for consistency:
    • From: "Invalid relay public key"
    • To: "Relay URL with invalid public key"

⛱ Motivation and Context

@asanso pointed out that if a relay were configured with the point-at-infinity public key, it could essentially bypass signature verification checks when receiving bids. In practice, this isn't a problem. A user would need to configure mev-boost with this and there's already a trusted relationship with relays (i.e., we trust them to only send valid bids/payloads). But I do think it's a good situation to avoid and that's why I'm making this PR.

✅ I have run these commands

  • make lint
  • make test-race
  • go mod tidy

@jtraglia jtraglia requested a review from metachris April 18, 2023 16:31
ralexstokes
ralexstokes previously approved these changes Apr 18, 2023
View reviewed changes
Copy link
Collaborator

@ralexstokes ralexstokes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generally looks good, I like reducing attack surface here, even though I agree this is a bit minor

server/relay_entry.go Outdated Show resolved Hide resolved
@codecov-commenter
Copy link

Codecov Report

Merging #493 (27b0411) into main (7735b00) will increase coverage by 0.14%.
The diff coverage is 100.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main     #493      +/-   ##
==========================================
+ Coverage   68.64%   68.79%   +0.14%     
==========================================
  Files           8        8              
  Lines        1263     1269       +6     
==========================================
+ Hits          867      873       +6     
  Misses        346      346              
  Partials       50       50
Flag Coverage Δ
unittests 68.79% <100.00%> (+0.14%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
server/relay_entry.go 90.00% <100.00%> (+2.50%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@metachris
Copy link
Collaborator

thanks!

@metachris metachris merged commit 9acaf56 into flashbots:main Apr 19, 2023
@jtraglia jtraglia deleted the point-at-infinity-pubkey branch April 19, 2023 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@metachris metachris metachris approved these changes

@ralexstokes ralexstokes ralexstokes left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jtraglia @codecov-commenter @metachris @ralexstokes