Skip to content
This repository has been archived by the owner on Jan 22, 2025. It is now read-only.

No longer allow unauthorized keys to witness transactions #1550

Merged
merged 2 commits into from
Oct 19, 2018
Merged

No longer allow unauthorized keys to witness transactions #1550

merged 2 commits into from
Oct 19, 2018

Conversation

garious
Copy link
Contributor

@garious garious commented Oct 19, 2018

Before this patch, an attacker could point Budget instructions to unsigned keys, and authorize a transaction from an unauthorized party. This patch adds a new signed_key method to Transaction that allows programs to lookup only signed keys. Currently, that implies key zero, but once signature: Signature becomes Vec<Signature>, the method will allow a program to safely use any key in that vector.

@garious
Add method to lookup signed keys
5aaa749
@garious
Ensure witness and timestamp keys are signed
b828740 
Before this patch, an attacker could point Budget instructions to
unsigned keys, and authorize a transaction from an unauthorized
party.
@garious garious added this to the v0.10 Pillbox milestone Oct 19, 2018
aeyakovenko
aeyakovenko approved these changes Oct 19, 2018
View reviewed changes
Copy link
Member

@aeyakovenko aeyakovenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think system move need a similar check

@garious
Copy link
Contributor Author

garious commented Oct 19, 2018

Yes, when you implement this #1551, that new code should call signed_key, not key. Please make sure to add a test for that.

@garious garious merged commit 26b99d3 into solana-labs:master Oct 19, 2018
@adamlaska adamlaska mentioned this pull request Jul 31, 2022
Closed
@Kashuhackerone Kashuhackerone mentioned this pull request Jul 31, 2022
Open
@Muqingluan Muqingluan mentioned this pull request Aug 1, 2022
Open
behzadnouri pushed a commit to behzadnouri/solana that referenced this pull request Jun 4, 2024
@samkim-crypto
[zk-sdk] Re-export grouped ciphertext validity proof data and context (
d11dd82 
…solana-labs#1550)

re-export grouped ciphertext validity proof data and context
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@aeyakovenko aeyakovenko aeyakovenko approved these changes

@mvines mvines mvines approved these changes

@sakridge sakridge Awaiting requested review from sakridge

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.10 Pillbox
Development

Successfully merging this pull request may close these issues.
3 participants
@garious @aeyakovenko @mvines