Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Correctly handle WSTS nonce issues #1167

Open
1 task
djordon opened this issue Dec 18, 2024 · 0 comments
Open
1 task

[Bug]: Correctly handle WSTS nonce issues #1167

djordon opened this issue Dec 18, 2024 · 0 comments
Assignees
@xoloki
Labels
bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer state model The sBTC bootstrap signer state model.
Milestone
sBTC: Key rotation

Comments

@djordon
Copy link
Collaborator

djordon commented Dec 18, 2024
edited
Loading

Bug - Correctly handle WSTS nonce issues

1. Description

Whenever a signer gets a sign request over a particular message, the signers create a state machine if its for a transaction ID that they have never seen before. This leads to the signer having fresh state with fresh nonces. The issue is that we do this over the incoming transaction ID and not the message itself, leading to the same state machine being reused. When that happens nonces can be replayed leading to various attacks against the protocol.

1.1 Context & Purpose

Reusing the same WSTS state machine can lead to issues down the line due to nonce reuse. This ticket addresses such issues by ensuring the same nonces can't be reused.

2. Technical Details:

When a signer receives a NonceRequest message they should create new nonces.

2.1 Acceptance Criteria:

  • The signers use a new nonce for each input that they are signing

3. Related Issues and Pull Requests (optional):
@djordon djordon added bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer state model The sBTC bootstrap signer state model. labels Dec 18, 2024
@djordon djordon added this to the sBTC: Release polish milestone Dec 18, 2024
@djordon djordon added this to sBTC Dec 18, 2024
@github-project-automation github-project-automation bot moved this to Needs Triage in sBTC Dec 18, 2024
@djordon djordon moved this from Needs Triage to Todo in sBTC Dec 18, 2024
@djordon djordon moved this from Todo to In Review in sBTC Dec 19, 2024
@djordon djordon assigned djordon and xoloki and unassigned xoloki Jan 10, 2025
@djordon djordon moved this from In Review to In Progress in sBTC Jan 10, 2025
@djordon djordon removed their assignment Jan 10, 2025
@djordon djordon moved this from In Progress to In Review in sBTC Jan 10, 2025
@xoloki xoloki mentioned this issue Jan 15, 2025
Draft
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xoloki xoloki

Labels
bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer state model The sBTC bootstrap signer state model.
Projects
sBTC
Status: In Review
Milestone
sBTC: Key rotation
Development

No branches or pull requests
2 participants
@xoloki @djordon