[Feature]: Reject many WSTS messages with incorrect bitcoin chain tips #1176
Labels
breaking-protocol
Breaking protocol changes
sbtc signer binary
The sBTC Bootstrap Signer.
signer communication
Communication across sBTC bootstrap signers.
Milestone
Comments
djordon
added
sbtc signer binary
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature - Reject many WSTS messages with incorrect bitcoin chain tips
1. Description
All sBTC messages include the block hash of the bitcoin chain tip. This information is very useful for preventing replay attacks. The signers currently use it when filtering messages from peers where we care about whether the message is from the coordinator or from a signer with the same bitcoin chain tip. We should probably reject all WSTS messages where the chain tip of the sending signer does not match our view of the bitcoin chain tip.
1.1 Context & Purpose
We already filter messages based off of who the sender is and who the coordinator is. A consequence of this is that if a new bitcoin block arrives in the middle of a signing round or DKG, the signers will usually ignore the messages from the old coordinator, leading to an unsuccessful signing round or failed DKG. I say usually because the new coordinator could be the old coordinator. But regardless, we should not finish our signing rounds because a new block may mean a reorg, affecting lots of stuff. Similarly, for DKG a signer should not accept messages from peers who have a different view of the bitcoin blockchain than they do.
2. Technical Details:
The messages that should be rejected are
DkgBegin,DkgEndBegin,DkgPrivateBegin,NonceRequest, andSignatureShareRequest.2.1 Acceptance Criteria:
DkgBegin,DkgEndBegin,DkgPrivateBegin,NonceRequest, andSignatureShareRequestmessages if the chain tip does not match our own.3. Related Issues and Pull Requests (optional):
This was largely addressed in #578.
The text was updated successfully, but these errors were encountered: