Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add taker check for deposit amount #4860

Merged
merged 1 commit into from
Nov 27, 2020
Merged

Add taker check for deposit amount #4860

merged 1 commit into from
Nov 27, 2020

Conversation

stejbac
Copy link
Contributor

@stejbac stejbac commented Nov 27, 2020
edited
Loading

Make sure the taker checks the value of the 2-of-2 multisig output of the deposit tx created by the maker, before signing it. This avoids a potential security hole, where the maker attempts to steal most of the deposit by using the wrong output value and adding an extra 'change' output to himself.

Note that there's no actual vulnerability at present, as the output value is indirectly checked via the validation of the delayed payout tx. In particular, the extra checks added in 345426f as part of #4789 (Fix remaining blackmail vulnerabilities) place a lower bound on the delayed payout tx input value and with it the deposit tx output value. However, explicitly checking the amount is more robust.

--

This PR is mainly to provide a more robust solution than that already included in the 1.5.0 release.

@stejbac
Add missing output value check to takerSignsDepositTx
d59b425 
Make sure the taker checks the value of the 2-of-2 multisig output of
the deposit tx created by the maker, before signing it. This avoids a
potential security hole, where the maker attempts to steal most of the
deposit by using the wrong output value and adding an extra 'change'
output to himself.

Note that there's no actual vulnerability at present, as the output
value is indirectly checked via the validation of the delayed payout tx.
In particular, the extra checks added in 345426f as part of bisq-network#4789 (Fix
remaining blackmail vulnerabilities) place a lower bound on the delayed
payout tx input value and with it the deposit tx output value. However,
explicitly checking the amount is more robust.
@stejbac stejbac mentioned this pull request Nov 27, 2020
Closed
chimp1984
chimp1984 approved these changes Nov 27, 2020
View reviewed changes
Copy link
Contributor

@chimp1984 chimp1984 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

sqrrm
sqrrm approved these changes Nov 27, 2020
View reviewed changes
Copy link
Member

@sqrrm sqrrm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

@sqrrm sqrrm merged commit cae09f8 into bisq-network:master Nov 27, 2020
@ripcurlx ripcurlx added this to the v1.5.1 milestone Nov 27, 2020
@sqrrm sqrrm mentioned this pull request Dec 28, 2020
Closed
@sqrrm sqrrm mentioned this pull request Jan 27, 2021
Closed
@stejbac stejbac mentioned this pull request Jan 28, 2021
Closed
@sqrrm sqrrm mentioned this pull request Feb 27, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chimp1984 chimp1984 chimp1984 approved these changes

@sqrrm sqrrm sqrrm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.5.2
Development

Successfully merging this pull request may close these issues.
4 participants
@stejbac @sqrrm @chimp1984 @ripcurlx