Solo machine header doesn't use the existing diversifier in header updates #1839
Assignees
Labels
Milestone
Comments
9 tasks
|
It is fairly difficult to fix this issue in a non-API breaking way, for now we will not backport the fix unless there is a request to do so |
9 tasks
|
closed by #1860 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary of Bug
I noticed that when doing an update to the solo machine (to change its public key or diversifier), it uses the new diviersifier in the sign bytes. This is incorrect, it should use the current public key/diversifier to verify signature data that contains the new diversifier and new public key. The bug impact is low, the only security consideration would be around accidental misbehaviour (resulting in frozen solo machines), but the accidental misbehaviour would have to be from using a new diversifier on a sequence on which that diversifier is already being used. It is extremely unlikely and hard to even explain when this incident would occur
For Admin Use
The text was updated successfully, but these errors were encountered: