Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account required should be checked when skipping signature verification in join_splits #66

Closed
sirasistant opened this issue Jan 18, 2023 · 2 comments
Closed

Account required should be checked when skipping signature verification in join_splits #66

sirasistant opened this issue Jan 18, 2023 · 2 comments
Assignees
@ludamad

Comments

@sirasistant
Copy link
Contributor

The join_split circuit now skips signature verification for merge join_splits since It checks that the spender and total amounts are going to remain the same and that only note aggregation is happening.

However, using the account_required flag an exploiter that has control over an account key but no spending keys could still drain the notes that have account_required to true:

  • Decode the notes using the account key
  • Do regular merge join_splits with them, with a fake signature (since it's going to be skipped) to the same owner BUT creating the output notes as account_required = false
  • Now the attacker can spend the notes with the account key since the output notes are account_required false
@ludamad
Copy link
Collaborator

ludamad commented Jan 18, 2023

Great catch

ludamad pushed a commit that referenced this issue Jan 18, 2023
@ludamad0
fix(join_split): Check account flag. Fixes #66
30f8e62
@ludamad ludamad mentioned this issue Jan 18, 2023
Merged
11 tasks
ludamad pushed a commit that referenced this issue Jan 18, 2023
@ludamad0
fix(join_split): Check account flag. Fixes #66
d79d43d
LeilaWang pushed a commit that referenced this issue Jan 20, 2023
@ludamad @ludamad0
join_split: Require same account flag for 'merge' (#70)
0c5e8e7 
* fix(join_split): Check account flag. Fixes #66

* fix(constants): redo verification keys

Co-authored-by: ludamad <adam@aztecprotocol.com>
@LeilaWang
Copy link
Contributor

Closed by #70

dbanks12 pushed a commit that referenced this issue Jan 24, 2023
@ludamad @ludamad0 @dbanks12
join_split: Require same account flag for 'merge' (#70)
dbc39a0 
* fix(join_split): Check account flag. Fixes #66

* fix(constants): redo verification keys

Co-authored-by: ludamad <adam@aztecprotocol.com>
dbanks12 pushed a commit that referenced this issue Jan 24, 2023
@ludamad @ludamad0 @dbanks12
join_split: Require same account flag for 'merge' (#70)
e5e51ba 
* fix(join_split): Check account flag. Fixes #66

* fix(constants): redo verification keys

Co-authored-by: ludamad <adam@aztecprotocol.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ludamad ludamad

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ludamad @sirasistant @LeilaWang