Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent validated transactions and blocks from being sent between peers #1868

Closed
mversic opened this issue Feb 4, 2022 · 1 comment
Closed

Prevent validated transactions and blocks from being sent between peers #1868

mversic opened this issue Feb 4, 2022 · 1 comment
Assignees
@Erigara
Labels
iroha2-dev The re-implementation of a BFT hyperledger in RUST Security This issue asks for improved security

Comments

@mversic
Copy link
Contributor

mversic commented Feb 4, 2022

Transactions and blocks have lifecycles like:
Transaction -> AcceptedTransaction -> ValidTransaction
PendingBlock -> ChainedBlock -> ValidBlock

only Transaction and PendingBlock should be allowed to be sent between peers because invariants that are expected to hold true in later parts of the lifecycle cannot be guaranteed (there can be malicious nodes pretending to have performed validation). This means that transaction/block should traverse it's lifecycle only in the context of one peer

Currently, we do this by developers diligence but it would be better if we were to disable these programs from compiling. If there is a proposal or an idea on how to do this it should be discussed before implementation
@mversic mversic added iroha2-dev The re-implementation of a BFT hyperledger in RUST Security This issue asks for improved security labels Feb 4, 2022
@Arjentix
Copy link
Contributor

So for developer side we can have strongly typed functions.
For security we can allow to deserialize (decode) only PendingBlocks.
I can't see a big problem here

@Erigara Erigara self-assigned this Nov 17, 2022
Erigara added a commit to Erigara/iroha that referenced this issue Nov 18, 2022
@Erigara
[refactor] hyperledger#1868: Prevent validated transactions from bein…
7ab4bca 
…g sent between peers

Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
@Erigara Erigara mentioned this issue Nov 18, 2022
Merged
Erigara added a commit to Erigara/iroha that referenced this issue Nov 22, 2022
@Erigara
[refactor] hyperledger#1868: Prevent validated transactions from bein…
fbda97b 
…g sent between peers

Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit to Erigara/iroha that referenced this issue Nov 22, 2022
@Erigara
[refactor] hyperledger#1868: Prevent validated transactions from bein…
53ca074 
…g sent between peers

Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit to Erigara/iroha that referenced this issue Nov 22, 2022
@Erigara
[refactor] hyperledger#1868: Prevent validated transactions from bein…
628de16 
…g sent between peers

Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit to Erigara/iroha that referenced this issue Nov 23, 2022
@Erigara
[refactor] hyperledger#1868: Prevent validated transactions from bein…
5874a0e 
…g sent between peers

Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit to Erigara/iroha that referenced this issue Nov 23, 2022
@Erigara
[refactor] hyperledger#1868: Prevent validated transactions from bein…
2abcfd4 
…g sent between peers

Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Erigara added a commit that referenced this issue Nov 24, 2022
@Erigara
[refactor] #1868: Prevent validated transactions from being sent betw…
0986a13 
…een peers

Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
@Erigara Erigara closed this as completed Dec 5, 2022
Arjentix pushed a commit to Arjentix/iroha that referenced this issue Dec 14, 2022
@Erigara @Arjentix
[refactor] hyperledger#1868: Prevent validated transactions from bein…
2784c5b 
…g sent between peers

Signed-off-by: Shanin Roman <shanin1000@yandex.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Erigara Erigara

Labels
iroha2-dev The re-implementation of a BFT hyperledger in RUST Security This issue asks for improved security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Arjentix @Erigara @mversic