Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Signers can crash each other with invalid DkgPrivateShares #1162

Open
1 task
djordon opened this issue Dec 18, 2024 · 0 comments · May be fixed by #1224
Open
1 task

[Bug]: Signers can crash each other with invalid DkgPrivateShares #1162

djordon opened this issue Dec 18, 2024 · 0 comments · May be fixed by #1224
Assignees
Labels
bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer communication Communication across sBTC bootstrap signers.

Comments

@djordon
Copy link
Collaborator

djordon commented Dec 18, 2024

Bug - Signers can crash each other with invalid DkgPrivateShares

1. Description

This issue is that a malicious signer can cause other signers to panic by sending them empty DkgPrivateShares objects. This is a bug in WSTS and is tracked there by Trust-Machines/wsts#109.

1.1 Context & Purpose

A malicious signer can construct an empty (or nearly empty) DkgPrivateShares object and broadcast it to other signers. When they receive it they will crash, and their hopes and dreams will crash with it.

2. Technical Details:

The fix here will be on the WSTS side and it is here Trust-Machines/wsts#111. We still need to update the signer crate to use this version, so this ticket tracks that.

2.1 Acceptance Criteria:

  • A signer cannot crash other signers if they broadcast empty DkgPrivateShares.

3. Related Issues and Pull Requests (optional):

Trust-Machines/wsts#109

@djordon djordon added bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer communication Communication across sBTC bootstrap signers. labels Dec 18, 2024
@djordon djordon added this to the sBTC: Release polish milestone Dec 18, 2024
@djordon djordon added this to sBTC Dec 18, 2024
@github-project-automation github-project-automation bot moved this to Needs Triage in sBTC Dec 18, 2024
@djordon djordon changed the title [Bug]: Ensure signers cannot crash each other with invalid DkgPrivateShares [Bug]: Signers can crash each other with invalid DkgPrivateShares Dec 18, 2024
@djordon djordon moved this from Needs Triage to Todo in sBTC Dec 18, 2024
@djordon djordon moved this from Todo to In Progress in sBTC Dec 19, 2024
@xoloki xoloki linked a pull request Jan 15, 2025 that will close this issue
4 tasks
@xoloki xoloki moved this from In Progress to In Review in sBTC Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working sbtc signer binary The sBTC Bootstrap Signer. signer communication Communication across sBTC bootstrap signers.
Projects
Status: In Review
Development

Successfully merging a pull request may close this issue.

2 participants