Skip to content

signing with nonce #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 4, 2022
Merged

signing with nonce #96

merged 2 commits into from
Jan 4, 2022

Conversation

@akileshtangella
Copy link
Contributor

@akileshtangella akileshtangella commented Jan 3, 2022
edited
Loading

Signing hash(nonce, publicKey)

drewstone
drewstone requested changes Jan 3, 2022
View reviewed changes
Copy link
Contributor

@drewstone drewstone left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make sure to bound more nonce updates for all proposals necessary including this one?

contracts/utils/Governable.sol
function transferOwnershipWithSignature(address newOwner, bytes memory sig) public {
function transferOwnershipWithSignature(address newOwner, uint32 nonce, bytes memory sig) public {
require(refreshNonce < nonce, "Invalid nonce");
require(nonce <= refreshNonce + 1, "Nonce must increment by 1");
Copy link
Contributor

@drewstone drewstone Jan 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to add checks that nonce doesn't increase tremendously (causing overflow attack).

Copy link
Contributor

@drewstone drewstone Jan 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops I had it backwards. This looks good.

@akileshtangella
Copy link
Contributor Author

akileshtangella commented Jan 3, 2022

Can we make sure to hound more nonce updates for all proposals necessary including this one?

What does hound more nonce updates mean? I didn't understand.

@drewstone
Copy link
Contributor

drewstone commented Jan 3, 2022

Bound*

@akileshtangella
Copy link
Contributor Author

akileshtangella commented Jan 3, 2022

Bound*

Ah ok cool.

@drewstone drewstone merged commit 17bf312 into main Jan 4, 2022
@drewstone drewstone deleted the akilesh/refresh-nonce branch November 3, 2022 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drewstone drewstone drewstone approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akileshtangella @drewstone