namada icon indicating copy to clipboard operation
namada copied to clipboard
verified publisher icon anoma

Malleable MASP Witness Data

Open murisi opened this issue 1 year ago • 1 comments

The MaspTx section is identified by the TxId digest described https://zips.z.cash/zip-0244#txid-digest . This is problematic because the TxId digest does not cover witness data like zero-knowledge proofs, authorization signatures, and binding signatures meaning that those entries are malleable. We should probably hash MASP Transaction serialization bytes when trying to prevent tampering and the TxId digest to facilitate hardware wallet signing.

murisi avatar Jun 25 '24 15:06 murisi

Good catch. I agree, we need to commit to this data. We should have no malleable data in transactions at all, really, not that I can think of at least.

cwgoes avatar Jun 25 '24 16:06 cwgoes

@murisi This has since been fixed, right?

@grarco Could you check this quickly?

cwgoes avatar Aug 20 '24 09:08 cwgoes

Closed by #3463

grarco avatar Aug 20 '24 09:08 grarco