mev-commit icon indicating copy to clipboard operation
mev-commit copied to clipboard
Published 1 month ago verified publisher icon primev

Lack of BLS pubkey validation

Open shaspitz opened this issue 1 year ago • 6 comments

Both validators and builders in the mev pipeline are identified by 48 byte BLS pubkey (incompatible w/ normal EOA keypair). Currently we do not fully validate the ownership of a particular BLS pubkey that's passed to the provider registry or validator registry during opt-in. We merely check that the pubkey arg is indeed 48 bytes in length.

We need a well thought out mechanism to validate the ownership of BLS pubkeys for builders and validators. This could involve some form of off-chain validation, or requiring builders and validators to sign over a particular message with their BLS key to then submit their signature onchain.

The oracle could also periodically iterate through opted-in actors and confirm they have an active BLS pubkey with the beacon chain. Non-active keys could be blacklisted or slashed depending on the type of actor.

shaspitz avatar Jul 08 '24 18:07 shaspitz

Note the current solution assumes builders set extradata to a "builder name" string similar to something like: beaverbuild.org (Hex:0x6265617665726275696c642e6f7267). However we could ask builders to change their extradata field to something like a 32 byte hash of their BLS pubkey signature, if it helps in robust BLS pubkey validation

shaspitz avatar Jul 08 '24 18:07 shaspitz

Maybe we can look into adding a precompile on the mev-commit chain for BLS-signature verification.

ckartik avatar Oct 10 '24 16:10 ckartik

You guys can just simply ask a user to sign some data upon registering blsKeys, exactly how it's done on Eth CL. Current implementation is vulnerable to signature rogue attack. https://medium.com/@coolcottontail/rogue-key-attack-in-bls-signature-and-harmony-security-eac1ea2370ee

PS... I wanted to submit this bug via cantina contest, but was busy at that time

Rassska avatar Nov 28 '24 09:11 Rassska

You guys can just simply ask a user to sign some data upon registering blsKeys, exactly how it's done on Eth CL. Current implementation is vulnerable to signature rogue attack. https://medium.com/@coolcottontail/rogue-key-attack-in-bls-signature-and-harmony-security-eac1ea2370ee

PS... I wanted to submit this bug via cantina contest, but was busy at that time

Thanks for the comment here! Users signing to prove bls ownership has been identified as too much friction for opt in to our protocol.

Current solution to our vanilla registry is this function which allows the owner to force withdraw pubkeys if needed

shaspitz avatar Nov 29 '24 22:11 shaspitz

@shaspitz @ckartik I think this one is resolved now?

aloknerurkar avatar Dec 30 '24 13:12 aloknerurkar

Yes on mev-commit chain, but not resolved on L1

shaspitz avatar Dec 30 '24 19:12 shaspitz