Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: potential attack risks in storage module #114

Merged
merged 3 commits into from
Mar 17, 2023
Merged

fix: potential attack risks in storage module #114

merged 3 commits into from
Mar 17, 2023

Conversation

fynnss
Copy link
Contributor

@fynnss fynnss commented Mar 16, 2023

Description

Fix potential attack risks in storage module

Rationale

After SecondarySP stores redundant data, it needs to hand over the signature to PrimarySP, and PrimarySP sends SealObject to the chain. The chain checks SecondarySP's signature to confirm that it has received the data sent by PrimarySP and stored it completely.

Previously, the only fields that SecondarySP signed were the SP address and checksum. When two objects with the same content were uploaded, PrimarySP could act maliciously by not sending the data to SecondarySP, and instead use the signature of the previous object to complete the seal action of the object and then instruct them to challenge SecondarySP to lower the quality of their service and profit from it.

Example

NA

Changes

Notable changes:

  • fix bug

@fynnss fynnss mentioned this pull request Mar 17, 2023
Merged
@fynnss fynnss closed this Mar 17, 2023
@fynnss fynnss reopened this Mar 17, 2023
@fynnss fynnss force-pushed the fynn/fix_potential_attack_risks_in_storage_module branch from 65eee0a to 5d30dd6 Compare March 17, 2023 05:57
@fynnss fynnss force-pushed the fynn/fix_potential_attack_risks_in_storage_module branch from 20161ff to ffef26d Compare March 17, 2023 06:08
will-2012
will-2012 reviewed Mar 17, 2023
View reviewed changes
Copy link

@will-2012 will-2012 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fynnss fynnss added the r4r label Mar 17, 2023
@fynnss fynnss merged commit 2f6792d into develop Mar 17, 2023
This was referenced Mar 17, 2023
Closed
Closed
Merged
This was referenced Mar 17, 2023
Merged
Merged
@unclezoro unclezoro deleted the fynn/fix_potential_attack_risks_in_storage_module branch April 18, 2023 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@will-2012 will-2012 will-2012 left review comments

@j75689 j75689 j75689 approved these changes

@joeylichang joeylichang joeylichang approved these changes

@unclezoro unclezoro Awaiting requested review from unclezoro

@owen-reorg owen-reorg Awaiting requested review from owen-reorg

Assignees
No one assigned
Labels
r4r
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fynnss @joeylichang @j75689 @will-2012