Info

Download ZIP (8.8 KB)

Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.

Voting

33

Comments

Multi-signature wallet
Features:
- Creation of new wallet with up to 100 signatures
- Creation of new message
- Exploring of existing message
- Signing an existing message
- Merging the signatures of two messages with the same body
- Creating a new order to sign pending message
Scripts usage is described in README.md
You have not added any comments yet...
by rating

Issues

Magic Python Nov 4, 2019 at 09:31
plus:
Works on our test.
All required features are implemented.

minus:
During out test (n=16, k=10, one transaction),
the smart contract spent 0.24G on initialization and 0.225G on transaction. This is how O(N^2) looks like.
No garbage collection.
It seems that messages which add new signatures to an existing order are not replay protected.
accept_message is called before any signature checks
10
Magic Python Oct 16, 2019 at 11:24
accept_message() is called before any signature has been checked.
7
Inbound message's seq_no is used as a key for pending orders dictionary.
So you will not be able to ever collect more than 1 signature, because seq_no is incremented for each accepted message.
Stylish Snail Oct 22, 2019 at 06:45
The seq_no of msg should be equal to saved one only for new orders. When we sending additional signatures for existing we will use the same seq_no. Before accepting such msg we will check if it is present in pending dict.
At least the code path which enables to send message immediately counts signatures wrong. So you do create bitmap of the keys that were in signature dict that you received. But you also count them, and you don't check for duplicates. Based on that counter you send message without storing it.
> The seq_no of msg should be equal to saved one only for new orders. When we sending additional signatures for existing we will use the same seq_no. Before accepting such msg we will check if it is present in pending dict.

I see, good idea! missed the condition in a seqno check.

Unfortunately, if your contract will be a victim of a replay attack - it will be easy to just replay one signature with same seq_no X times (which will have no effect on number of signatures) to spend all the wallet grams for nothing.
Nobody added any issues yet...