Info

Download ZIP (10.4 KB)

Testing and Issues

You can test this entry and submit issues during the testing period of the Blockchain Contest contest.

Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.

Voting

26
by rating

Issues

Magic Python Nov 4, 2019 at 10:51
plus:
A nice beaver(?).
Good speed (0.064G for a transfer with n=16, k=10)
All required features are implemented.
It is possible to add a signature to order without modifying seqno.

minus:
No signatures are verified before accept_message().
Slow initialization (all signatures are verified).

UPD: Sorry, my original note was "Hash does not protect seqno, BUT in a manner that would not allow message replay." Removed the "but" by accident.
11
Gentle Gnat Nov 4, 2019 at 14:12
Hello! Thank you for the review! 
Yep, that’s a mascot beaver! :) Additional thanks for appreciation.

Could you please explain what do you mean about seqno? (first minus item)
Every message has a seqno as part of the message that is hashed and signed. On receive seqno is checked: 
1. If it's greater than stored one then throw is called
2. If it’s less than stored then contract tries to find partially signed order in storage process it. If message doesn’t have any new signatures (not stored for this order already) then throw is called. 
3. If it’s equal to the stored one then order is order is processed and stored seqno is incremented.

So as I think that resending a message won’t produce new transaction - it would either fall because order is already executed or because it doesn’t have any new signatures.
As I see accept_message() is called before any signature check
Gentle Gnat Oct 17, 2019 at 21:51
Yes, you're right 🙂 I thought about this last day.
The right thing would calling accept_message only if the first signature is correct or reject message otherwise. Later in the signature checking loop contract should persist valid signatures, but immediately reject the message when invalid signature encountered.
You have to sign the list of signatures then too. Otherwise I can send a copy of your message along with a list of garbage signatures forcing you to check them too.
Gentle Gnat Oct 19, 2019 at 16:26
Hello!
Solution that I mentioned in previous post will be sufficient to protect against these type of attack without additional signing. All valid signatures will be persisted in storage first and if later contract encounter already existing signature the message will be rejected before accept_message()
Nobody added any issues yet...