Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix permissionless middleware approving by whitelisting middleware programs in propose. #222

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Fix permissionless middleware approving by whitelisting middleware programs in propose. #222

wants to merge 1 commit into from

Conversation

rado0x54
Copy link
Contributor

PERMISSIONLESS APPROVEEXECUTION INSTRUCTION ALLOWS ATTACKERS TO BLOCK ANOTHER USER'S EXECUTETRANSACTION INSTRUCTION

A permissionless instruction is when anyone on the Solana network can execute a transaction that interacts with the user’s programs. In some cases, permissionless instructions can be harmless depending on the logic of the program in question. In the case of Cryptid, the permissionless ApproveExecution instruction can have negative effects on the functionality of core operations, such as the ExecuteTransaction instruction.

This PR fixes the discovered issue.

@rado0x54 rado0x54 force-pushed the dev-rado0x54/bugfix/FYEO-CRY-02-protect-approve-middleware branch from 6a13438 to c2a64fc Compare February 23, 2023 04:19
@rado0x54
Fixed permissionless middleware approval
8fafeff 
It was discovered that a permission middleware approval process,
while NOT allowing transactions by an unauthorized signer,
would however allow to BLOCK an authorized signer from execution.

This PR introduces a new state variable on transaction account that
whitelists all middleware programs that can approve middleware.

Furthermore, this PR removes a legacy slot parameter.
@rado0x54 rado0x54 force-pushed the dev-rado0x54/bugfix/FYEO-CRY-02-protect-approve-middleware branch from c2a64fc to 8fafeff Compare February 23, 2023 04:24
tbarri
tbarri reviewed Feb 23, 2023
View reviewed changes
programs/cryptid/src/state/transaction_account.rs
/// The slot in which the transaction was proposed
/// This is used to prevent replay attacks
pub slot: u8,
/// The transaction state, to prevent replay attacks
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super minor comment, and for next time.

Furthermore, this PR removes a legacy slot parameter.

This minor change should be in a separate Git commit. We should maintain 1 idea = 1 commit.

If we wanted to rollback either the permission fix or the slot change, we can't because the changes are entangled. I'm certain we won't be doing this - but the point remains. Separate commits = easier code review + easier reverts. For next time! :-)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haha, yes and should I tell you something. It actually was a separate commit, but I applied the squashing to liberal :(. Should have paid a litte more attention.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tbarri tbarri tbarri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rado0x54 @tbarri