Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ZKS-08][HackerOne-2289066] Make leader election tamper resistant #2378

Merged
merged 2 commits into from Mar 8, 2024
Merged

[ZKS-08][HackerOne-2289066] Make leader election tamper resistant #2378

merged 2 commits into from Mar 8, 2024

Conversation

raychu86
Copy link
Contributor

@raychu86 raychu86 commented Mar 3, 2024
edited

Motivation

This PR updates the leader election algorithm to be tamper resistant by removing mutable fields (starting_round and total_stake) from the seed and changing the committee sorting to be based on the address x-coordinate.

Leader election will now be more predictable (if the committee sets do not change), but should no longer be able to be manipulated by changing stake via bond/unbonds.

Discussion can be found here: AleoHQ/snarkOS#2986 (comment)

Test Plan

The current tests indicate that this approach is still stake weighted properly.

Audit Finding: [zksecurity 08] Potentially Biased Leader Election

@raychu86 raychu86 mentioned this pull request Mar 3, 2024
Closed
@raychu86
Copy link
Contributor Author

raychu86 commented Mar 3, 2024

@randomsleep This should address the leader manipulation concerns you mentioned. Let us know if you do not believe this is the case.

randomsleep
randomsleep approved these changes Mar 4, 2024
View reviewed changes
Copy link
Contributor

@randomsleep randomsleep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@howardwu howardwu merged commit eba8b44 into mainnet-staging Mar 8, 2024
78 checks passed
@howardwu howardwu deleted the tamper-resistant-leader-selection branch March 8, 2024 17:14
@howardwu howardwu mentioned this pull request Mar 10, 2024
Draft
@raychu86 raychu86 changed the title [HackerOne-2289066] Make leader election tamper resistant [ZKS-08][HackerOne-2289066] Make leader election tamper resistant Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@howardwu howardwu howardwu approved these changes

@randomsleep randomsleep randomsleep approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@raychu86 @howardwu @randomsleep