Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review before deploying to Frontier #10

Open
wants to merge 19 commits into
base: empty
Choose a base branch
from
Open

Review before deploying to Frontier #10

wants to merge 19 commits into from

Conversation

ethers
Copy link
Member

@ethers ethers commented Nov 30, 2015

BTC Relay is deployed on testnet (http://btcrelay.org).
A code/security review/audit is one of the major remaining items to deploy a version to Frontier.

To make it easier for you, the code has been separated.
1st commit has the contracts, start with btcrelay.se.
2nd has the tests.
Some of the TODO in the code are to ask for your feedback.
For remaining files, see https://github.com/ethereum/btcrelay

Please review and I'll be happy to acknowledge your contributions.

Thanks!

@ethers
contracts and README
e3d0619
@ethers
tests
dfa4705
@ethers
info about incentives for relayers
b97511a
@ethers
avoid tx.origin, but getting close to gas limit; remove resolved TODOs
2212e45 
unfortunately getting very close to 3.1M gas during deploy

_height is only 1 more, when using Satoshi's genesis, but only possible
for limited testing, so the TODO is removed and still documented in
setInitialParent
caktux
caktux reviewed Dec 9, 2015
View reviewed changes
btcrelay.se
# - 'txIndex' is the index of the tx within the block
# - 'sibling' are the merkle siblings of tx
def verifyTx(txHash, txIndex, sibling:arr, txBlockHash):
if !self.feePaid(txBlockHash, m_getFeeAmount(txBlockHash), value=msg.value): # in incentive.se
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling feePaid in verifyTx instead of computeMerkle allows an attacker to re-implement its own verifyTx without the fee check, therefore using the full functionality of btcrelay without ever paying a fee to block header relayers.

@ethers
Copy link
Member Author

ethers commented Dec 14, 2015

Above commits have been "merged" to develop branch

@ethers
computeMerkle should return uint
5844c22 
fixes #1
@ethers
event for VerifyTransaction
6a04ba4
@ethers
event for StoreHeader
9476b8e
@ethers
Use loop for flip32Bytes to decrease code size gas cost by over 700K
e028b9d 
Storing headers cost ~2% more, but this is a reasonable tradeoff due
to significant 700K gas cost savings during contract deployment and
avoids complexities associated with requiring multiple contracts.
@ethers
success events for StoreHeader and VerifyTransaction
dacb508
@ethers
event for RelayTransaction
e852e73
@ethers
returnCode is more accurate
3e879d2
@ethers
add fee and event for getBlockHeader
dcb4e7c
@ethers
allow overpayment of fee for block
7d0c02b 
fix test_fee.py fourthRec to be tester.a4
@ethers
Copy link
Member Author

ethers commented Dec 22, 2015

Above commits have been "merged" to develop branch

@ethers
Copy link
Member Author

ethers commented Dec 30, 2015

Latest code for review is https://github.com/ethereum/btcrelay (develop branch), but for now it doesn't offer easy way to make comments in code like this PR.

@ethers
Copy link
Member Author

ethers commented Feb 1, 2016

For eligibility in bounty program, please check https://blog.ethereum.org/2016/02/17/btc_relay_included_in_bounty_program and the rules on bounty.ethdev.com (for example this pull request is on an old commit, so check that the bug you are submitting hasn't been covered in the Issues or already fixed in https://github.com/ethereum/btcrelay/tree/develop)

sandrasong pushed a commit to Consensys/btcrelay that referenced this pull request May 26, 2016
@ethers
Merge pull request ethereum#10 from ethers/tidy
ffb3fda 
separate out incentives; update README with live testnet info
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ethers @caktux @coder5876