New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Review before deploying to Frontier #10
base: empty
Are you sure you want to change the base?
Conversation
unfortunately getting very close to 3.1M gas during deploy _height is only 1 more, when using Satoshi's genesis, but only possible for limited testing, so the TODO is removed and still documented in setInitialParent
# - 'txIndex' is the index of the tx within the block | ||
# - 'sibling' are the merkle siblings of tx | ||
def verifyTx(txHash, txIndex, sibling:arr, txBlockHash): | ||
if !self.feePaid(txBlockHash, m_getFeeAmount(txBlockHash), value=msg.value): # in incentive.se |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Calling feePaid
in verifyTx
instead of computeMerkle
allows an attacker to re-implement its own verifyTx
without the fee check, therefore using the full functionality of btcrelay without ever paying a fee to block header relayers.
Above commits have been "merged" to |
Storing headers cost ~2% more, but this is a reasonable tradeoff due to significant 700K gas cost savings during contract deployment and avoids complexities associated with requiring multiple contracts.
fix test_fee.py fourthRec to be tester.a4
Above commits have been "merged" to develop branch |
Latest code for review is https://github.com/ethereum/btcrelay (develop branch), but for now it doesn't offer easy way to make comments in code like this PR. |
For eligibility in bounty program, please check https://blog.ethereum.org/2016/02/17/btc_relay_included_in_bounty_program and the rules on bounty.ethdev.com (for example this pull request is on an old commit, so check that the bug you are submitting hasn't been covered in the Issues or already fixed in https://github.com/ethereum/btcrelay/tree/develop) |
separate out incentives; update README with live testnet info
BTC Relay is deployed on testnet (http://btcrelay.org).
A code/security review/audit is one of the major remaining items to deploy a version to Frontier.
To make it easier for you, the code has been separated.
1st commit has the contracts, start with
btcrelay.se
.2nd has the tests.
Some of the TODO in the code are to ask for your feedback.
For remaining files, see https://github.com/ethereum/btcrelay
Please review and I'll be happy to acknowledge your contributions.
Thanks!