Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use consecutive tx.nonce, like counter #1502

Closed
Tommo-L opened this issue Mar 23, 2020 · 14 comments
Closed

Use consecutive tx.nonce, like counter #1502

Tommo-L opened this issue Mar 23, 2020 · 14 comments
Labels
Discussion Initial issue state - proposed but not yet accepted

Comments

@Tommo-L
Copy link
Contributor

Tommo-L commented Mar 23, 2020

Summary or problem description
In Neo3, we haven't used consecutive nonce, may lead to two problems:

  • Non-deterministic Transactions Order
    When sending multiple simultaneous transactions, a user cannot order their transactions in a
    deterministic way and this is important in many cases.

  • Replay Attack
    Due to the Nonce' lack of control an attacker can request a transaction from a user to do a payment, in a webstore for example, and carry out a Sybil Attack, restricting transaction broadcast over the network.
    The user when seeing that the payment has not been made (not included in a block), could repeat the payment (currently, generating a new random nonce).
    The attacker can capture all these transactions, even if the sum of them exceeds the balance of the user's wallet, and distribute them arbitrarily when the wallet has more balance. Subtracting more funds than the user initially wanted to send.

Do you have any solution you want to propose?

  • Implement a consecutive Nonce and store it on the blockchain, by address.
  • Wallets must also store the current Nonce, increasing security.
  • Only transactions with higher nonce than current one (without gaps) should be
    accepted.
  • The Memory Pool must accept transactions with the same nonce and update the
    pool with the transaction with more gas.
  • Check the behavior of ETH Transaction Nonce 2

Neo Version

  • Neo 3

Where in the software does this update applies to?

  • Transaction
  • Ledger
  • Wallets

original posted by @Red4Sec

@Tommo-L Tommo-L added the Discussion Initial issue state - proposed but not yet accepted label Mar 23, 2020
@erikzhang
Copy link
Member

erikzhang commented Mar 23, 2020

private uint validUntilBlock;

You can use ValidUntilBlock to prevent the replay attacks.

@erikzhang
Copy link
Member

Non-deterministic Transactions Order
When sending multiple simultaneous transactions, a user cannot order their transactions in a
deterministic way

I think this is not a problem. Consecutive nonce will lead to other problems.

@Tommo-L
Copy link
Contributor Author

Tommo-L commented Mar 23, 2020

Consecutive nonce will lead to other problems.

It's true, and it may cause some synchronization problems.

But the good thing is, we have deterministic transaction order, and the possibility to cancel /speed up transaction.

@erikzhang
Copy link
Member

If you want to cancel a transaction, you should use ValidUntilBlock.

@Tommo-L
Copy link
Contributor Author

Tommo-L commented Mar 23, 2020

I mean we have the possibility of canceling transactions that have not yet expired.

@erikzhang
Copy link
Member

You can set ValidUntilBlock to a small value, such as 10 blocks.

@shargon
Copy link
Member

shargon commented Mar 23, 2020

  • With ValidUntilBlock you can't send a transaction with more gas in order to revert the previous one.
  • With ValidUntilBlock you can't ensure the order of Transactions. If we send A,B,C sometimes we need to ensure that the received order it's A,B,C.

Due to the Nonces' lack of control an attacker can request a transaction from a user to do a payment, in a webstore for example, and carry out a Sybil Attack, restricting transaction broadcast over the network.

The user when seeing that the payment has not been made (not included in a block), could repeat the payment (currently, generating a new random nonce).

The attacker can capture all these transactions, even if the sum of them exceeds the balance of the user's wallet, and distribute them arbitrarily when the wallet has more balance. Subtracting more funds than the user initially wanted to send.

image

@shargon
Copy link
Member

shargon commented Mar 26, 2020

If nonce it's only used for alter the hash of the tx, we can remove the nonce and fill the last script's opcodes with random values RETURN 0x0a0b0c

But our recomendation is to follow the nonce according to this page

https://github.com/ethereumbook/ethereumbook/blob/f85c5d334b33db9773c09b3f0fa3cd2994a7291a/06transactions.asciidoc#the-transaction-nonce

@erikzhang
Copy link
Member

With ValidUntilBlock you can't send a transaction with more gas in order to revert the previous one.

NEO network generate block every 15 seconds, so I don't think that you have a chance to send another transaction with more gas to revert the previous one.

With ValidUntilBlock you can't ensure the order of Transactions. If we send A,B,C sometimes we need to ensure that the received order it's A,B,C.

I can't see a scenario.

The user when seeing that the payment has not been made (not included in a block), could repeat the payment (currently, generating a new random nonce).

You need to wait for the blocks exceeding the ValidUntilBlock to send another transaction. Then you are safe.

@roman-khimov
Copy link
Contributor

roman-khimov commented Apr 9, 2020

Non-deterministic Transactions Order

What if we're to add DependsOn attribute? It's almost like oracle request-response dependency, but completely controlled by the user, so if he cares about particular order he will set dependencies accordingly.

Replay Attack

What if we're to add ConflictsWith attribute that will explicitly declare that this transaction is invalid if the other one is already in the pool or chain?

And these are gonna be attributes, so completely optional and only used for particular problems.

@igormcoelho
Copy link
Contributor

igormcoelho commented Nov 11, 2020

If user has Solid States NEP on its wallet, this will never happen 😂
neo-project/proposals#97

On Neo2 this is easily doable, but for Neo3, it makes transactions stateful again...
If we are to expand protection to assets, which is one of the most important applications, I still prefer some explicit operation, rather than nonce linking, that affects other things too.

@Qiao-Jin
Copy link
Contributor

24h's ValidUntilBlock increment might be still too long to prevent an attack. Unless we urge every one must not resend 24 hours after a "failed" transaction, but I doubt whether this is practical.

@erikzhang
Copy link
Member

24h is a maximum value. You can also set 5 minutes.

@Qiao-Jin
Copy link
Contributor

24h is a maximum value. You can also set 5 minutes.

Should we enable setting this value in neo-node?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Discussion Initial issue state - proposed but not yet accepted
Projects
None yet
Development

No branches or pull requests

6 participants