waku-org/nwaku
1
0
Fork 0
mirror of https://github.com/waku-org/nwaku.git synced 2025-01-14 00:46:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(rln): nullifierlog vulnerability (#2855)

Browse Source
This commit is contained in:
Alvaro Revuelta 2024-06-28 09:25:10 +02:00 committed by GitHub
parent 7b97c8003c
commit dad054d6b3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
waku/waku_rln_relay/rln_relay.nim
View File

@ -144,7 +144,7 @@ proc updateLog*(
try: try:
# check if an identical record exists # check if an identical record exists
if rlnPeer.nullifierLog[epoch].hasKeyOrPut(proofMetadata.nullifier, proofMetadata): if rlnPeer.nullifierLog[epoch].hasKeyOrPut(proofMetadata.nullifier, proofMetadata):
# the above condition could be `discarded` but it is kept for clarity, that slashing will # the above condition could be `discarded` but it is kept for clarity, that slashing will
# be implemented here # be implemented here
# TODO: slashing logic # TODO: slashing logic
return ok() return ok()
@ -279,8 +279,10 @@ proc validateMessageAndUpdateLog*(
if proofMetadataRes.isErr(): if proofMetadataRes.isErr():
return MessageValidationResult.Invalid return MessageValidationResult.Invalid
# insert the message to the log (never errors) # insert the message to the log (never errors) only if the
discard rlnPeer.updateLog(msgProof.epoch, proofMetadataRes.get()) # message is valid.
if isValidMessage == MessageValidationResult.Valid:
discard rlnPeer.updateLog(msgProof.epoch, proofMetadataRes.get())
return isValidMessage return isValidMessage
@ -308,22 +310,25 @@ proc appendRLNProof*(
let proof = rlnPeer.groupManager.generateProof(input, epoch, nonce).valueOr: let proof = rlnPeer.groupManager.generateProof(input, epoch, nonce).valueOr:
return err("could not generate rln-v2 proof: " & $error) return err("could not generate rln-v2 proof: " & $error)
msg.proof = proof.encode().buffer msg.proof = proof.encode().buffer
return ok() return ok()
proc clearNullifierLog*(rlnPeer: WakuRlnRelay) = proc clearNullifierLog*(rlnPeer: WakuRlnRelay) =
# clear the first MaxEpochGap epochs of the nullifer log # clear the first MaxEpochGap epochs of the nullifer log
# if more than MaxEpochGap epochs are in the log # if more than MaxEpochGap epochs are in the log
# note: the epochs are ordered ascendingly let currentEpoch = fromEpoch(rlnPeer.getCurrentEpoch())
if rlnPeer.nullifierLog.len().uint <= rlnPeer.rlnMaxEpochGap:
return
let countToClear = rlnPeer.nullifierLog.len().uint - rlnPeer.rlnMaxEpochGap var epochsToRemove: seq[Epoch] = @[]
trace "clearing epochs from the nullifier log", count = countToClear for epoch in rlnPeer.nullifierLog.keys():
let epochsToClear = rlnPeer.nullifierLog.keys().toSeq()[0 ..< countToClear] let epochInt = fromEpoch(epoch)
for epoch in epochsToClear:
rlnPeer.nullifierLog.del(epoch) # clean all epochs that are +- rlnMaxEpochGap from the current epoch
if (currentEpoch+rlnPeer.rlnMaxEpochGap) <= epochInt or epochInt <= (currentEpoch-rlnPeer.rlnMaxEpochGap):
epochsToRemove.add(epoch)
for epochRemove in epochsToRemove:
trace "clearing epochs from the nullifier log", currentEpoch = currentEpoch, cleanedEpoch = fromEpoch(epochRemove)
rlnPeer.nullifierLog.del(epochRemove)
proc generateRlnValidator*( proc generateRlnValidator*(
wakuRlnRelay: WakuRLNRelay, spamHandler = none(SpamHandler) wakuRlnRelay: WakuRLNRelay, spamHandler = none(SpamHandler)