Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stacks-signer] Verify messages coming from stackerdb event listener come from expected entities #4731

Closed
jferrant opened this issue Apr 29, 2024 · 1 comment
Closed

[stacks-signer] Verify messages coming from stackerdb event listener come from expected entities #4731

jferrant opened this issue Apr 29, 2024 · 1 comment
Assignees
@jferrant
Labels
3.0-must 3.0 nakamoto
Milestone
Nakamoto Mileston...

Comments

@jferrant
Copy link
Collaborator

Audit: It might be worthwhile to add verification of all received messages that they come either from expected miner pub keys or registered signer pub keys. Stackerdb already does write verification, but to decrease reliance on this verification at the nodee, add message verification earlier. If we want to open the signer to allow accessing some external node later on, this could help prevent something like a man in the middle attack.
@jferrant
Copy link
Collaborator Author

Currently closing for now. Calls to the node are unverified and the returned data concerning the list of elligble writers cannot be trusted unless the node itself is trusted and is in a trusted network. Therefore, introducing further verification checks would have no benefit

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jferrant jferrant

Labels
3.0-must 3.0 nakamoto
Projects
Stacks Core Eng
Archived in project
Milestone
Nakamoto Milestone 0.4 [3.0 Activation]
Development

No branches or pull requests
1 participant
@jferrant