This repository has been archived by the owner on Aug 22, 2019. It is now read-only.
Prevent Repeatedly Exiting UTXO #90
Labels
bug
Something isn't working
enhancement
New feature or request
research
Potential improvement to plasma MVP
Comments
smartcontracts
added
bug
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
References vulnerability found here: https://ethresear.ch/t/plasma-vulnerabiltity-sybil-txs-drained-contract/1654
Transaction must include the confirm signatures for the inputs being spent. If the confirm signatures are only ever sent to the receivers of UTXO's then one can create a chain of "Sybil Transactions" and then exit multiple times.
Additionally, If someone is offline for an extended amount of time and the sender of one of their UTXO's has already successfully exited, nothing currently stops them from simply exiting their invalid UTXO as well.
Proposed changes to fix the vulnerability:
Include confirm signatures of inputs in transaction
Include ability to challenge exit by proving that its input has already successfully exited.
The text was updated successfully, but these errors were encountered: