[Backport] Add coinbase transaction proof to SPV proof #770
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Here we cover the `BitcoinTx.validateProof` function with a test scenario that checks gas consumed during validation of long SPV proofs. This will help assessing the cost impact of the additional coinbase checks. (cherry picked from commit a8f3b44)
An unusual but valid 64-byte Bitcoin transaction can be used to produce SPV proofs for different, invalid transactions by treating the transaction as another node in the merkle tree of the fraudulent transaction's proof. This exploit can be prevented by checking that the merkle proof of the coinbase transaction has the same length as the proof of the transaction of interest. All transactions in a valid Bitcoin block are on the same level of the merkle tree, and it is prohibitively difficult to produce a hash preimage that matches the first 32 bytes of a valid coinbase transaction. Thus, if such a preimage can be provided, we can trust that the merkle tree of the coinbase transaction is legitimate, and that the transaction of interest is valid because it is on the same level of the tree as the coinbase transaction. (cherry picked from commit cfdd0b9)
The SPV proof verifier requires coinbase's preimage and merkle proof from now on. Here we enrich existing test vectors with this information to make existing unit test working again. (cherry picked from commit 381adb9)
The gas cost of `submit*Proof` functions went up due to the recent changes made in the SPV proof verifier. This has an impact on the reimbursement values as gas offsets are no longer accurate. Here we adjust them to fit into the unit test boundaries again. Values were determined by trial and error. (cherry picked from commit b31abfc)
Here we extend existing unit tests by adding additional assertions stressing the new coinbase checks added to the SPV proof verifier. (cherry picked from commit 742cce3)
The SPV proof verifier requires coinbase's data from now on. Here we adjust existing integration tests to that requirement. (cherry picked from commit 664b434)
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7540322442 check. |
tomaszslabon
approved these changes
Jan 16, 2024
tomaszslabon
merged commit 20a6fb1
into
releases/mainnet/solidity/v1.5.2
36 of 38 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refs: #769
This pull request backports changes developed as part of GHSA-wg2x-rv86-mmpx to the
releases/mainnet/solidity/v1.5.2branch corresponding to thesolidity/v1.5.2release.Release
solidity/v1.5.2is a patch branched off from the currently deployedsolidity/v1.5.1version. Versionsolidity/v1.5.2could not be branched off directly frommainbecausemaincontains some features that are not ready for release yet (e.g. removedWalletCoordinator, added deposits with extra data). Those features will be released assolidity/v1.6.0when the time comes.