IIP: 11
Title: Prevent replay attack by enabling chainID in IoTeX transaction
Author: Dustin Xie ([email protected])
Status: WIP
Type: Standards Track
Created: 2021-08-17
This document proposed a solution to prevent replay attack on the IoTeX blockchain
A chainID
field is actually reserved in the IoTeX transaction structure, we could activate
this field to mitigate potential replay attack by:
- Use a different chain ID for mainnet and testnet when signing transactions
- Enforce chain ID check at block producing, transaction with chain ID that is different from target network will be rejected
So far the default chainID
= 0, this change will take place in 2 phases:
- A transitional period with a mix of the default and new chain ID, and
transactions with
chainID
= 0 will still be accepted - At next hard-fork, chain ID check enforcement is activated. Only those
transactions with new chain ID can be accepted, any transaction that carries
chainID
= 0 will be rejected
Chain ID for native transaction
Chain ID | Network | Endpoint |
---|---|---|
1 | Mainnet | api.iotex.one:443, api.iotex.one:80 |
2 | Testnet | api.testnet.iotex.one:443, api.testnet.iotex.one:80 |
This change will impact all products and services that involve transaction processing on our mainnet and testnet, including:
- Product/service that use antenna SDK: ioPay desktop/mobile, mimo/iotube, hermes, airdrop/drip
- Product/service that integrates IoTeX into their own SDK: trustwallet
- Crytpo exchanges: they might use our antenna or their own SDK, need to carefully understand each one's situation
- Other components that I may miss
- Implement the chain ID in antenna SDK and iotex-core
- Rollout to testnet, use ioctl to test and verify
- Start transitional phase:
- Rollout to mainnet (with hard-fork disabled)
- Notify all impacted products/service/exchange to upgrade to new antenna SDK
- Verify new transaction does have correct value for chain ID
- Final enabling
- Activate the hard-fork on testnet
- Verify transaction process on testnet still working normally when chain ID check is enforced
- Activate the hard-fork on mainnet
The use of a different chain ID prevents replay attack between IoTeX mainnet and testnet.
On the other hand, the raw hash of IoTeX native tx is computed as the keccak256 hash of the tx's serialized data bytes, that is:
data = tx.Serialize()
h = keccak256(data)
which is different from EIP155 specification, so the same tx will have different raw hash values when signing as native tx vs. signing as RLP-encoded (see here). Hence the proposed solution is also immune to replay attack targeted between the IoTeX and Ethereum blockchain.
Copyright and related rights waived via CC0.