feat(protocol): fix issues in AssignmentHook #15486
Conversation
- add chainId to hashed assignment - prevent replay and then repay of bind in the same assigmenthook array
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
It is not used in this hook, but maybe used in another. |
dantaik
changed the title
| // have increased by the same amount as config.livenessBond (to prevent) | ||
| // multiple draining payments by a malicious proposer nesting the same | ||
| // hook. | ||
| if (tko.balanceOf(address(this)) != tkoBalance + config.livenessBond) { |
There was a problem hiding this comment.
check TKO balance change strict using == rather than >=.
There was a problem hiding this comment.
@adaki2004 with this change, maybe we don't have to check "==" here?
There was a problem hiding this comment.
I still recommend having a strict equality, for two reasons
a) I don't see a benefit for transferring more than the liveness bond, it would increase the cost to the prover and the extra funds would be stuck in the TaikoL1 contract.
b) If multiple hooks are available which can transfer TKO to the TaikoL1 contract the proposer could attempt to use both e.g. If there is a third party hook, a proposer could attempt to use both hooks.
There was a problem hiding this comment.
I still recommend having a strict equality, for two reasons
I think this is a strict equalitsy, no ? (if NOT -> revert)
if (tko.balanceOf(address(this)) != tkoBalance + config.livenessBond) revert L1_LIVENESS_BOND_NOT_RECEIVED
There was a problem hiding this comment.
Yep this PR currently has a strict equality, which I currently see as a nicer solution. I was responding to @dantaik comment about potentially moving back to inequality.
@adaki2004 with this change, maybe we don't have to check "==" here?
There was a problem hiding this comment.
And client updates are ready too: taikoxyz/taiko-client#502
From team SigP.:
==rather than>=.