buckyos / sourcedao Goto Github PK
View Code? Open in Web Editor NEWLicense: BSD 2-Clause "Simplified" License
License: BSD 2-Clause "Simplified" License
Consider an attack on our centralized backend, where both the backend code and the database can be modified, it is possible to reach the following attack:
when creating a proposal, fill up the params of the proposal with parameters + type, the type is added to avoid the situation that some simple proposals have a small number of parameters and conflict with other proposals.
Example: add member: [member address, "addMember"].
Remove member: [member address, "removeMember"].
Create project: [budget, issueId, startDate, endDate, "createProject"].
these parameters are also stored in the backend database
modify the voting interface in the chain to support(uint proposalId, bytes32[] memory params)
The params here need to be passed the same as when creating the params.
when the front-end creates a voting transaction, read out the corresponding parameter list of the proposal from the back-end.
in the proposal display, the front-end directly read the proposal parameters, and then according to the type, using a template to spell out a human readable description
the front-end can calculate its own params hash through the proposal parameters, and then compare it with the hash on the chain to determine whether the proposal is valid.
in order to prevent the front-end code is tampered with, resulting in the creation of transactions using the wrong parameter list, you can consider the front-end encapsulation in electron, and distribute it
If above scheme is applied, then the previous attack, will become:
If the attacker only modifies the proposal ID, then when the front-end is displayed, modification 6 will prevent this proposal from being displayed
If the attacker modifies both the proposal ID and the proposal parameters, then when the front-end is displayed, modification 5 will be displayed as a Token to release the proposal
In both cases, the vote will not succeed and the attack fails
In the case where the back-end code may have been modified, there is no need to do any other validation logic in the backend, because there is a possibility of being bypassed in both cases
When a committee member initiates a contract upgrade, only that member can cancel the upgrade or execute it based on the voting results. If the initiating committee member loses their private key following the upgrade's initiation, it seems this could potentially halt the entire upgrade process. Is this the case?
I believe that contract upgrades are critical operations, and we should prevent potential concurrency issues. For instance, Proposal 1 suggests upgrading the implementation to version 1.1, while Proposal 2 suggests upgrading the implementation to version 1.2. If the approval sequence turns out to be Proposal 2 followed by Proposal 1, the contract will actually be upgraded to version 1.1. From an implementation perspective, we should leverage the incremental nature of proposal IDs for protection. If a later upgrade proposal passes, earlier proposals should not be executable, even if they are passed.
The implementation of the verifyContractUpgrade function does more than just "verify state"βit actually alters the state. Should we consider renaming and/or adjusting this function to better align with its behavior?
Given the function's current implementation, I am concerned that an approved proposal (especially considering that proposals do not record old implementation addresses) could potentially be repeatedly verified and used to execute upgrade operations.
I would like to suggest a security enhancement for the _propose function. Currently, the _proposalId is not included in the root_merklehash. This might leave room for potential replay attacks.
To mitigate this risk, I propose that the _proposalId be included in the root_merklehash. This change would ensure that each proposal is uniquely identified in the root_merklehash, thus providing additional security against replay attacks.
function _propose(
address from,
uint duration,
bytes32[] memory params,
bool isFull
) internal returns (uint) {
uint _proposalId = curProposalId++;
//TODO:
bytes32 root = MerkleProof.processProof(params, bytes32(0));
Thank you for considering this proposal. I believe this enhancement would significantly improve the security of the system.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.