patch01: address path-based groupmint #28
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
problem: for path-based groupmint (much like with external
groupMint) the minted group tokens were delivered to the sender. In the verification of the flow matrix of a path transfer, this resulted in any groupmint always netting out zero, and as such always being allowed for the maximum balance of the avatar - IF the avatar had opted out of consented flow for any (malicious) group.In this patch, the group tokens that are minted over the path transfer are minted in-place onto the group address - so the path transfer needs to explicitly move the group tokens onward (or the group is set as the final receiver in the stream).
This patch only addresses that now the amount "mintable"/"stealable" is limited to the total capacity of other Circles that the avatar is able to receive from their trusted Circles (in exchange for the tokens minted into the group). So the core problem remains that, without consented flow, or when an avatar opts out from consented flow, an attacker can steal valuable Circles from a user who opts-out of consented flow - albeit at a possibly rate limited flow (which is still unacceptable).
It is important to note that, while this patch by itself alone does not address the attack vector (the main one remains: being able to opt out from consented flow), it is well-worth considering this patch because this implementation fix for path-based group mint is the more logical, and elegant one.