Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NCC-E008263-AW3] Insufficient Participant Commitment List Checks #455

Closed
Tracked by #451
conradoplg opened this issue Jul 26, 2023 · 1 comment · Fixed by #480
Closed
Tracked by #451

[NCC-E008263-AW3] Insufficient Participant Commitment List Checks #455

conradoplg opened this issue Jul 26, 2023 · 1 comment · Fixed by #480
Assignees
@conradoplg
Milestone
FROST Audit

Comments

@conradoplg
Copy link
Contributor

sign() does not properly validate the signing_package.signing_commitments. See report for more details.

Fix it, so it checks:

  • If the participant's identifier and commitment is included (done in Add validation for missing identifier in signing package #452)
  • If there aren't any repeated commitments
  • Check consistency with min_signers/max_signers? We'll need to think a bit about this since those aren't readily available. It may be a good idea to store min_signers in the KeyPackage, but max_signers might not possible (since it's possible to issue new shares).
@mpguerra mpguerra mentioned this issue Jul 27, 2023
Closed
26 tasks
@conradoplg
Copy link
Contributor Author

We decided that it's not needed to check for repeated commitments, since that would just cause the signature generation to fail.

@conradoplg conradoplg mentioned this issue Aug 17, 2023
Merged
@conradoplg conradoplg self-assigned this Aug 17, 2023
@mpguerra mpguerra added this to the FROST Audit milestone Aug 24, 2023
@mpguerra mpguerra added this to FROST Aug 24, 2023
@mpguerra mpguerra moved this to Review/QA in FROST Aug 24, 2023
@mergify mergify bot closed this as completed in #480 Sep 6, 2023
@github-project-automation github-project-automation bot moved this from Review/QA to Done in FROST Sep 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@conradoplg conradoplg

Labels
None yet
Projects
FROST
Archived in project
Milestone
FROST Audit
Development

Successfully merging a pull request may close this issue.

check number of commitments in sign() ZcashFoundation/frost
2 participants
@conradoplg @mpguerra