Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invoice Acceptor: ensure asset ID match between RFQ and HTLC #1299

Merged
merged 4 commits into from
Jan 23, 2025
Merged

Invoice Acceptor: ensure asset ID match between RFQ and HTLC #1299

merged 4 commits into from
Jan 23, 2025

Conversation

GeorgeTsagk
Copy link
Member

Description

This PR adds an extra strictness check which requires the asset ID of the RFQ quote and HTLC records to match. This is done as an extra strict check to guard against HTLC and RFQ asset ID mismatch, which can lead to malicious behavior where a quote for a different asset is being accounted for when accepting an asset HTLC.

Closes #1255

@GeorgeTsagk GeorgeTsagk self-assigned this Jan 14, 2025
ffranr
ffranr requested changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@ffranr ffranr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea!

tapchannel/aux_invoice_manager.go Outdated Show resolved Hide resolved
@dstadulis
Copy link
Collaborator

dstadulis commented Jan 14, 2025
edited by GeorgeTsagk
Loading

TODO

  • itest unit test to cover the negative cases

@dstadulis dstadulis added this to the v0.6 milestone Jan 14, 2025
@GeorgeTsagk GeorgeTsagk force-pushed the inv-accept-asset-id-match branch 2 times, most recently from ef54607 to 5e76383 Compare January 21, 2025 11:16
@coveralls
Copy link

coveralls commented Jan 21, 2025
edited
Loading

Pull Request Test Coverage Report for Build 12934292935

Details

  • 50 of 57 (87.72%) changed or added relevant lines in 2 files are covered.
  • 41 unchanged lines in 8 files lost coverage.
  • Overall coverage increased (+0.04%) to 40.733%
Changes Missing Coverage Covered Lines Changed/Added Lines %
tapchannel/aux_invoice_manager.go 47 54 87.04%
Files with Coverage Reduction New Missed Lines %
tapdb/addrs.go 2 75.12%
commitment/tap.go 2 84.09%
tapchannel/aux_leaf_signer.go 3 43.43%
asset/mock.go 3 92.27%
tapchannel/aux_invoice_manager.go 6 84.06%
tapdb/multiverse.go 6 68.21%
asset/asset.go 7 76.88%
tapgarden/caretaker.go 12 68.5%
Totals Coverage Status
Change from base Build 12916117148: 0.04%
Covered Lines: 26723
Relevant Lines: 65605
💛 - Coveralls

@GeorgeTsagk GeorgeTsagk force-pushed the inv-accept-asset-id-match branch from 5e76383 to 5b235ef Compare January 21, 2025 11:55
@GeorgeTsagk GeorgeTsagk requested review from ffranr and guggero January 21, 2025 11:56
guggero
guggero reviewed Jan 21, 2025
View reviewed changes
Copy link
Member

@guggero guggero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Careful self review of the commits would've prevented 50-60% of my comments...
Approach looks okay to me but can be perhaps made a bit more generic.

tapchannel/aux_invoice_manager.go Outdated Show resolved Hide resolved
tapchannel/aux_invoice_manager_test.go Outdated Show resolved Hide resolved
tapchannel/aux_invoice_manager.go Outdated Show resolved Hide resolved
tapchannel/aux_invoice_manager_test.go Outdated Show resolved Hide resolved
tapchannel/aux_invoice_manager.go Outdated Show resolved Hide resolved
tapchannel/aux_invoice_manager.go Show resolved Hide resolved
@GeorgeTsagk GeorgeTsagk force-pushed the inv-accept-asset-id-match branch from 5b235ef to 6066385 Compare January 21, 2025 18:02
@GeorgeTsagk GeorgeTsagk requested a review from guggero January 21, 2025 18:05
ffranr
ffranr reviewed Jan 21, 2025
View reviewed changes
Copy link
Contributor

@ffranr ffranr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! This is pretty much there IMO.

I'm just going to suggest a potential simplification in this review.

tapchannel/aux_invoice_manager.go Outdated Show resolved Hide resolved
@GeorgeTsagk GeorgeTsagk force-pushed the inv-accept-asset-id-match branch from 6066385 to 845e0f6 Compare January 22, 2025 11:04
@GeorgeTsagk GeorgeTsagk requested a review from ffranr January 22, 2025 11:04
guggero
guggero approved these changes Jan 22, 2025
View reviewed changes
Copy link
Member

@guggero guggero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. One more suggestion, but non-blocking.

tapchannel/aux_invoice_manager.go Outdated Show resolved Hide resolved
tapchannel/aux_invoice_manager.go Outdated Show resolved Hide resolved
@Roasbeef Roasbeef modified the milestones: v0.6, v0.5.1 Jan 23, 2025
ffranr
ffranr approved these changes Jan 23, 2025
View reviewed changes
Copy link
Contributor

@ffranr ffranr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good addition

@GeorgeTsagk
tapchannel: add identifierFromQuote helper
e754cdd 
We add a simple identifierFromQuote function that fetches the asset
specifier associated with a certain accepted quote identified by its
rfq ID. We will later use this in the handleInvoice function to
compare the identifier of the quote with that of the HTLCs.
@GeorgeTsagk
asset: expose asset ID option on specifier
956b40b
@GeorgeTsagk
tapchannel: add asset htlc validation function
3c22b84 
In this commit we utilize the previously defined helper in order to
define a new htlc validation function. The validation currently includes
checking that the asset ID of the rfq and the HTLCs always match. This
is done as an extra strict check to guard against HTLC and RFQ asset
specifier mismatch, which can lead to malicious behavior where a quote
for a different asset is being accounted for when accepting an asset
HTLC.
@GeorgeTsagk
tapchannel: update AuxInvoiceManager tests for new asset ID check
070dff0 
For test cases where an RFQ does not exist we fail earlier, so we need
to update the expected behavior on the tests. We also need to be more
strict when creating dummy RFQs, as now the request with the asset
specifier needs to be present, for the new checks to take place.
@GeorgeTsagk GeorgeTsagk force-pushed the inv-accept-asset-id-match branch from 845e0f6 to 070dff0 Compare January 23, 2025 17:04
@GeorgeTsagk GeorgeTsagk added this pull request to the merge queue Jan 23, 2025
Merged via the queue into lightninglabs:main with commit 71fee14 Jan 23, 2025
18 checks passed
@GeorgeTsagk GeorgeTsagk mentioned this pull request Jan 29, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ffranr ffranr ffranr approved these changes

@guggero guggero guggero approved these changes

Assignees

@GeorgeTsagk GeorgeTsagk

Labels
htlc security
Projects
Taproot-Assets Project Board
Status: ✅ Done
Milestone
v0.5.1
Development

Successfully merging this pull request may close these issues.

Assert invoice-RFQ asset ID and HTLC asset ID match
6 participants
@GeorgeTsagk @dstadulis @coveralls @guggero @ffranr @Roasbeef