[Bug]: Ensure integrity of deposit requests submitted #1116
Comments
djordon
added
transaction library
djordon
changed the title
djordon
changed the title
|
When someone informs Emily of a deposit, they're somehow providing something akin to the proof for a Merkle Tree. If that's the case, can't Emily verify the params and reject invalid requests? (Sorry on mobile but happy to expand on this with proper info) |
Yes, it could, and Emily would need access to bitcoin-core to do a full verification of the proof. Emily currently does a partial verification. We've been tossing around the idea of having Emily verify things against bitcoin-core. I'll add this as an option. |
|
I can be convinced otherwise but I think that anything else than that would add complexity for little gain. We know how to solve this properly, we can evaluate how much of a heavy lift it is to add this to Emily. Does it need to have access to Bitcoin core though? I'd assume the verification path can be much simpler, because we want it to be pretty specific. |
|
Hm, wouldn't option 2 also let us extract (what look like) sbtc deposits directly from bitcoin blocks and then only ask emily for these, and use the intersection vs. asking Emily for everything it views as pending every block? |
I believe that it essentially does. There are two kinds of verification:
Emily does (1) but not (2), and for (2) you need Bitcoin Core or you need the user to supply a bunch of information. I think the information is something like: the header of the block that confirmed the deposit, the transaction hex, and some merkle proof of inclusion of the transaction into the block. This is off the top of my head, I'm not entirely sure that this is correct.
Yes it would. Also, option 2 would let us extract sbtc deposits directly from bitcoin blocks without speaking to Emily at all. I'm not saying that we should do that, just that it's possible. Hmmm... but after thinking about this some more, I'm not as sure that option 2 is well-tailored to the problem stated in the ticket. It's more complex than it needs to be for the Emily integrity issue. Option (3) seems like the only way forward here, unless we require all deposits to have an
Yeah after thinking about it some more, I agree. But, I think I just like option (2). It appeals to me as a nice feature because it allows me to bridge into sBTC directly from the L1. And I think "the decentralized, trust minimized, bridge from Bitcoin into Stacks" should have L1 support. On the other hand it adds some complexity, requires leather work, and maybe no one besides me cares. I'd like to think through the work required so I'll open a design ticket and things will be clearer afterwards. |
I +1 this; removing the requirement of Emily is very appealing, but yeah probably deserves its own ticket.
I think that this would necessarily add 1 block to the deposit processing time, right? |
Thanks! It seems that here we are trying to solve many things at once. I wonder if we can reduce scope by picking the right problem to solve. Going back to the issue:
Let's say there's a deposit request Now, IIUC Emily gets some inputs to The problem is that if someone provides In that case, what I propose to solve this is to have the user provide all inputs. Even if it's not the same user, as long as This will prevent an attacker from invalidating The nice thing about this is that it is completely stateless. Essentially, Emily reproduces the computation that the bridge performs to obtain Now IIUC this should not require the Bitcoin block header. That's useful for a different problem, ie prevent someone from providing a |
|
If the goal is only to ensure that the scripts are valid and are a part of the (potential) transaction for the given txid, then we shouldn't need bitcoin-core. But we would need a bit more information to compute the txid -- it might be easier to have them send the hex-encoded transaction at that point, and we validate that we compute the same txid and that both script paths are valid given the taproot in the output.. I think? |
Bug - Ensure integrity of deposit requests
1. Description
When someone submits deposit request data to Emily, we do not have a way of ensuring that the sender is the same entity that created the deposit UTXO. This means that someone can create properly formed deposit requests to Emily that do not match any actual deposits on bitcoin, with the outcome being that actual deposits will be deemed invalid.
1.1 Context & Purpose
We may want to make some design decisions to increase the integrity of data submitted to Emily, so that we know that data stored there comes from the correct source.
2. Technical Details:
There are three solutions that come to mind and all are partly undesirable:
OP_RETURNoutput.scriptPubKeyslocking an input from the deposit transaction.Option (1) Is the easiest lift for us, but seems impractical: what is going to construct this signature? I don't see many wallets adding such functionality. Option (2) is doable, but it also requires wallets to support the creation of
OP_RETURNoutputs. Option (3) is like option (1) but better. Option (4) is quite cumbersome.I think (2) is the way to go, and allows us to remove functionality from Emily. We can fit the required data into an
OP_RETURNoutput if we are creative.2.1 Acceptance Criteria:
3. Related Issues and Pull Requests (optional):
4. Appendix
Option (2) above is more tricky than it looks, and it requires us to be a little creative because we only have 80 bytes to work with in an
OP_RETURNoutput. A straightforward porting of the data in our current deposit transactions will show that we don't have enough space. So an alternative layout for the deposit is something like this:Meaning:
The locktimes are fixed per sbtc version and for version 0 the lock time is 144. Reclaim scripts in general must have a fixed form given the sbtc version.
This was fun.
The text was updated successfully, but these errors were encountered: