Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Review #98

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Security Review #98

wants to merge 3 commits into from

Conversation

moshe-blox
Copy link
Contributor

@moshe-blox moshe-blox commented Apr 3, 2023

  • ⚠️ Check output & verify signatures in BLSToExecutionChange CLI tests
  • ⚠️ Check output & verify signatures in VoluntaryExit and DepositData CLI tests
  • Don't ignore possible errors in GenesisValidatorsRoot()
  • Reject invalid input in NetworkFromString
  • Don't ignore errors in _byteArray|_byteArray32|_byteArray96?
  • ⚠️ Signature in TestBenchmarkBlockProposal seems to have changed from 911ac2f6d74039279f16eee4cc46f4c6eea0ef9d18f0d9739b407c150c07ccb104c1c4b034ad46b25719bafc22fad05205975393000ea09636f5ce427814e2fe12ea72041099cc7f6ec249e504992dbf65e968ab448ddf4e124cbcbc722829b5 to aab8d1dc7e9fdea39b9a46cde64759138372a8d1226d56d01fa9e2df9e45e39d67bacf5794bb6841f5ea143aa124a33211089d4cc045e0605380bf4ae03291b1ee8082e55274ce5dc513cc0bebdb8e8a5276ad39a0cea3edd321d9cf854f695c
    Note: While it's a phase0 block, which isn't going to be proposed anymore, I still think we should try to reproduce the previous signature.
    Note: Altair & Bellatrix signatures have been preserved as they were.
    Note: It's changed because its no longer possible to sign a block with a slot 1.
  • Verify that blinded Capella block test has correct signature.
    Note: Verified. It's a real block from Sepolia: https://sepolia.beaconcha.in/slot/1861337
  • Add a proposal slashing test with Capella blocks
  • ⚠️ How did we arrive at the expected signatures in signer/sign_bls_to_execution_change_test.go?
    Note: Specified in the comment above the signatures in the code.
  • ⚠️ Why did the expected signature change in sign_registration_test.go?
    Note: Fixed and switched back to old signature. Values in the test were incorrect.
  • TODO: I'm not sure I understand the changes in slashing_protection/proposal_protection_test.go
    Note: Minimal non-slashable slot was increased from 1 to 2 during the Prysm depdendency removal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant