Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pallet-randomness-beacon: security and genesis #133

Open
wants to merge 24 commits into
base: main
Choose a base branch
from
Open

pallet-randomness-beacon: security and genesis #133

wants to merge 24 commits into from
+208 −55

Conversation

driemworks
Copy link
Contributor

This PR focuses on ensuring the integrity and security of the randomness beacon pallet.

  • It establishes an upper bound to the number of signatures that can be submitted per block. The actual limitation lies in the construction of the aggregated message that drand signed, where we must hash each round number to a group element and aggregate them. This closes pallet-randomness-beacon: set max pulses per block #123 .
  • Additionally, it limits the try_sumit_asig extrinsic to be callable a single time per block. While the initial intention was to use a signed payload with an unsigned transaction to provide security to the extrinsic, this proved infeasible unless an offchain worker is used. OCWs do not guarantee execution, making this unviable. More simply, the extrinsic operates similarly to pallet_timestamp, simply ensuring that the extrinsic can be called once per block. Since the call is submitted as an inherent, the validator-authored call is the first one in the transaction pool that is executed even if others try to submit calls. In addition, subsequent calls within the same block would fail regardless, as invalid (forgery attack) and duplicate signatures are rejected (replay attack). This closes pallet-randomness-beacon: inherent security #117
  • It enhances the inherent logic to ensure that the genesis (Drand) round is configured based on the first pulse we observe and closes pallet-randomness-beacon: handle genesis round within inherent call #127.

colemanirby
colemanirby reviewed Mar 10, 2025
View reviewed changes
pallets/randomness-beacon/src/lib.rs Outdated
@@ -173,6 +181,13 @@ pub mod pallet {
GenesisRoundNotSet,
/// The genesis is already set.
GenesisRoundAlreadySet,
/// There must be at least one signature to construct an asig
ZeroHeightProvided,
/// There number of aggregated signatures exceeds the maximum rounds we can verify per
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo here. I think it should say "The number of..."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

juangirini
juangirini reviewed Mar 11, 2025
View reviewed changes
pallets/randomness-beacon/src/lib.rs
fn check_inherent(call: &Self::Call, _data: &InherentData) -> Result<(), Self::Error> {
match call {
Call::try_submit_asig { .. } => Ok(()),
_ => unreachable!("other calls are not inherents"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've seen this elsewhere in Substrate, do you know why panicing instead of returning an error?

juangirini
juangirini reviewed Mar 11, 2025
View reviewed changes
pallets/randomness-beacon/src/lib.rs
Comment on lines +256 to +261
/// A dummy `on_initialize` to return the amount of weight that `on_finalize` requires to
/// execute.
fn on_initialize(_n: BlockNumberFor<T>) -> Weight {
// weight of `on_finalize`
T::WeightInfo::on_finalize()
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we return the on_finalize weight?

juangirini
juangirini reviewed Mar 11, 2025
View reviewed changes
pallets/randomness-beacon/src/lib.rs
Comment on lines +263 to +264
/// At the end of block execution, the `on_finalize` hook checks that the timestamp was
/// updated. Upon success, it removes the boolean value from storage. If the value resolves
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess you meant the 'aggregated signatures' instead of 'timestamp'?

juangirini
juangirini reviewed Mar 11, 2025
View reviewed changes
pallets/randomness-beacon/src/lib.rs
// aggregate old asig/apk with the new one and verify the aggregation
// Q: do we care about the entire linear history of message hashes?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is useful for searching for the keyword 'todo'

Suggested change
// Q: do we care about the entire linear history of message hashes?
// TODO: do we care about the entire linear history of message hashes?

juangirini
juangirini approved these changes Mar 11, 2025
View reviewed changes
Copy link
Contributor

@juangirini juangirini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just had a few minor comments, but looks good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@colemanirby colemanirby colemanirby left review comments

@juangirini juangirini juangirini approved these changes

@carloskiron carloskiron Awaiting requested review from carloskiron

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@driemworks @juangirini @colemanirby