Giter VIP home page Giter VIP logo

Comments (6)

ChaitanyaKonda avatar ChaitanyaKonda commented on July 24, 2024

That's a good question.

Burn allows only those who own a token commitment to nullify the commitment and then release the ERC20 or ERC721 token of this commitment to any address specified by payTo. It is an intentional decision. If Alice burns her token commitment in order to pay in ERC20 or ERC721 to Bob, she can do that in just one transaction instead of two transactions (burn ERC20/721 to her address and transfer ERC20/721 to Bob).

from nightfall.

kobigurk avatar kobigurk commented on July 24, 2024

Hi @ChaitanyaKonda,

Thanks for clarifying the intention.

I believe the issue is orthogonal to the decision though - it would exist even if the payTo address was always msg.sender.

It seems to me that while the proof is not bound in some way to this specific transaction, it’s going to be copyable and be sent by anyone.

Zcash, in their Sprout version, prevented it by binding a newly-generated keypair to each proof and sign the transaction with it. In Sapling, they have other types of signatures (specifically, the overall binding signature).

Another solution could be adding the intended address (either msg.sender of payTo) to the proof itself (as a public input, for example).

Am I still missing a mechanism that stops that?

from nightfall.

Westlad avatar Westlad commented on July 24, 2024

@kobigurk once the first transaction (the legitimate one) has completed then subsequent replays with a different payTo address will fail because the nullifier will have been posted to the smart contract. Is your concern about a false transaction being substituted for the legitimate transaction before the legitimate transaction is completed?

from nightfall.

kobigurk avatar kobigurk commented on July 24, 2024

Hey @Westlad, exactly. I mean the case where it’s still in-flight. This is a case where a relaying node or a miner can “front-run” this transaction, which I think is a legitimate worry in a high-stakes use-case.

from nightfall.

Westlad avatar Westlad commented on July 24, 2024

I see what your concern is. So if the proof locked down the payTo address that would close off the possibility of a rogue miner?

from nightfall.

kobigurk avatar kobigurk commented on July 24, 2024

I believe so. It would bring it to be on par with the usual worries of a miner censoring, but not stealing.

from nightfall.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.