Comments (6)
That's a good question.
Burn allows only those who own a token commitment to nullify the commitment and then release the ERC20 or ERC721 token of this commitment to any address specified by payTo. It is an intentional decision. If Alice burns her token commitment in order to pay in ERC20 or ERC721 to Bob, she can do that in just one transaction instead of two transactions (burn ERC20/721 to her address and transfer ERC20/721 to Bob).
from nightfall.
Hi @ChaitanyaKonda,
Thanks for clarifying the intention.
I believe the issue is orthogonal to the decision though - it would exist even if the payTo address was always msg.sender
.
It seems to me that while the proof is not bound in some way to this specific transaction, it’s going to be copyable and be sent by anyone.
Zcash, in their Sprout version, prevented it by binding a newly-generated keypair to each proof and sign the transaction with it. In Sapling, they have other types of signatures (specifically, the overall binding signature).
Another solution could be adding the intended address (either msg.sender of payTo) to the proof itself (as a public input, for example).
Am I still missing a mechanism that stops that?
from nightfall.
@kobigurk once the first transaction (the legitimate one) has completed then subsequent replays with a different payTo address will fail because the nullifier will have been posted to the smart contract. Is your concern about a false transaction being substituted for the legitimate transaction before the legitimate transaction is completed?
from nightfall.
Hey @Westlad, exactly. I mean the case where it’s still in-flight. This is a case where a relaying node or a miner can “front-run” this transaction, which I think is a legitimate worry in a high-stakes use-case.
from nightfall.
I see what your concern is. So if the proof locked down the payTo address that would close off the possibility of a rogue miner?
from nightfall.
I believe so. It would bring it to be on par with the usual worries of a miner censoring, but not stealing.
from nightfall.
Related Issues (20)
- Whats more private than a hash wallet address ?? just make a new account and wallet .. this proj is moot
- Issue while account creation after a login failure HOT 1
- Historic Public Key Roots let user avoid blacklisting
- Check that correct admin public keys are being used
- Remove redundant error-checking code
- Check privacy settings of functions and state variables
- small code cleanups
- run transferFTCommitment failed!!! HOT 5
- Cannot successfully run the .nightfall script HOT 2
- OPCoin commitment transfer failing HOT 4
- All inline callback function should be arrow function (airbnb standards)
- do not export directly from an import (airbnb strandards) HOT 1
- Don’t use iterators(for-in or for-of). Prefer JavaScript’s higher-order (airbnb standards)
- empty line before single line comments (airbnb standards)
- filename should exactly match the name of its default export (airbnb standards)
- Do not use JavaScript getters/setters (airbnb standards)
- Error while minting commitment token HOT 1
- Refactor nightfall/nightlite responsibilities
- errors while running transactions HOT 6
- Not able to make Nighfall usage non interactive
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nightfall.