From 969a44dbb7479a99de09f516955e0dc85ae1c4d9 Mon Sep 17 00:00:00 2001 From: Zac Burns Date: Mon, 3 Oct 2022 17:19:48 -0500 Subject: [PATCH] security: resurrect comment deleted in f7fa658b --- .../indexer-service/src/query-fees/allocations.ts | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/packages/indexer-service/src/query-fees/allocations.ts b/packages/indexer-service/src/query-fees/allocations.ts index 0e254afa3..e86fc7079 100644 --- a/packages/indexer-service/src/query-fees/allocations.ts +++ b/packages/indexer-service/src/query-fees/allocations.ts @@ -89,6 +89,20 @@ export class AllocationReceiptManager implements ReceiptManager { throw indexerError(IndexerErrorCode.IE031, 'Expecting 264 hex characters') } + // TODO: (Security) Additional validations are required to remove trust from + // the Gateway which are deferred until we can fully remove trust which requires: + // * A receiptID based routing solution so that some invariants can be tested + // in memory instead of hitting the database for performance (eg: collateral, + // and that fees are increasing). + // * A ZKP to ensure all receipts can be collected without running out of gas. + // + // Validations include: + // * The address corresponds to an *unresolved* transfer. + // * The unresolved transfer has sufficient collateral to pay for the query. + // * Recovering the signature for the binary data in chars 20..56 = the specified address. + // * The increase in fee amount from the last known valid state covers the cost of the query + // * This receipt ID is not being "forked" by concurrent usage. + const receipt = this._parseAllocationReceipt(receiptData) const signature = await validateSignature( this._allocationReceiptVerifier,