Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent double-spending when constructing L1 transactions #274

Open
ShookLyngs opened this issue Feb 20, 2023 · 0 comments
Open

Prevent double-spending when constructing L1 transactions #274

ShookLyngs opened this issue Feb 20, 2023 · 0 comments
Labels
enhancement New feature or request P-Low

Comments

@ShookLyngs
Copy link
Collaborator

ShookLyngs commented Feb 20, 2023

The issue

The current version of godwoken-bridge can easily trigger a double spend error when constructing an L1 transaction (deposit/l1-transfer/claim-test-sudt). Here's how to reproduce one:

  1. Open Godwoken Bridge Testnet
  2. Deposit a certain amount of CKB to L2
  3. Deposit again after sending the fist deposit (do it fast)

How it happens

Note that to reproduce the error, the second deposit needs to be sent fast, and then you should receive an error that indicates the transaction was double-spent. More detailed speaking, some inputs in the second transaction was double-spent.

But why would any cell in the inputs of a transaction trigger a double-spend error? Let's see how the construction works. When an L1 transaction is constructing, it collects live cells from the sender's address to build outputs and pay transaction fee:

  • Collect pure CKB cells
  • Collect sUDT cells if transferring sUDT
  • Collect sUDT cells with free CKB in them

Normally when constructing the first transaction, everthing should be fine. But CKB needs time to handle the first transaction, and when you construct the second transaction too fast, while constructing, light-godwoken could collect repeated input cells just like in the first transaction. This is how double-spending works in L1 transactions, you're literally trying to spend the same cell twice.

How to solve it

  1. Mange a spent cells list
    We can manage a spent cells list locally, and exclude those spent cells when collecting input cells. This is an simple idea of how we can do it, in the actual designing/coding phase it could be more difficult to control, as a transaction can be rejected after it is sent.
  2. Freeze the page when processing a transaction
    Or there's another way, we can simply disable L1 transaction features when there is any L1 transaction processing on-chain. However, none of these methods prevent double-spending triggered from multiple tabs.
  3. Use ckb-lumos/transaction-manager
    This method is relatively similar to the first method, only it is controlled by the ckb-lumos library automatically. Since we're using ckb-lumos everywhere in light-godwoken, and the package is easy to replace things in our code, I think this is the best solution for us. Check the link of the package for more details: @ckb-lumos/transaction-manager.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request P-Low
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants