Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use parse rpc to verify remote forge #212

Open
simonmcl opened this issue Jun 2, 2020 · 0 comments
Open

Use parse rpc to verify remote forge #212

simonmcl opened this issue Jun 2, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@simonmcl
Copy link
Collaborator

simonmcl commented Jun 2, 2020

When using remote forging, there are risks that attackers can change the contents. In order to verify its contents, we need to add a call to the parse RPC and inspect the output to make sure it matches. Ideally this should be done against a different server than the first.

Proposal:

Add a second, optional URL when setting up TezosClient to act as the parse server. Default it to the first URL if none supplied. Update ForgeSignPreapplyAndInject to include a call to the parse endpoint and verify before proceeding.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simonmcl