add UIP-5: Outbound Packet Forwarding Middleware Support #4
Conversation
uips/uip-5.md
Outdated
|
|
||
| ## Security Considerations | ||
|
|
||
| This change does not introduce new security considerations at the IBC state machine level. The memo field is already part of the ICS20 specification, this UIP simply opens up the possibility for the user to configure its contents while building a withdrawal transaction. |
There was a problem hiding this comment.
Doesn't this open up a security consideration for Penumbra? Currently, we don't have any transaction fields that allow user- (attacker-) controlled lengths; this would be one.
The ICS20 memo field has been used for griefing on other chains. I think this won't be a problem, because Penumbra charges transactions gas for bytes used in the transaction encoding, so an attacker would have to pay to spam the chain, and the gas cost can change / be changed to respond to an attacker. But we should note that in the UIP, I think, so there's a documented rationale.
There was a problem hiding this comment.
Should we consider adding a maximum size bound to the memo field in stateless checks for Ics20Withdrawal? This isn't specified in the ICS spec as far as I am aware, but a reasonable upper bound could be added with likely few interoperability concerns.
There was a problem hiding this comment.
I'm in favor of not adding a bound a priori, and just relying on gas ; god knows what legitimate use cases people might come up with. For example, a priori many people assumed that 90 bech32 characters were sufficient for any kind of address.
Draft specification for UIP-5: Outbound Packet Forwarding Middleware Support