Fix settling when one side closes/updates with outdated BalanceProof #1689

andrevmatos · 2020-06-11T23:59:19Z

Short description
Search on transfer history for matching EnvelopeMessage (if needed) and use its values to settle channel.

Definition of Done

Steps to manually test the change have been documented
Acceptance criteria are met
Change has been manually tested by the reviewer (dApp)

Steps to manually test the change (dApp)

This condition won't happen naturally on real life, each end usually going to close/settle with their latest view of partner's BalanceProof, in order to get the most tokens, but an attacker could specifically chose to close with outdated BP in order to prevent us from settling the channel.
Therefore, specially tweaked tests were made to trigger this condition and ensure we still can find the right BP and settle nonetheless.

codecov · 2020-06-12T00:10:14Z

Codecov Report

Merging #1689 into master will decrease coverage by 1.58%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #1689      +/-   ##
==========================================
- Coverage   96.85%   95.27%   -1.59%     
==========================================
  Files          64      148      +84     
  Lines        3688     5222    +1534     
  Branches      829      957     +128     
==========================================
+ Hits         3572     4975    +1403     
- Misses        105      195      +90     
- Partials       11       52      +41

Flag	Coverage Δ
#dapp	`91.46% <ø> (?)`
#sdk	`96.81% <100.00%> (-0.04%)`	⬇️
#sdk_integration	`?`

Impacted Files	Coverage Δ
raiden-ts/src/transfers/actions.ts	`100.00% <ø> (ø)`
raiden-ts/src/transfers/reducer.ts	`96.46% <ø> (-0.18%)`	⬇️
raiden-ts/src/channels/epics.ts	`98.02% <100.00%> (+0.77%)`	⬆️
raiden-ts/src/channels/reducer.ts	`96.93% <100.00%> (ø)`
raiden-ts/src/channels/types.ts	`100.00% <100.00%> (ø)`
raiden-ts/src/messages/utils.ts	`99.00% <100.00%> (ø)`
raiden-ts/src/migration/3.ts	`100.00% <100.00%> (ø)`
raiden-ts/src/services/epics.ts	`99.03% <100.00%> (ø)`
raiden-ts/src/transfers/utils.ts	`93.33% <100.00%> (+1.53%)`	⬆️
raiden-ts/src/polyfills.ts	`85.71% <0.00%> (-14.29%)`	⬇️
... and 86 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c7514d1...38a3820. Read the comment docs.

kelsos

Lgtm 👍

andrevmatos added 6 commits June 11, 2020 20:52

sdk: Get rid of transferClear

c975240

sdk: Make 'createBalanceHash' receive a subset of a BalanceProof

e4b3412

sdk: Introduce BalanceProofZero

afb2f60

sdk: Search matching BalanceProof for balanceHash on channelSettle

c9c959a

sdk: Add regression tests for channelSettle with outdated balanceHash

8e84299

sdk: Add changelog for bugfix of settling with outdated BP

38a3820

andrevmatos added sdk 🖥 security Pull requests that address a security vulnerability labels Jun 11, 2020

andrevmatos requested a review from kelsos June 11, 2020 23:59

kelsos approved these changes Jun 12, 2020

View reviewed changes

andrevmatos merged commit 9161ce4 into master Jun 12, 2020

andrevmatos deleted the fix/settle_outdated branch June 12, 2020 14:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix settling when one side closes/updates with outdated BalanceProof #1689

Fix settling when one side closes/updates with outdated BalanceProof #1689

andrevmatos commented Jun 11, 2020

codecov bot commented Jun 12, 2020 •

edited

Loading

kelsos left a comment

Fix settling when one side closes/updates with outdated BalanceProof #1689

Fix settling when one side closes/updates with outdated BalanceProof #1689

Conversation

andrevmatos commented Jun 11, 2020

codecov bot commented Jun 12, 2020 • edited Loading

Codecov Report

kelsos left a comment

Choose a reason for hiding this comment

codecov bot commented Jun 12, 2020 •

edited

Loading