Cosmos-sdk: Duplicate chain-id can be generated(SDK 0.31.2)

Created on 15 Feb 2019  Â·  4Comments  Â·  Source: cosmos/cosmos-sdk

Summary of Bug

  1. Duplicate chain-id can be generated.
  2. Even the signeture value can be made the same.

If we later generate interchain, I think there is a problem when a duplicate "chain-id" is created.
Even the same signature is created, which I think is sufficiently exploitable.

image

Steps to Reproduce


[Fake Server]

  1. Duplicate chain generation : gaiad testnet --chain-id=game_of_stakes_6
  2. Copy ".gaiacli/keys", ".gaiad/config/node_key.json", ".gaiad/config/priv_validator_key.json" from the actual chain
  3. Fake chain : gaiad start
  4. The "account_number" of the copied key is set equal to the actual chain.
  5. Generate the same tx in both chains, then sign and check "signature".
    gaiacli tx send $key 1000stake --from=J --chain-id=game_of_stakes_6 --generate-only > t.json
    gaiacli tx sign t.json --name=J --chain-id=game_of_stakes_6 --sequence=3000 -o=json > t_sign.json
    cat t_sign.json | jq
  6. The same "signature" is generated on both sides.

For Admin Use

  • [ ] Not duplicate issue
  • [ ] Appropriate labels applied
  • [ ] Appropriate contributors tagged
  • [ ] Contributor assigned/self-assigned
picture wlsaud619

All 4 comments

Hmmm, not sure how to fully digest this? You're creating two independent chains (one locally and one containerized). These two chains have no knowledge of each other. What exactly is the problem? Eventually the Hub will ensure no duplicate chain-ids exist afaik.

/cc @cwgoes

alexanderbez picture alexanderbez on 15 Feb 2019
😄1

hmm... I think you're right.
I remember that it was impossible to duplicate the chain in the previous gaiad, but as you said, it would not be a problem if they were independent of each other.
Thank you for your answer.

wlsaud619 picture wlsaud619 on 15 Feb 2019

Hi @wlsaud619 - thanks for your detailed report, but this is the expected behaviour. There's nothing we can do to prevent duplicate chain IDs (nor necessarily would we want to).

IBC naming at the base protocol level will be local (each chain chooses what to call each other chain, and each chain's state machine is responsible for authentication to prevent spoofing); nameservices might emerge at the ecosystem level.

cwgoes picture cwgoes on 15 Feb 2019
😄1

I understand. Thank you for explaining it again.

wlsaud619 picture wlsaud619 on 15 Feb 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rigelrozanski picture rigelrozanski  Â·  3Comments
kevlubkcm picture kevlubkcm  Â·  3Comments
ValarDragon picture ValarDragon  Â·  3Comments
rigelrozanski picture rigelrozanski  Â·  3Comments
adrianbrink picture adrianbrink  Â·  3Comments