Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[XRP] Don't accept incoming transfers on a paychan that is about to close #18

Open
dappelt opened this issue Nov 29, 2017 · 0 comments
Open

[XRP] Don't accept incoming transfers on a paychan that is about to close #18

dappelt opened this issue Nov 29, 2017 · 0 comments

Comments

@dappelt
Copy link
Collaborator

dappelt commented Nov 29, 2017

There is a TODO for this in the code, but I am documenting this here as well since it is pretty important and allows to steal from a connector.

The connector accepts incoming transfers on paychans without checking if the channel is about to close. An attacker could 1) open a chan to the connector, 2) right away send a channel close tx, 3) wait until the settle delay is almost over and finally 4) send a transfer, which does leave the claim submitter with no time to send the claim.

Solution: If the channel watcher detects that a channel is about to close, he writes this info back into the DB. The middleware that handles incoming transfers could then read the channel details from the DB and reject incoming transfers on closing channels.
@dappelt dappelt mentioned this issue Nov 29, 2017
Open
@dappelt dappelt changed the title Don't accept incoming transfers on a paychan that is about to close [XRP] Don't accept incoming transfers on a paychan that is about to close Nov 29, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dappelt