Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BLS12-381 Rogue Key Attacks #304

Open
MaxMustermann2 opened this issue Feb 13, 2025 · 0 comments
Open

BLS12-381 Rogue Key Attacks #304

MaxMustermann2 opened this issue Feb 13, 2025 · 0 comments
Assignees
@trestinlsd @mikebraver

Comments

@MaxMustermann2
Copy link
Contributor

The x/avs module is vulnerable to rogue key attacks. An attacker can combine fake keys or signatures to bypass security checks, which could weaken the system.

Proposed Solution

Require users to prove they own their keys before using them. This can be done by asking them to submit a small extra signature when registering their key. Typically such a message should contain the protocol name (exocore) to prevent replay attacks on other chains and the operator's own address to prevent usage by another operator upon the first operator's withdrawal from the system.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@trestinlsd trestinlsd

@mikebraver mikebraver

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MaxMustermann2 @trestinlsd @mikebraver