Global accountant: Message signature format doesn’t follow guidelines for guardian key usage #2292
Closed
tbjump
started this conversation in
Protocol / feature design discussion
Replies: 1 comment
-
|
implemented in #2322 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Status Quo
The Guardian key is being used to sign a JSON message about an observation to be submitted to the Accounting contract.
Issue
The signature format doesn’t follow the recommendation of the whitepaper, which is to prepend a message type identifier of
>=34bytes.Recommendation
In this line of code:
[wormhole/accounting.go at 7f512425dcf5425957c6921ed130caa9569023ab · wormhole-foundation/wormhole](
wormhole/node/pkg/accounting/accounting.go
Line 330 in 7f51242
I propose that instead of computing
digest := Keccak256Hash(Keccak256Hash(observation)), computedigest := Keccak256Hash(ACCOUNTING_OBSERVATION_PREFIX + observation), whereACCOUNTING_OBSERVATION_PREFIX = ACCOUNTING_OBSERVATION_00000000000The corresponding changes also need to be made in the Accounting contract.
Finally, this additional guardian key usage should be documented in the Whitepaper https://github.com/wormhole-foundation/wormhole/blob/main/whitepapers/0009_guardian_key.md
Beta Was this translation helpful? Give feedback.
All reactions