Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Coordinator can delay formal rejection of withdrawal #1426

Open
1 task
djordon opened this issue Feb 24, 2025 · 0 comments
Open
1 task

[Bug]: Coordinator can delay formal rejection of withdrawal #1426

djordon opened this issue Feb 24, 2025 · 0 comments
Labels
bug Something isn't working immunefi-scope withdrawal The withdrawal sBTC operation.
Milestone
sBTC: Nice to have

Comments

@djordon
Copy link
Collaborator

djordon commented Feb 24, 2025

Bug - Coordinator can delay formal rejection of withdrawal

1. Description

Before signing a stacks transaction rejecting a withdrawal, the signers have 3 main checks:

  1. Whether the withdrawal has expired,
  2. Whether a sweep transaction fulfilling the withdrawal is in the "mempool", and
  3. Whether a sweep transaction (without an output fulfilling the withdrawal) has 6 confirmations since the last time the withdrawal has been considered in a sweep transaction.

The issue is with conditions (2) and (3). The coordinator can disrupt the rejection of the withdrawal request by pretending to "consider" the withdrawal request. In this case, the other signers will reject the attempt, however this attempt still counts as toward the withdrawal being considered in a sweep transaction and being in the "mempool".

2. Technical Details:

There are at least a couple of solutions:

  1. Only consider withdrawals that have passed validation when checking the database for whether the withdrawal has been considered or in the mempool.
  2. Change the smart contract to be fork aware, so that we can skip check (3) altogether.

I propose we do both. The change in (1) is easy to make, while the change in (3) offers a better user experience since check (3) would be gone and the signers could reject a withdrawal sooner.

2.1 Acceptance Criteria:

  • It is not possible for a malicious signer to delay rejection of a withdrawal request by pretending to consider a withdrawal request for inclusion in a sweep transaction.

3. Related Issues and Pull Requests (optional):

4. Appendix

Because of #620, the purpose of rejecting withdrawals has drifted from the original design. Originally, withdrawals were only accepted or rejected because of the signers' votes. A withdrawal can be accepted by votes but practically rejected because of the fees are too low.
@djordon djordon added bug Something isn't working immunefi-scope withdrawal The withdrawal sBTC operation. labels Feb 24, 2025
@djordon djordon added this to the sBTC: Nice to have milestone Feb 24, 2025
@djordon djordon added this to sBTC Feb 24, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in sBTC Feb 24, 2025
This was referenced Feb 24, 2025
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working immunefi-scope withdrawal The withdrawal sBTC operation.
Projects
sBTC
Status: Needs Triage
Milestone
sBTC: Nice to have
Development

No branches or pull requests
1 participant
@djordon