Ethereum::transact
call allows to be executed by different origins with the same transaction signature
#1066
Labels
Question
What is the reason that
Ethereum::transact
call allows to be executed by different origins with the same transaction signature?Input info
During the
pallet-ethereum
code research the following implementation has been discovered - https://github.com/paritytech/frontier/blob/4b1b16846aeca5856e33dc38fa5bf12e5e64ebb5/frame/ethereum/src/lib.rs#L282.At the beginning, it's checked that the transaction is ethereum transaction by
let source = ensure_ethereum_transaction(origin)?;
. Then,Self::apply_validated_transaction(source, transaction)
is applied without verifying that the real signature of the transaction corresponds tosource
trx sender.Proof
There is the following test in frontier code base that checks nonce incrementation for origin that executes transaction - https://github.com/paritytech/frontier/blob/4b1b16846aeca5856e33dc38fa5bf12e5e64ebb5/frame/ethereum/src/tests/legacy.rs#L45
I've added the following test with the Alice transaction signature that is executed by Bob to check our thoughts.
The test is passed successfully. So, Alice transaction is executed by Bob and nonce is increased for Bob.
I would like to understand the correct behaviour here to prevent any vulnerabilities in frontier logic usage at our https://github.com/humanode-network/humanode repo.
CC @MOZGIII
The text was updated successfully, but these errors were encountered: