Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TVU does not verify transaction signatures #8593

Closed
mvines opened this issue Mar 3, 2020 · 0 comments · Fixed by #8596
Closed

TVU does not verify transaction signatures #8593

mvines opened this issue Mar 3, 2020 · 0 comments · Fixed by #8596
Assignees
@sakridge
Labels
security Pull requests that address a security vulnerability
Milestone
v1.0.3

Comments

@mvines
Copy link
Member

mvines commented Mar 3, 2020

The leader can fabricate transactions with invalid signatures and transmit them to the other validator nodes for verification. Because those other validator nodes do not perform a transaction signature check (I swear we did this at some point in the past), whenever your node is leader you can issue any transactions you want.
@mvines mvines added the security Pull requests that address a security vulnerability label Mar 3, 2020
@mvines mvines added this to the v0.23.9 milestone Mar 3, 2020
@garious garious changed the title ReplayStage does not verify the signature of transactions TVU does not verify transaction signatures Mar 3, 2020
@ryoqun ryoqun mentioned this issue Mar 3, 2020
Merged
@sakridge sakridge mentioned this issue Mar 3, 2020
Merged
@mvines mvines modified the milestones: v0.23.9, v1.0.2, v1.0.3 Mar 3, 2020
@Kashuhackerone Kashuhackerone mentioned this issue Feb 3, 2023
Open
This was referenced Feb 4, 2023
Closed
Open
Open
Closed
This was referenced Feb 24, 2023
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Feb 28, 2023
Open
Open
Open
@snyk-bot snyk-bot mentioned this issue Mar 1, 2023
Open
This was referenced Apr 3, 2023
Open
Open
Open
This was referenced Apr 5, 2023
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Apr 8, 2023
Open
Open
Open
This was referenced Apr 10, 2023
Open
Open
Open
This was referenced Apr 10, 2023
Open
Open
Open
Open
Open
Open
Open
Open
Open
@q1blue q1blue mentioned this issue Feb 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sakridge sakridge

Labels
security Pull requests that address a security vulnerability
Projects
None yet
Milestone
v1.0.3
Development

Successfully merging a pull request may close this issue.

Check transaction signatures in entry verify sakridge/solana
2 participants
@sakridge @mvines