Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/oracle: Lack of prioritization for oracle messages #510

Closed
alexanderbez opened this issue Feb 7, 2022 · 3 comments · Fixed by #1290
Closed

x/oracle: Lack of prioritization for oracle messages #510

alexanderbez opened this issue Feb 7, 2022 · 3 comments · Fixed by #1290
Assignees
@robert-zaremba
Labels
C:Audit C:Core Core app features C:x/oracle
Milestone
v3

Comments

@alexanderbez
Copy link
Contributor

alexanderbez commented Feb 7, 2022
edited
Loading

From ToB Audit

Description

Oracle messages use the same mechanism as other transactions to be included in a block.
If the network is highly congested they may be not included in blocks. The only mechanism
to prevent this would be an increased fee paid, which is a suboptimal solution that may fail.
Three example mechanisms solving the problem of prioritization of transactions important
for the functioning of the system are:
● A priority argument returned by custom CheckTx implementation, introduced by
Tendermint in version 0.35.
● Reimplementation of part of the tendermint engine. Done by Terra Money.
● Substrate’s dispatch classes. The Substrate allows developers to mark transaction
types as either normal, operational, and mandatory.

Exploit Scenario

The Umee network is congested. Validators send their exchange rates votes in the last
possible block but they cannot update exchange rates. Attackers exploit this situation to
drain the network from tokens.

Recommendations

Short term, prioritize oracle messages using a custom CheckTx method. This will help
prevent a situation when an oracle misses their vote due to it not being included in a block.

No major actionable items here. Once we update to SDK v0.46, we need to modify/replace the Tx priority AnteHandler middleware, s.t. that txs with a single oracle message have highest-ish priority.
@alexanderbez
Copy link
Contributor Author

We're blocked on this until SDK v0.46 is released.

@toteki toteki mentioned this issue Mar 29, 2022
Closed
6 tasks
@adamewozniak adamewozniak added this to the Calypso milestone May 25, 2022
@adamewozniak adamewozniak self-assigned this Jun 15, 2022
@adamewozniak
Copy link
Collaborator

Pretty sure this was closed by #1217, @robert-zaremba please verify

@robert-zaremba
Copy link
Member

No, i need to do one more update

@robert-zaremba robert-zaremba mentioned this issue Aug 26, 2022
Merged
17 tasks
@robert-zaremba robert-zaremba added C:Core Core app features and removed S:Blocked labels Aug 26, 2022
@mergify mergify bot closed this as completed in #1290 Aug 30, 2022
mergify bot pushed a commit that referenced this issue Aug 30, 2022
@robert-zaremba
feat: compute proper tx prioritization (#1290)
ba12f26 
## Description

closes: #510

---

### Author Checklist

_All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues._

I have...

- [ ] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] added `!` to the type prefix if API or client breaking change
- [ ] added appropriate labels to the PR
- [ ] targeted the correct branch (see [PR Targeting](https://github.com/umee-network/umee/blob/main/CONTRIBUTING.md#pr-targeting))
- [ ] provided a link to the relevant issue or specification
- [ ] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [ ] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed

### Reviewers Checklist

_All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items._

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed all author checklist items have been addressed
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robert-zaremba robert-zaremba

Labels
C:Audit C:Core Core app features C:x/oracle
Projects
None yet
Milestone
v3
Development

Successfully merging a pull request may close this issue.

feat: compute proper tx prioritization umee-network/umee
3 participants
@robert-zaremba @alexanderbez @adamewozniak