[toc]
- Contract bug that can increase arbitrary deposit to a validator.
- Fix:
- [R] Need to adding an assert line in a function.
- [W] Need to add a new varible in validator struct to track new info.
- Fix:
- Some malicious behavior detected, it's a game theoretic attack
- Fix:
- [P] Change parameters to incentivize desirable behaviors.
- [D] Fallback to pow
- Fix:
- Attacker is able to withdraw a validator's funds. Slow (can change withdrawal addr but still has to logout and wait) or quick (can immediately withdraw to attacker addr)
-
Fix (slow):
- [R] and [P] patch contract and reconfigure storage with appropriate balances
- Have 4 months to fix, probably would [D]isable FFG on clients in the meantime
-
Fix (quick):
- Way worse... A lot of money would be displaced and very difficult to recover. Would probably require a chain reversion to a finalized block and patch the code.
-
- Attacker is able to issue ether beyond the standard reward mechanisms. Ex: miner getting vote inclusion rewards more than once per
vote
, slasher getting slashing finder fee more than once per slash- fix:
- [R] add assert or something
- Probably could not get the drained funds back without a chain reversion.
- limits:
- if double
vote
inclusion, miner would be limited byvote_gas_limit
and the rate of successfully mining blocks - if double
slash
, slasher would be limited in needing to find a slashing condition to submit.
- if double
- fix:
$ ./your-favorite-eth-client --casper-fork-choice=false
If block.number == FORK_BLKNUM:
casper_account.storage_trie.update("variable") = new_value
Copy previous state root to the new fixed and deployed contract.
If block.number == FORK_BLKNUM:
config["CASPER_ADDR"] = new_casper_addr
new_casper_account.storage_trie.root_hash = old_casper_account.storage_trie.root_hash
This requires storage of previous contract reusable, so
- the patch not changing the order of variable declarations
- TBD ...
Need somehow dump the states down, and populate the data required to the new contract.
If block.number == FORK_BLKNUM:
config["CASPER_ADDR"] = new_casper_addr
new_casper_account.storage_trie = open("dumped_and_parsed_trie.bin").read()
There has been so much ETH stolen and subsequently moved to other accounts that hardforking an irregular state change won't cut it. This re[V]ert strategy is a worst case, and should be avoided at almost all cost.
Rollback clients then...
If block.number == REVERT_BLKNUM:
config["CASPER_ADDR"] = new_casper_addr