Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix unbonding period in deposit.sol #1761

Open
DrZoltanFazekas opened this issue Nov 6, 2024 · 0 comments · May be fixed by #2007
Open

Fix unbonding period in deposit.sol #1761

DrZoltanFazekas opened this issue Nov 6, 2024 · 0 comments · May be fixed by #2007
Assignees
@86667
Labels
Agate Required for mainnet launch

Comments

@DrZoltanFazekas
Copy link
Contributor

DrZoltanFazekas commented Nov 6, 2024
edited
Loading

The current deposit contract uses the block timestamp to determine if the unbonding period has expired and stakers can withdraw their deposit. This is vulnerable to the following attack. If the chain has a lot of timeouts (which can be caused by malicious validators) or, in an extreme case, it is down for a couple of days, the actual unbonding period in terms of blocks can become shorter than the weak-subjectivity period with the consequence that an adversary controlling 1/3 of the stake could escape slashing before the next checkpoint. Therefore, we should use block numbers instead of block timestamps.

The issue shall be fixed before the planned audit of the deposit contract,
@DrZoltanFazekas DrZoltanFazekas self-assigned this Nov 6, 2024
@DrZoltanFazekas DrZoltanFazekas linked a pull request Nov 13, 2024 that will close this issue
Improvements in deposit.sol #1818
Merged
@DrZoltanFazekas DrZoltanFazekas removed a link to a pull request Nov 14, 2024
Improvements in deposit.sol #1818
Merged
@DrZoltanFazekas DrZoltanFazekas pinned this issue Nov 20, 2024
@DrZoltanFazekas DrZoltanFazekas unpinned this issue Nov 20, 2024
@DrZoltanFazekas DrZoltanFazekas added the Agate Required for mainnet launch label Nov 20, 2024
@DrZoltanFazekas DrZoltanFazekas changed the title Unbonding period in deposit.sol Fix unbonding period in deposit.sol Nov 20, 2024
@DrZoltanFazekas DrZoltanFazekas removed their assignment Nov 26, 2024
@86667 86667 self-assigned this Dec 11, 2024
@86667 86667 linked a pull request Dec 12, 2024 that will close this issue
feat: deposit_v3 use block number for withdrawal unbonding period #2007
Draft
This was referenced Dec 12, 2024
Draft
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@86667 86667

Labels
Agate Required for mainnet launch
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: deposit_v3 use block number for withdrawal unbonding period Zilliqa/zq2
2 participants
@86667 @DrZoltanFazekas