Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BEP-402: Complete Missing Fields in Block Header to Generate Signature #402

Merged
merged 4 commits into from
Jul 3, 2024
Merged

BEP-402: Complete Missing Fields in Block Header to Generate Signature #402

merged 4 commits into from
Jul 3, 2024

Conversation

buddh0
Copy link
Contributor

@buddh0 buddh0 commented Jun 28, 2024
edited
Loading 

  BEP: 402
  Title: Complete Missing Fields in Block Header to Generate Signature
  Status: Candidate
  Type: Standards
  Created: 2024-06-28

BEP-402: Complete Missing Fields in Block Header to Generate Signature

1. Summary

Since the London upgrade on the BSC chain, 5 new fields have been added to the block header, but these fields are not used when generating the block signature. As a result, users cannot guarantee that these new fields have not been tampered with after only verifying the signature. This BEP aims to address this issue.

2. Motivation

After a block producer mines a block, they first encode all fields in the block header along with the chainId, then sign it, and place the signature in the block header before broadcasting it. The receiver only needs to extract the signature and verify it to confirm whether the block has been tampered with.

The BSC client, when signing the block header, omitted the 5 new fields. In most scenarios, this does not cause security issues, as the receiver will strictly validate these fields upon receiving the block. However, to adhere to best practices in blockchain and further enhance security, this BEP proposes to include these 5 new fields when generating the signature.

3. Status

This BEP is in progress.

4. Specification

4-1

4.1 Define ParentBeaconRoot

The ParentBeaconRoot is unnecessary for BSC and is retained for compatibility with Ethereum APIs. The value of this field will be changed from nil to zero hash, allowing the encoding stage for signing and verification to be based solely on the values of the fields in the header, independent of hard fork timing. Following Geth, the zero hash will be used as a placeholder.

header.ParentBeaconRoot = new(Hash)

4.2 Encode Before Signing

The encoding logic will be determined based on whether header.ParentBeaconRoot is a zero hash.

if header.ParentBeaconRoot != nil && *header.ParentBeaconRoot == Hash{} {
    encoding = rlp([chainId,
        header.ParentHash,
        header.UncleHash,
        header.Coinbase,
        header.Root,
        header.TxHash,
        header.ReceiptHash,
        header.Bloom,
        header.Difficulty,
        header.Number,
        header.GasLimit,
        header.GasUsed,
        header.Time,
        // signature will be put at the end of header.Extra, exclude it 
        header.Extra[:len(header.Extra)-len(signature)],
        header.MixDigest,
        header.Nonce,
        header.BaseFee,
        header.WithdrawalsHash,
        header.BlobGasUsed,
        header.ExcessBlobGas,
        header.ParentBeaconRoot,
    ])
} else {
    encoding = rlp([chainId,
        header.ParentHash,
        header.UncleHash,
        header.Coinbase,
        header.Root,
        header.TxHash,
        header.ReceiptHash,
        header.Bloom,
        header.Difficulty,
        header.Number,
        header.GasLimit,
        header.GasUsed,
        header.Time,
        // signature will be put at the end of header.Extra, exclude it 
        header.Extra[:len(header.Extra)-len(signature)],
        header.MixDigest,
        header.Nonce,
    ])
}

5. Backwards Compatibility

There are no known backward compatibility issues.

6. License

The content is licensed under CC0

@buddh0 buddh0 force-pushed the complete_missing_fields_for_signature branch from 9f181f7 to d461678 Compare June 28, 2024 06:40
@buddh0 buddh0 changed the title Complete the missing fields in the Block Header to generate the Signature BEP-402: Complete missing fields in Block Header to generate Signature Jun 28, 2024
@NathanBSC NathanBSC marked this pull request as draft July 1, 2024 03:32
@buddh0 buddh0 force-pushed the complete_missing_fields_for_signature branch from d461678 to 355851b Compare July 2, 2024 08:23
@NathanBSC NathanBSC changed the title BEP-402: Complete missing fields in Block Header to generate Signature BEP-402: Complete Missing Fields in Block Header to Generate Signature Jul 2, 2024
@buddh0 buddh0 force-pushed the complete_missing_fields_for_signature branch from 355851b to a4ce09f Compare July 2, 2024 10:30
@buddh0 buddh0 marked this pull request as ready for review July 2, 2024 10:32
@buddh0 buddh0 mentioned this pull request Jul 2, 2024
Merged
emailtovamos
emailtovamos reviewed Jul 2, 2024
View reviewed changes
BEPs/BEP-402.md
## 2. Motivation
After a block producer mines a block, they first encode all fields in the block header along with the chainId, then sign it, and place the signature in the block header before broadcasting it. The receiver only needs to extract the signature and verify it to confirm whether the block has been tampered with.

The BSC client, when signing the block header, omitted the 5 new fields. In most scenarios, this does not cause security issues, as the receiver will strictly validate these fields upon receiving the block. However, to adhere to best practices in blockchain and further enhance security, this BEP proposes to include these 5 new fields when generating the signature.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any scenario at all where security might be an issue currently? If not then the following sentence from summary doesn't hold true for bsc.
As a result, users cannot guarantee that these new fields have not been tampered with after verifying the signature.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any scenario at all where security might be an issue currently? If not then the following sentence from summary doesn't hold true for bsc. As a result, users cannot guarantee that these new fields have not been tampered with after verifying the signature.

the scenario: verifying the signature but not verify the fields in Header

after verifying the signature.
-->
after only verifying the signature.

MatusKysel
MatusKysel previously approved these changes Jul 2, 2024
View reviewed changes
@brilliant-lx brilliant-lx merged commit 1390735 into bnb-chain:master Jul 3, 2024
@yutianwu yutianwu mentioned this pull request Jul 29, 2024
Merged
galaio pushed a commit to galaio/BEPs that referenced this pull request Nov 1, 2024
@buddh0 @galaio
BEP-402: Complete Missing Fields in Block Header to Generate Signature (
08ecc44 
bnb-chain#402)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emailtovamos emailtovamos emailtovamos left review comments

@monkeydluffyto monkeydluffyto monkeydluffyto approved these changes

@zzzckck zzzckck zzzckck approved these changes

@Gabo139 Gabo139 Gabo139 approved these changes

@MatusKysel MatusKysel MatusKysel left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@buddh0 @MatusKysel @emailtovamos @monkeydluffyto @zzzckck @Gabo139 @brilliant-lx