Skip to content
  • Alessandro Sorniotti's avatar
    [FAB-6381] Secure defaults for txsFilter · 53de0781
    Alessandro Sorniotti authored
    
    
    The aim of this change set is to apply the well-established "Secure by
    default" security principle to the way the validator validates transactions
    in a block.
    
    The current code behaves as follows: create an array of validation codes, set
    by default to "all transactions are valid"; then perform validation which may
    mark transactions as invalid. Furthermore, in other parts of the code, if no
    array of validation codes is yet persent in the block, a new one is
    indiscriminately created (again, marking all transactions as valid). This
    approach is a security anti-pattern because it opens up to attacks where an
    adversary may force the code through a path where the default "tx is valid"
    validation code is maintained even for invalid txes.
    
    This change set ensures that validation code arrays are created and set to a
    new value (TxValidationCode_NOT_VALIDATED) which ensures that a transaction
    that hasn't been validated cannot be mistaken for a valid one.
    
    Change-Id: I5dbb18dd77af3cd14b168042ae660e4e27bf29dd
    Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
    53de0781