Commit to client's node id in bLIP-52/LSPS2 promise#4040
Conversation
Previously, the promise HMAC would only commit to the promise secret and the `OpeningFeeParams` fields, leaving room for other clients to reuse the same `OpeningFeeParams` in `BuyRequests` if they'd acquire it somehow out-of-bounds. While this flexibility also has some benefits, we here have the service commit to the client's node id, making sure only the original client can redeem a specific `OpeningFeeParams`.
|
👋 Thanks for assigning @TheBlueMatt as a reviewer! |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4040 +/- ##
==========================================
+ Coverage 88.73% 88.75% +0.01%
==========================================
Files 176 176
Lines 129015 129106 +91
Branches 129015 129106 +91
==========================================
+ Hits 114485 114583 +98
+ Misses 11935 11923 -12
- Partials 2595 2600 +5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
TheBlueMatt
left a comment
TheBlueMatt
left a comment
There was a problem hiding this comment.
This is trivial so just gonna land it.
|
👋 The first review has been submitted! Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer. |
|
post merge ACK |
4 participants
Closes #4037.
Previously, the promise HMAC would only commit to the promise secret and the
OpeningFeeParamsfields, leaving room for other clients to reuse the sameOpeningFeeParamsinBuyRequestsif they'd acquire it somehow out-of-bounds.While this flexibility also has some benefits, we here have the service commit to the client's node id, making sure only the original client can redeem a specific
OpeningFeeParams.(cc @johncantrell97 @martinsaposnic)