Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggestion 4: Add Randomizer Sanity Check To Improve Robustness #479

Open
mpguerra opened this issue Feb 18, 2025 · 0 comments · May be fixed by #492
Open

Suggestion 4: Add Randomizer Sanity Check To Improve Robustness #479

mpguerra opened this issue Feb 18, 2025 · 0 comments · May be fixed by #492
Milestone
FROST Demo Audit

Comments

@mpguerra
Copy link
Contributor

Location

frost-client/src/args.rs#L173

Synopsis

The randomizer as an argument input to the command of the coordinator is implemented as a vector of strings. This vector should have the same length as the message vector, but no check is implemented in the code to verify this. However, since the code does not support signing multiple messages simultaneously, this does not result in a security-relevant issue.

Mitigation

We recommend changing the type to Option<Vec<String>> and adding a check to verify that if the option is SOME, the length of the randomizer matches the length of the messages passed in as an argument.
@mpguerra mpguerra added this to the FROST Demo Audit milestone Feb 18, 2025
@mpguerra mpguerra moved this to Sprint Backlog in FROST Feb 18, 2025
@conradoplg conradoplg linked a pull request Feb 20, 2025 that will close this issue
Open
@mpguerra mpguerra moved this from Sprint Backlog to Review/QA in FROST Feb 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
FROST
Status: Review/QA
Milestone
FROST Demo Audit
1 participant
@mpguerra