Skip to content
Snippets Groups Projects
Unverified Commit 4087e2d9 authored by Alexander Theißen's avatar Alexander Theißen Committed by GitHub
Browse files

pallet_revive: Change address derivation to use hashing (#7662) 

Fixes https://github.com/paritytech/polkadot-sdk/issues/6723

## Motivation

Internal auditors recommended to not truncate Polkadot Addresses when
deriving Ethereum addresses from it. Reasoning is that they are raw
public keys where truncating could lead to collisions when weaknesses in
those curves are discovered in the future. Additionally, some pallets
generate account addresses in a way where only the suffix we were
truncating contains any entropy. The changes in this PR act as a safe
guard against those two points.

## Changes made

We change the `to_address` function to first hash the AccountId32 and
then use trailing 20 bytes as `AccountId20`. If the `AccountId32` ends
with 12x 0xEE we keep our current behaviour of just truncating those
trailing bytes.

## Security Discussion

This will allow us to still recover the original `AccountId20` because
those are constructed by just adding those 12 bytes. Please note that
generating an ed2551...
parent 95be69ce
Branches gh-readonly-queue/master/pr-7662-95be69ce41c1600e6ba3de08e5e4caeaf7a9c62e
Pipeline #517380 waiting for manual action with stages
in 1 hour, 24 minutes, and 22 seconds
Hide whitespace changes
Inline Side-by-side
Showing
with 142 additions and 54 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment