Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document that hash of confidential inputs is stored onchain #134

Open
tms7331 opened this issue Aug 23, 2024 · 0 comments
Open

Document that hash of confidential inputs is stored onchain #134

tms7331 opened this issue Aug 23, 2024 · 0 comments

Comments

@tms7331
Copy link

tms7331 commented Aug 23, 2024

In the Telegram chat today it came up that a hash of the confidential inputs makes it onchain. I think this fact should be made very clear in the Suave documentation, as if you have a suapp that takes in a confidential input from a small set of possible values (for example, a boolean), it becomes very easy to determine the input from the hash.

Addressing it is straightforward as you can concatenate some random noise with the real value for the confidential input, and then discard the noise in the contract, but the fact that a hash goes onchain was a surprise to me and would have led to a security vulnerability in the suapp I'm working on.

@linear linear bot added the suave-geth label Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant