Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open Roles should use thread token to detect Marlowe input #13

Open
paluh opened this issue Dec 11, 2023 · 1 comment
Open

Open Roles should use thread token to detect Marlowe input #13

paluh opened this issue Dec 11, 2023 · 1 comment
Assignees
@nhenin

Comments

@paluh
Copy link

paluh commented Dec 11, 2023
edited
Loading

Currently we hard code Marlowe hash into the script which tightly couples the script to the main validator version. This approach has significant downsides:

  • The script cannot be reused between different versions of Marlowe validator.

  • We cannot use the hash of Open Role validator in an internal double spending white list of the Marlowe validator.

I propose:

  • Change to the logic of the script so it authorizes release of the locked role token solely based on the presence of the thread token in some of the tx inputs.

  • We can add slight optimization to the script. Let's accept optional redeemer which provides an index of the Marlowe input to speed up the check.
@paluh
Copy link
Author

paluh commented Dec 22, 2023

It doesn't seem to influence the security. Thread token should guard uniqueness of the Marlowe itself. Maybe we can observe as slight decrease in the script performance.

@bwbush, could you please tell me what is your opinion on that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nhenin nhenin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paluh @nhenin