| Safe Haskell | Safe-Inferred |
|---|---|
| Language | Haskell2010 |
Cooked.Attack.DatumHijacking
Description
This module provides an automated attack to try and redirect outputs to a certain target with a similar datum type.
Synopsis
- redirectScriptOutputTweak :: (MonadTweak m, Is k A_Traversal, Show (DatumType a), ToData (DatumType a)) => Optic' k is TxSkel (ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script)) -> (ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script) -> Maybe (TypedValidator a)) -> (Integer -> Bool) -> m [ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script)]
- datumHijackingAttack :: forall a m. (MonadTweak m, Show (DatumType a), PrettyCooked (DatumType a), ToData (DatumType a), UnsafeFromData (DatumType a), UnsafeFromData (RedeemerType a), Typeable (DatumType a), Typeable a) => (ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script) -> Bool) -> (Integer -> Bool) -> m [ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script)]
- newtype DatumHijackingLbl = DatumHijackingLbl Address
Documentation
redirectScriptOutputTweak Source #
Arguments
| :: (MonadTweak m, Is k A_Traversal, Show (DatumType a), ToData (DatumType a)) | |
| => Optic' k is TxSkel (ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script)) | |
| -> (ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script) -> Maybe (TypedValidator a)) | Return |
| -> (Integer -> Bool) | The redirection described by the previous argument might apply to more than one of the script outputs of the transaction. Use this predicate to select which of the redirectable script outputs to actually redirect. We count the redirectable script outputs from the left to the right, starting with zero. |
| -> m [ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script)] |
Redirect script outputs from one validator to another validator of the same type. Returns the list of outputs it redirected (as they were before the modification), in the order in which they occurred on the original transaction.
Something like txSkelOutsL % traversed % txSkelOutOwnerTypeP
(Script.TypedValidator a)@ might be useful to construct the optics used by
this tweak.
Arguments
| :: forall a m. (MonadTweak m, Show (DatumType a), PrettyCooked (DatumType a), ToData (DatumType a), UnsafeFromData (DatumType a), UnsafeFromData (RedeemerType a), Typeable (DatumType a), Typeable a) | |
| => (ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script) -> Bool) | Predicate to select outputs to steal, depending on the intended recipient, the datum, and the value. |
| -> (Integer -> Bool) | The selection predicate may match more than one output. Use this predicate to restrict to the i-th of the outputs (counting from the left, starting at zero) chosen by the selection predicate with this predicate. |
| -> m [ConcreteOutput (TypedValidator a) TxSkelOutDatum Value (Versioned Script)] |
A datum hijacking attack, simplified: This attack tries to substitute a
different recipient on PaysScript constraints, but leaves the datum as it
is. That is, it tests for careless uses of something like txInfoOutputs in
places where something like getContinuingOutputs should be used. If this
attack goes through, however, a "proper" datum hijacking attack that modifies
the datum in a way that (the relevant part of) the
toBuiltinData-translation stays the same will also work.
A DatumHijackingLbl with the hash of the "thief" validator is added to the
labels of the TxSkel using addLabel.
This attack returns the list of outputs it redirected, in the order in which they occurred on the original transaction. If no output is redirected, this attack fails.
newtype DatumHijackingLbl Source #
Constructors
| DatumHijackingLbl Address |