Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

suggestions for COA address #5344

Merged
merged 6 commits into from
Feb 2, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
clarify security consideration about prefix length
  • Loading branch information
Tarak Ben Youssef committed Feb 1, 2024
commit 0a9e40bd8fe0cf80f2985889d9f780147099ac15
18 changes: 16 additions & 2 deletions fvm/evm/types/address.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,16 @@ import (
)

const (
// number of prefix bytes with specific values for special accounts (extended precompiles and COAs)
// using leading zeros for prefix helps with the storage compactness
// number of prefix bytes with constant values for special accounts (extended precompiles and COAs)
// using leading zeros for prefix helps with the storage compactness.
//
// The prefix length should insure a high-enough level of security against finding a preimage using the hash
// function used for EVM addresses generation (Keccak256). This is required to avoid finding an EVM address
// that can also be a valid FlowEVM address.
// The target (minimal) security in this case is the security level provided by EVM addresses.
// Since EVM addresses are 160-bits long, EVM addresses offer only 80 bits of security (collision resistance
// offers the lowest level).
// A preimage resistance of 80 bits requires the prefix to be at least 80-bits long (i.e 10 bytes)
FlowEVMSpecialAddressPrefixLen = 12
)

Expand Down Expand Up @@ -56,6 +64,12 @@ func NewAddressFromString(str string) Address {
}

// IsACOAAddress returns true if the address is a COA address
//
// This test insure `addr` has been generated as a COA address with high probability.
// Brute forcing an EVM address `addr` to pass the `IsACOAAddress` test is as hard as the bit-length
// of `FlowEVMCOAAddressPrefix` (here 96 bits).
// Although this is lower than the protocol-wide security level in Flow (128 bits), it remains
// higher than the EVM addresses security (80 bits when considering collision attacks)
func IsACOAAddress(addr Address) bool {
return bytes.HasPrefix(addr[:], FlowEVMCOAAddressPrefix[:])
}
Expand Down