Replies: 1 comment 5 replies
-
|
Can you please clarify what the user would be signing and how this would change the existing payload? I'm assuming the URL. Does this need to be passed to the contract or can we allow it to be checked only by the Provider? |
Beta Was this translation helpful? Give feedback.
-
|
We would need to add the provider id to the payload. I.e. say we have provider 1 (p1.com) and provider 2 (p2.com). Say p1 is forwarding their requests to p2 to leverage their provider node. When the user requests the captcha, they're requesting from p1 which was randomly chosen. When the user comes to submit their captcha, we put the id of the randomly selected provider (p1) in the payload and sign it. This gets sent to p1 with the captcha submission, which p1 forwards to p2. p2 unpacks the submission and sees that the payload has the provider set to p1, not p2, therefore reject |
Beta Was this translation helpful? Give feedback.
-
|
actually the provider id is already in the commit struct, no need to add it |
Beta Was this translation helpful? Give feedback.
-
|
If p2 and p1 are working together why would p2 reject the incorrect signature? |
Beta Was this translation helpful? Give feedback.
-
|
they could if they were working together, though I don't know what they'd gain from this in the example p1 is attempting to exploit p2. By using p2's services, p1 can pretend to be a functioning provider when it is just a proxy to p2. p1 gains financially from this at the expense of p2. p1 and p2 are independent parties in this example |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for clarifying. In that case, I think your proposition works. |
Beta Was this translation helpful? Give feedback.
-
Currently, we disallow duplicate provider urls to stop people from routing their provider record on the contract to someone else's running provider node.
This works, however a simple reverse proxy can get around this easily.
Given that a user has to sign a payload which has the chosen provider in, it's impossible for a reverse proxy to work as the provider would notice the commitment was not destined for them. Further, the provider would also check whether it was them selected for the captcha challenge, quickly discovering it was not.
Given these measures are already in place, I don't think we need the url duplication guard in the contract. A provider would naturally reject commitments when it isn't the chosen provider / interacting provider
Beta Was this translation helpful? Give feedback.
All reactions