This repository has been archived by the owner on Jan 22, 2025. It is now read-only.
Contracts should vet timestamp sources, not leader #405
Milestone
Comments
garious
added a commit
to garious/solana
that referenced
this issue
Jul 9, 2018
Per @aeyakovenko, contracts shouldn't trust the network for timestamps. Instead, pass the verified public key to the contract and let it decide if that's a public key it wants to trust the timestamp from. Fixes solana-labs#405
garious
added a commit
that referenced
this issue
Jul 9, 2018
Per @aeyakovenko, contracts shouldn't trust the network for timestamps. Instead, pass the verified public key to the contract and let it decide if that's a public key it wants to trust the timestamp from. Fixes #405
vkomenda
pushed a commit
to vkomenda/solana
that referenced
this issue
Aug 29, 2021
* Include pool mint in instruction, required for burning * Add simple Rust test * Fix js withdraw test
CriesofCarrots
pushed a commit
to CriesofCarrots/solana
that referenced
this issue
Apr 1, 2024
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently, the leader maintains
time_sources, a set of trusted public keys. The bank rejects any timestamp instructions that aren't from one of those keys.https://github.com/solana-labs/solana/blob/master/src/bank.rs#L365
Instead, the key should be passed to the payment plan and allow the contract to choose whom to trust:
https://github.com/solana-labs/solana/blob/master/src/bank.rs#L383
The text was updated successfully, but these errors were encountered: