This repository was archived by the owner on Jun 6, 2023. It is now read-only.
This repository was archived by the owner on Jun 6, 2023. It is now read-only.
Market.PublishStorageDeals griefing vector #1144
Description
PublishStorageDeals relies on validation for all deals passing, or the entire call fails. A deal client may force validation for any of their signed deals to fail on publication by withdrawing market funds that are escrowed (but not locked). The attack is as follows:
- Client adds balance to the market actor (
Market.AddBalance) - Client negotiates/signs a storage deal with some miner
- Miner creates a transaction to
Market.PublishStorageDeals - Client frontruns this transaction with a call to
Market.WithdrawBalance, withdrawing their escrowed funds Market.PublishStorageDealsfails because the client no longer has balance to lock up
The same may be accomplished if a client signs multiple copies of the same storage deal and distributes them to multiple miners, but only supplies enough balance to the market to support one deal. In this case, no frontrunning is needed; the first miner to publish the client's deal will "win," and the rest will fail.