Skip to content

fix: replay attacks after canister migration #7787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mraszyk merged 1 commit into from
Dec 1, 2025
Merged

fix: replay attacks after canister migration #7787

mraszyk merged 1 commit into from
Dec 1, 2025

Conversation

@mraszyk
Copy link
Contributor

@mraszyk mraszyk commented Nov 25, 2025
edited
Loading

This PR prevents replay attacks after canister migration by waiting at least 6 minutes: 5 minutes and 30 seconds (maximum ingress expiry enforced by ingress validator) and 30 seconds (to account for a clock drift between the two subnets).

@github-actions github-actions bot added the fix label Nov 25, 2025
mraszyk
mraszyk commented Nov 26, 2025
View reviewed changes
michael-weigelt
michael-weigelt approved these changes Nov 28, 2025
View reviewed changes
Copy link
Contributor

@michael-weigelt michael-weigelt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@mraszyk mraszyk force-pushed the mraszyk/canister-migration-replay-call branch from 80da55f to 610848d Compare December 1, 2025 13:59
@mraszyk mraszyk marked this pull request as ready for review December 1, 2025 14:52
@mraszyk mraszyk requested review from a team as code owners December 1, 2025 14:52
randombit
randombit approved these changes Dec 1, 2025
View reviewed changes
Copy link
Contributor

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine re comment in validator source, did not review migration_canister changes

@mraszyk mraszyk added this pull request to the merge queue Dec 1, 2025
Merged via the queue into master with commit 82e0282 Dec 1, 2025
69 of 72 checks passed
@mraszyk mraszyk deleted the mraszyk/canister-migration-replay-call branch December 1, 2025 21:41
This was referenced Dec 2, 2025
Merged
Closed
eichhorl pushed a commit that referenced this pull request Dec 2, 2025
@mraszyk
chore(migration-canister): return only a single migration status (#7890)
e1f1906 
This PR makes the `migration_status` endpoint of the migration canister
return only a single or no migration status for a given pair of canister
IDs.

This PR also fixes the duration of waiting for a completed migration in
the canister migration system test to 7 minutes (since the migration
canister now waits for at least 6 minutes before completing canister
migration to prevent replay attacks - see
[PR](#7787)).

To prevent such regressions in the future, this PR adds the system test
to `PULL_REQUEST_BAZEL_TARGETS` and tags the test as `long_test` so that
it can run on PRs using `PULL_REQUEST_BAZEL_TARGETS`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@randombit randombit randombit approved these changes

@michael-weigelt michael-weigelt michael-weigelt approved these changes

Assignees

No one assigned

Labels

@consensus fix @team-dsm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mraszyk @randombit @michael-weigelt