You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the Telegram chat today it came up that a hash of the confidential inputs makes it onchain. I think this fact should be made very clear in the Suave documentation, as if you have a suapp that takes in a confidential input from a small set of possible values (for example, a boolean), it becomes very easy to determine the input from the hash.
Addressing it is straightforward as you can concatenate some random noise with the real value for the confidential input, and then discard the noise in the contract, but the fact that a hash goes onchain was a surprise to me and would have led to a security vulnerability in the suapp I'm working on.
The text was updated successfully, but these errors were encountered:
In the Telegram chat today it came up that a hash of the confidential inputs makes it onchain. I think this fact should be made very clear in the Suave documentation, as if you have a suapp that takes in a confidential input from a small set of possible values (for example, a boolean), it becomes very easy to determine the input from the hash.
Addressing it is straightforward as you can concatenate some random noise with the real value for the confidential input, and then discard the noise in the contract, but the fact that a hash goes onchain was a surprise to me and would have led to a security vulnerability in the suapp I'm working on.
The text was updated successfully, but these errors were encountered: