Announcing DIP 30 - Replay Attack Prevention and State Transition Nonces

[thephez]

We're pleased to announce the release of DIP 30! This new proposal explains the design to enhance security on Dash Platform by preventing replay attacks and ensuring the integrity of state transitions. This design introduces partial asset locks and two types of nonces: identity nonces and identity contract nonces. Partial asset locks secure the asset lock value when doing identity create or topup transitions. Nonces guard against replay attacks by ensuring that each operation is uniquely identifiable and processed in the correct order.

You can read all the details about DIP 30 on GitHub. A big thank you to Samuel Westrich for authoring this DIP, and special thanks to everyone who contributed to writing and reviewing it.


Note: this info was discussed in Dev updates on the DashPay YouTube channel

• 2024-02-06 Cost based replay attacks (43:00 to 54:00)
• 2024-02-20 Preventing Replay Attacks (35:00 to 51:00)

 

[qwizzie]

We are also getting a DIP for Dash Credit system (including Withdrawals), correct ?
Any DIP number assigned to it ?

Identity Credits
Each time an Identity performs a state transition, its credit balance will be updated by subtracting the network cost of the transition. When a state transition first arrives at a Dash Platform node, the node in question must first check the balance of the Identity and make sure the Identity has enough credits to pay for this transition. If the Identity does and the transition is valid and properly signed, then the node will broadcast the state transition to other nodes. All nodes must redo these verifications when receiving the state transitions. Each time a node proposes a block it must redo these verifications as well, as to not submit state transitions from Identities with an insufficient balance.

A future DIP will explain the Dash credit system in further detail.

Source : https://docs.dash.org/projects/core/en/20.1.0/docs/dips/dip-0011.html

 

[thephez]

There are a several docs related to fees/credit system that the team worked on last year. We will need to revisit and probably make some revisions, but the plan is still to release them at some point. Usually we don't assign the DIP numbers until the pull request is created.