Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Preventing Issuer Exhaustion #305

Merged
merged 3 commits into from
Jul 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,11 @@ We have a number of mitigations against this attack:

When the issuer detects a site is attacking its token supply, it can fail redemption (before the token is revealed) based on the referring origin, and prevent browsers from spending tokens there.

### Issuer Exhaustion

Given a cap on the issuers usable per top-level origin, there might be a race between third-party scripts to call `hasPrivateToken(issuer)` to ensure their preferred issuer is available.
The top-level document can control this process by calling `hasPrivateToken(issuer)` for its preferred issuers before any other scripts are loaded.
This would ensure the availability of the desired issuers and prevent a race to determine availability.

### Double-Spend Prevention

Expand Down
9 changes: 9 additions & 0 deletions spec.bs
Original file line number Diff line number Diff line change
Expand Up @@ -1132,6 +1132,15 @@ operations. In the context of a given origin, two redemptions are allowed initia
the third redemption is only allowed once more than an [=implementation-defined=] amount of time,
usually 48 hours, have elapsed since the first redemption.

Preventing Issuer Exhaustion {#issuer-exhaustion}
-----------------------------------------------
Competing scripts might race to call <code>hasPrivateToken(issuer)</code> to ensure their |issuer|
enters the [=issuerAssociations=] [=map=] before the |issuer| of others given a limit of two per
[=environment/top-level origin=]. To control this process, the [=environment/top-level origin=]
could call <code>hasPrivateToken(issuer)</code> up to twice before any other JavaScript is included
to ensure their preferred |issuer|s are available.


Preventing Double Spending {#preventing-double-spend}
-----------------------------------------------------

Expand Down
Loading