Jump to content
yxxyun

Account Sequence: the difference between XRP Ledger and Stellar

Recommended Posts

We know the account on XRP Ledger and stellar both have the account sequence, A transaction is only valid if the Sequence number is exactly 1 greater than the previous transaction from the same account. But their design is little different:

The initial sequence number for account on XRP ledger is 0 .

But on stellar, the initial sequence number for account is based on the hex of ledger height when the account was created,  not start from 0.

I was wondering why stellar design like this.

Here is my guess:

We know stellar support to transfer all reserved XLM out and delete account from ledger. I think the design of the initial sequence is to support this, when account was delete from ledger and re-activate again, this account's sequence for transaction will not be replayed.

 

Edited by yxxyun

Share this post


Link to post
Share on other sites
10 minutes ago, cmbartley said:

Seems like a plausible theory. Nik felt that account deletion/merge was a bad idea and had said he might write up a blog post about it.

I don't think account deletion/merge was a bad idea, I'd like to keep the ledger clean. And what is your thought about the stellar's account sequence design?

Share this post


Link to post
Share on other sites
1 hour ago, yxxyun said:

I don't think account deletion/merge was a bad idea, I'd like to keep the ledger clean. And what is your thought about the stellar's account sequence design?

Account delete/merging leads to potential spam issues.

If the sequence number is somehow tied to the creation ledger, then it might be a problem when re-initializing a previously merged/deleted account. Best case you are "only" locking yourself out of your account for as many ledgers as you sent transactions ("seqnum >= current height" could be an invariant). Bad case: Replay attacks. Worst case: Only one single transaction possible per ledger close.

Share this post


Link to post
Share on other sites
5 minutes ago, zerpdigger said:

do stellar do invariant checking?

Quote

Hardening: as we make performance improvements, the network must remain resilient and secure. We will reduce the attack surface at the protocol layer by adding invariant support (with checks performed constantly by the validator). Those checks will reduce the impact of bugs on the ledger state.

https://www.stellar.org/blog/2018-Stellar-Roadmap/

not sure if it's implemented yet.

Share this post


Link to post
Share on other sites
18 minutes ago, zerpdigger said:

do stellar do invariant checking?

Looks like they do: https://github.com/stellar/stellar-core/tree/dd7f38dba232e20ae75a95641857c0b7ed0252e1/src/invariant

Seems more thorough than Ripple's equivalent - which is perhaps simultaneously worrying and reassuring.

I can't tell at a glance if invariant failures are recorded on-chain or not.  XRPL ultimately throws invariant failures on the ledger, using "tecINVARIANT_FAILED", a code I hope we never see.

Share this post


Link to post
Share on other sites
3 hours ago, Sukrim said:

Account delete/merging leads to potential spam issues.

If the sequence number is somehow tied to the creation ledger, then it might be a problem when re-initializing a previously merged/deleted account. Best case you are "only" locking yourself out of your account for as many ledgers as you sent transactions ("seqnum >= current height" could be an invariant). Bad case: Replay attacks. Worst case: Only one single transaction possible per ledger close.

The initial sequence number is somewhat like "83416416736247818", it's very big number and very hard to replay.

Share this post


Link to post
Share on other sites

Then imagine you do 2 million transactions within a day, setting the seqnum to a final value of 83416416738247818. Then the account is removed/merged away.

The next day, you re-create it again, initializing the seqnum to 83416416736247818 + however many ledgers have been closed in a day (stellar seems to close one every 5 seconds or so, so about 22000 ledgers). Then it is possible to replay a lot of the already submitted transactions.

Share this post


Link to post
Share on other sites
28 minutes ago, Sukrim said:

Then imagine you do 2 million transactions within a day, setting the seqnum to a final value of 83416416738247818. Then the account is removed/merged away.

The next day, you re-create it again, initializing the seqnum to 83416416736247818 + however many ledgers have been closed in a day (stellar seems to close one every 5 seconds or so, so about 22000 ledgers). Then it is possible to replay a lot of the already submitted transactions.

that not right.  by now, their ledger number is about  ~20079574, the seqnum is based on ledger number, not equal ledger number.

a quick search https://github.com/stellar/stellar-core/blob/master/src/ledger/LedgerHeaderFrame.cpp#L64

Edited by yxxyun

Share this post


Link to post
Share on other sites

As far as I understand that code and the issue tomxcs linked, it is just the ledger number shifted 32 bits? At least the sequence number is stored in the lower bits, not the high ones, so replays are less likely.

Share this post


Link to post
Share on other sites

×