A trivial way for a Plasma Cash operator to exit "inflated" coins?


#1

In Plasma Cash, users don’t need/aren’t required to download and validate the whole Plasma chain, but only the proofs related to the coins they own, as explained in the original Plasma Cash post:

Let’s say I’m an operator and I send a small amount of ETH (A) to the Plasma Cash contract and generate a coin of the same value (A) on the Plasma chain. What stops me form simply changing that coin’s value to a much higher one (B) and submit an exit? No one should challenge me, because everyone keeps track only of their own coins, and this coin is mine?

What am I missing? :slight_smile:


#2

In our implementation, when deposit A is made through calling deposit, the Layer 1 contract will store it in a depositBalance array; when an exit is initiated right after the deposit (via depositExit) or after some token transfer, even if no one challenges you, only the original domination A could be sent back to you when the exit is finalized, using the original amount recorded in the depositBalance array. No one can change the value of the depositBalance array from A to a much higher value, and we have the 64-bit tokenID hash composed of the original depositor (msg.sender), unique deposit index, and the original depositAmount (A), which is useful to verify the very first transaction as being valid.


#3

Ran into the same issue from a state-channels perspective while implementing a hub-and-spoke virtual channel payment network. The issue being that all users of the hub share the same contract and thus any state update could collude and drain other channels.

We prevent this in the same way as @sourabhniyogi does by tracking deposits and withdrawals on-chain in some storage of the parent contract. This way the contract would simply check that the operator never deposited ether to cover the inflated off-chain state.