Browse files


  • Loading branch information...
RobertMCForster committed Oct 9, 2018
1 parent 5120712 commit ad3f402e22a6ae258a7d811e930483845899a71e
Showing with 2 additions and 0 deletions.
  1. +2 −0
@@ -70,8 +70,10 @@ The functions to modify these addresses are only able to be called by the owner
The COIN token is based on the ERC865 proposal, allowing users to pay for gas using tokens rather than ether. This works by having a user sign a transaction hash with all desired data, then any delegate broadcasting the parameters and signed hash to the network in order for a transaction to be made.
We’ve created COIN V3 because of a vulnerability in COIN V2. In COIN V2, signatures were used as unique identifiers to block any potential replay attacks on pre-signed transactions. The problem with this design was that it was vulnerable to transaction malleability. While transaction malleability was fixed for transactions on the Ethereum network by restricting signatures to the lower half of the EC, it was not fixed on the ecrecover pre-compiled contract, therefore allowing a signature to be replayed using its counterpart.
To fix this problem, COIN V3 now uses the transaction hash of the pre-signed transaction as a unique identifier. This method ensures that, once a transaction is sent, it may never be sent again (of course, unless a new nonce is used).
<h2>Bug Bounty</h2>

0 comments on commit ad3f402

Please sign in to comment.