This repository has been archived by the owner on Jun 11, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 457
Address collision results in public keys being overwritten #266
Milestone
Comments
karmacoma
pushed a commit
that referenced
this issue
Aug 31, 2016
New accounts are no longer written to mem_accounts. Affects POST /api/accounts/open and POST /api/accounts/generatePublicKey.
karmacoma
pushed a commit
that referenced
this issue
Aug 31, 2016
Resulting from: fdd31191466e9b6a4c94d08f188fe8db81dc05e1.
karmacoma
pushed a commit
that referenced
this issue
Aug 31, 2016
karmacoma
pushed a commit
that referenced
this issue
Sep 2, 2016
karmacoma
pushed a commit
that referenced
this issue
Sep 9, 2016
When two passphrases collide into the same address.
karmacoma
pushed a commit
that referenced
this issue
Sep 9, 2016
karmacoma
pushed a commit
that referenced
this issue
Sep 9, 2016
karmacoma
pushed a commit
that referenced
this issue
Sep 9, 2016
karmacoma
pushed a commit
that referenced
this issue
Sep 9, 2016
Indicating whether an unconfirmed transaction sent from an account has been applied.
karmacoma
pushed a commit
that referenced
this issue
Sep 9, 2016
Making address, u_username, username, virgin, publicKey, and secondPublicKey columns immutable.
karmacoma
pushed a commit
that referenced
this issue
Sep 9, 2016
When decrementing unconfirmed balance.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In the event of an collision where the same passphrase resolves to the same LSK address, the public key on
mem_accounts
is overwritten, allowing transactions to be signed from the account using either of the colliding passphrases.Initial resolution:
POST /api/accounts/open
andPOST /api/accounts/generatePublicKey
, so that newmem_accounts
entries are not created for unregistered addresses.PUT /api/transactions
and other endpoints for various transaction types, so that a newmem_accounts
entry is created, if the account is unregistered.publicKey
for each entry inmem_accounts
immutable.Further mitigations:
The text was updated successfully, but these errors were encountered: