You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A problem with running a hot wallet is that you have no control over who can stake using your wallet i.e., as a hot wallet operator I am unable to refuse to receive stake delegations.
This could be used as a vector for denial of service - if a staking address is leaked or provided as part of a staking pool, it is possible to force the stakers wallet to manage an unreasonable amount of UTXOs, it may impact the staking performance and possibly increase orphans. The cost of such attack is negligible costs (only the fees required in the stake delegations) as the coins always remain in possession of the attacker.
It would also be possible for a user to identify another stakers address simply by examining the blockchain and then delegate staking to that address.
One option would be to allow the staker to whitelist only "approved" addresses. Another consideration would be to add a flag that would purposely allow cold staking rather than normal staking.
The text was updated successfully, but these errors were encountered:
The feature should have an API interface taking two parameters the whitelist address and a TTL parameter so that the whitelisting would expire after a set amount of time.
A problem with running a hot wallet is that you have no control over who can stake using your wallet i.e., as a hot wallet operator I am unable to refuse to receive stake delegations.
This could be used as a vector for denial of service - if a staking address is leaked or provided as part of a staking pool, it is possible to force the stakers wallet to manage an unreasonable amount of UTXOs, it may impact the staking performance and possibly increase orphans. The cost of such attack is negligible costs (only the fees required in the stake delegations) as the coins always remain in possession of the attacker.
It would also be possible for a user to identify another stakers address simply by examining the blockchain and then delegate staking to that address.
One option would be to allow the staker to whitelist only "approved" addresses. Another consideration would be to add a flag that would purposely allow cold staking rather than normal staking.
The text was updated successfully, but these errors were encountered: