Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CRITICAL security vuln fixed #83

Closed
wants to merge 1 commit into from
Closed

Conversation

gsovereignty
Copy link

@gsovereignty gsovereignty commented Jun 19, 2019

I've discovered an alarming vulnerability, but fortunately there's a really simple fix so I've sent a pull request to address it.

In the current implementation, trusted 'validator nodes' are core to the security model. This means that hard power is centralised around these few entities. The protocol itself depends on these entities to (as the name suggests) validate the protocol. This means the protocol is whatever they decide it is. These entities can change the rules whenever they want. This means they can freeze your coins, take your coins, issue new coins, or really whatever they want - the sky is the limit.

This problem can easily be solved by using a permissionless system where the hard power is decentralised across a very large number of participants in such a way that making changes to the protocol is impossible without near unanimous agreement by everyone involved.

This pull request contains a patch to the existing codebase to resolve this issue.

Edit: related issue: bnb-chain/node-binary#36

@tzarebczan
Copy link

ACK.

@tamasblummer
Copy link

Concept ACK
utACK

@DESIGNfromWITHIN
Copy link

Hahahaha Epic SIR!

@SamSamskies
Copy link

lgtm

@Kukks
Copy link

Kukks commented Jun 19, 2019

This seems to address a number of issues acknowledged on the whitepaper, great work!

@OverSoft
Copy link

ACK
This commit fixed all issues.

@tiero
Copy link

tiero commented Jun 19, 2019

tACK

@Kixunil
Copy link

Kixunil commented Jun 19, 2019

tACK

@bvolpato
Copy link

LGTM

@mandelmonkey
Copy link

ACK

@Kixunil
Copy link

Kixunil commented Jun 19, 2019

Fixes #57 and #35

@pretyflaco
Copy link

ACK

@amanusk
Copy link

amanusk commented Jun 19, 2019

Fixed it for me!

@lorenzodisidoro
Copy link

Now ready to be released 🚀

Copy link

@gpestana gpestana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weird way to write Rust, but LGTM.

@backmeupplz
Copy link

Screen Shot 2019-06-19 at 9 25 29 AM

@Sizuji
Copy link

Sizuji commented Jun 19, 2019

ACK

1 similar comment
@kanemil
Copy link

kanemil commented Jun 19, 2019

ACK

@ohld
Copy link

ohld commented Jun 19, 2019

Perfect solution for decentralized future.

@eugenioclrc
Copy link

Great contribution! ACK!

@ddustin
Copy link

ddustin commented Jun 19, 2019

lgtm merge it in!

Copy link

@hellc hellc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice try!

@joaquinmoreira
Copy link

tACK

@dondreytaylor
Copy link

Wow, this pull request works perfectly on nimbleNODE (pocket size full node) too. Good stuff
https://nimblenode.io

@agiUnderground
Copy link

utACK

@viktor-berezin
Copy link

ACK

@melekhine
Copy link

Yeah, just merge this!!!

Copy link

@adamtache adamtache left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nikandfor
Copy link

lgtm

@bonzofenix
Copy link

LGTM

1 similar comment
@bitstein
Copy link

LGTM

@blockchainwalletorg
Copy link

image

@binaryFate
Copy link

This PR does not address privacy concerns though, it only tackles the decentralization aspects but suggest to use a dangerously transparent blockchain.

@ericnakagawa
Copy link
Contributor

Libra initially uses a set of validators from Founding Members -- this helps to provide stability for the project in its early days. However, over the long run, validators will be selected only on their holdings of Libra, forming a permissionless system.

We believe that Libra can coexist with other currencies like Bitcoin -- Libra addresses a number of needs (like low-volatility) that other currencies do not address today.

@diem diem locked as off-topic and limited conversation to collaborators Jun 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.