You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 23, 2020. It is now read-only.
After a snapshot, old transactions are removed from the database,
this can lead to wallet users unwittingly reusing private keys to sign transactions from already spent addresses, or receiving funds to said addresses in the first place.
this is due to the stateless nature of the current GUI wallet.
an API call would be added that checks if an address was ever spent from in the past: wereAddressesSpentFrom input: "addresses": ["ADDR1", "ADDR2" , ...] output: [true, false, ...]
the addresses are checked as follows:
if PreviousEpochsSpentAddresses.contains(address) -> return true
if Address has confirmed spending txs -> return true
if Address has pending spending txs, if has a valid bundle (sig) -> return true
return false
PreviousEpochsSpentAddresses is a static list, signed similar to snapshots.
this is a temporary enhancement, till stateful wallets become the norm.
The text was updated successfully, but these errors were encountered:
If my understanding is correct, every single transaction will generate an additional entry in this list since the sender address shouldn't be reused any more. So if IOTA would process 1 Million transactions per day, this list would grow around 75MB a day, is this correct? Why are there only 390,000 entries right now? Are these addresses from the last snapshot until now or from when on? I assume IOTA probably has seen more than that amount of transactions up to today.
What do "stateless" mean here? Of course a wallet could save all addresses used by itself and prevent reusage, but how would it prevent someone else sending to an old address of this wallet? And what if you want to recover your wallet from seed on a different machine?
After a snapshot, old transactions are removed from the database,
this can lead to wallet users unwittingly reusing private keys to sign transactions from already spent addresses, or receiving funds to said addresses in the first place.
this is due to the stateless nature of the current GUI wallet.
an API call would be added that checks if an address was ever spent from in the past:
wereAddressesSpentFrom
input: "addresses": ["ADDR1", "ADDR2" , ...]
output: [true, false, ...]
the addresses are checked as follows:
if PreviousEpochsSpentAddresses.contains(address) -> return true
if Address has confirmed spending txs -> return true
if Address has pending spending txs, if has a valid bundle (sig) -> return true
false
PreviousEpochsSpentAddresses
is a static list, signed similar to snapshots.this is a temporary enhancement, till stateful wallets become the norm.
The text was updated successfully, but these errors were encountered: