Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CRITICAL security vuln fixed #83

Closed
wants to merge 1 commit into from

Conversation

@gazhayes
Copy link

commented Jun 19, 2019

I've discovered an alarming vulnerability, but fortunately there's a really simple fix so I've sent a pull request to address it.

In the current implementation, trusted 'validator nodes' are core to the security model. This means that hard power is centralised around these few entities. The protocol itself depends on these entities to (as the name suggests) validate the protocol. This means the protocol is whatever they decide it is. These entities can change the rules whenever they want. This means they can freeze your coins, take your coins, issue new coins, or really whatever they want - the sky is the limit.

This problem can easily be solved by using a permissionless system where the hard power is decentralised across a very large number of participants in such a way that making changes to the protocol is impossible without near unanimous agreement by everyone involved.

This pull request contains a patch to the existing codebase to resolve this issue.

Edit: related issue: binance-chain/node-binary#36

@tzarebczan

This comment has been minimized.

Copy link

commented Jun 19, 2019

ACK.

@tamasblummer

This comment has been minimized.

Copy link

commented Jun 19, 2019

Concept ACK
utACK

@DESIGNfromWITHIN

This comment has been minimized.

Copy link

commented Jun 19, 2019

Hahahaha Epic SIR!

@SamSamskies

This comment has been minimized.

Copy link

commented Jun 19, 2019

lgtm

@Kukks

This comment has been minimized.

Copy link

commented Jun 19, 2019

This seems to address a number of issues acknowledged on the whitepaper, great work!

@Kukks

Kukks approved these changes Jun 19, 2019

@OverSoft

This comment has been minimized.

Copy link

commented Jun 19, 2019

ACK
This commit fixed all issues.

@tiero

This comment has been minimized.

Copy link

commented Jun 19, 2019

tACK

@mjamin

mjamin approved these changes Jun 19, 2019

@Kixunil

This comment has been minimized.

Copy link

commented Jun 19, 2019

tACK

@rasom

rasom approved these changes Jun 19, 2019

@brunocvcunha

This comment has been minimized.

Copy link

commented Jun 19, 2019

LGTM

@mandelmonkey

This comment has been minimized.

Copy link

commented Jun 19, 2019

ACK

@Kixunil Kixunil referenced this pull request Jun 19, 2019

Closed

[Bug] Censorship resistance #57

@Kixunil

This comment has been minimized.

Copy link

commented Jun 19, 2019

Fixes #57 and #35

@pretyflaco

This comment has been minimized.

Copy link

commented Jun 19, 2019

ACK

@amanusk

This comment has been minimized.

Copy link

commented Jun 19, 2019

Fixed it for me!

@f13end

f13end approved these changes Jun 19, 2019

@lorenzodisidoro

This comment has been minimized.

Copy link

commented Jun 19, 2019

Now ready to be released 🚀

@gpestana
Copy link

left a comment

Weird way to write Rust, but LGTM.

@backmeupplz

This comment has been minimized.

Copy link

commented Jun 19, 2019

Screen Shot 2019-06-19 at 9 25 29 AM

@TheWorldNode

This comment has been minimized.

Copy link

commented Jun 19, 2019

ACK

1 similar comment
@kanemil

This comment has been minimized.

Copy link

commented Jun 19, 2019

ACK

@ohld

This comment has been minimized.

Copy link

commented Jun 19, 2019

Perfect solution for decentralized future.

@eugenioclrc

This comment has been minimized.

Copy link

commented Jun 19, 2019

Great contribution! ACK!

@ohld

ohld approved these changes Jun 19, 2019

@ddustin

This comment has been minimized.

Copy link

commented Jun 19, 2019

lgtm merge it in!

@hellc

hellc approved these changes Jun 19, 2019

Copy link

left a comment

Nice try!

@JoaquinScript

This comment has been minimized.

Copy link

commented Jun 19, 2019

tACK

@dondreytaylor

This comment has been minimized.

Copy link

commented Jun 19, 2019

Wow, this pull request works perfectly on nimbleNODE (pocket size full node) too. Good stuff
https://nimblenode.io

@agiUnderground

This comment has been minimized.

Copy link

commented Jun 19, 2019

utACK

@Kondax

Kondax approved these changes Jun 19, 2019

@berezinviktor

This comment has been minimized.

Copy link

commented Jun 19, 2019

ACK

@awsom82

This comment has been minimized.

Copy link

commented Jun 19, 2019

Yeah, just merge this!!!

@saloid

saloid approved these changes Jun 19, 2019

@adamtache
Copy link

left a comment

LGTM

@nikandfor

This comment has been minimized.

Copy link

commented Jun 19, 2019

lgtm

@bonzofenix

This comment has been minimized.

Copy link

commented Jun 19, 2019

LGTM

1 similar comment
@bitstein

This comment has been minimized.

Copy link

commented Jun 19, 2019

LGTM

@blockchainwalletorg

This comment has been minimized.

Copy link

commented Jun 19, 2019

image

@binaryFate

This comment has been minimized.

Copy link

commented Jun 19, 2019

This PR does not address privacy concerns though, it only tackles the decentralization aspects but suggest to use a dangerously transparent blockchain.

@ericnakagawa

This comment has been minimized.

Copy link
Contributor

commented Jun 19, 2019

Libra initially uses a set of validators from Founding Members -- this helps to provide stability for the project in its early days. However, over the long run, validators will be selected only on their holdings of Libra, forming a permissionless system.

We believe that Libra can coexist with other currencies like Bitcoin -- Libra addresses a number of needs (like low-volatility) that other currencies do not address today.

@libra libra locked as off topic and limited conversation to collaborators Jun 19, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.