Quick fixe for new duplicate share attacks

letter is replace per 0 , in function compute hash. Attacker compute one share and resend nonce after replace one zero per letter .
perl5577 · Mar 13, 2015 · 79f7ca9 · 79f7ca9 · perl5577 · Mar 13, 2015
1 parent 3aafe49
commit 79f7ca9
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/lib/pool.js b/lib/pool.js
@@ -510,6 +510,16 @@ function handleMinerMethod(method, params, ip, portData, sendReply, pushMessage)
             }
 
             params.nonce = params.nonce.substr(0, 8).toLowerCase();
+            var pattern = new RegExp("^[0-9A-Fa-f]+$");
+            if ( pattern.test(params.nonce) == false ) {
+                var minerText = miner ? (' ' + miner.login + '@' + miner.ip) : '';
+                log('warn', logSystem, 'Nonce Attack: ' + JSON.stringify(params) + ' from ' + minerText);
+                perIPStats[miner.ip] = { validShares: 0, invalidShares: 66666666 };
+                miner.checkBan(false);
+                sendReply('Duplicate share');
+                return;
+            }
+
 
             if (job.submissions.indexOf(params.nonce) !== -1){
                  var minerText = miner ? (' ' + miner.login + '@' + miner.ip) : '';