New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DifferentVersionPeerEncountered event shoudn't be invoked by malicious peers #266
Comments
We probably need a small program used by game vendors to sign a new version string as well. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
Probably resolved by the patch #815. |
…-custom Implement crafting custom equipment for test.
Currently malicious peers can make other peers to invoke
Swarm.DifferentVersionPeerEncountered
event by bumping their version. This could leads a malicious variant of the game app can be spread across the network.To prevent this kind of attack, every version should be signed and the game app should contain the public key to verify version signatures.
Swarm
constructor should take the public key andappProtocolVersion
parameter should be a pair of a version number and its signature.The text was updated successfully, but these errors were encountered: