Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DifferentVersionPeerEncountered event shoudn't be invoked by malicious peers #266

Closed
dahlia opened this issue May 31, 2019 · 5 comments
Closed

DifferentVersionPeerEncountered event shoudn't be invoked by malicious peers #266

dahlia opened this issue May 31, 2019 · 5 comments
Assignees
@dahlia
Labels
bug Something isn't working stale The issue is stale

Comments

@dahlia
Copy link
Contributor

dahlia commented May 31, 2019

Currently malicious peers can make other peers to invoke Swarm.DifferentVersionPeerEncountered event by bumping their version. This could leads a malicious variant of the game app can be spread across the network.

To prevent this kind of attack, every version should be signed and the game app should contain the public key to verify version signatures. Swarm constructor should take the public key and appProtocolVersion parameter should be a pair of a version number and its signature.
@dahlia dahlia added the bug Something isn't working label May 31, 2019
@dahlia
Copy link
Contributor Author

dahlia commented Jun 17, 2019

We probably need a small program used by game vendors to sign a new version string as well.

@stale
Copy link

stale bot commented Oct 30, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale The issue is stale label Oct 30, 2019
@stale stale bot closed this as completed Nov 6, 2019
@limebell limebell reopened this Nov 7, 2019
@stale stale bot removed the stale The issue is stale label Nov 7, 2019
@stale
Copy link

stale bot commented Jan 6, 2020

This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions.

@stale stale bot added the stale The issue is stale label Jan 6, 2020
@dahlia dahlia self-assigned this Mar 2, 2020
@stale stale bot removed the stale The issue is stale label Mar 2, 2020
@stale
Copy link

stale bot commented May 1, 2020

This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions.

@stale stale bot added the stale The issue is stale label May 1, 2020
@dahlia
Copy link
Contributor Author

dahlia commented Sep 3, 2020

Probably resolved by the patch #815.

@dahlia dahlia closed this as completed Sep 3, 2020
limebell pushed a commit to limebell/libplanet that referenced this issue Jul 7, 2021
@Unengine
Merge pull request planetarium#266 from Unengine/improve-qa/equipment…
85acfe9 
…-custom

Implement crafting custom equipment for test.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dahlia dahlia

Labels
bug Something isn't working stale The issue is stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dahlia @limebell