Comments (6)
DavidVorick
commented on August 12, 2024
Further investigation makes it seem important that the hash of the transaction be included when determining output ids. Right now, different transactions could result in the same outputID, which means that someone spending an output could create signatures that are valid for transactions that they perhaps didn't mean to sign.
It means that you could reorganize the blockchain and change who sent someone coins, but the act of spending those coins is still valid. Example:
Chain 1: miner A has coins of OutputID a, sends them to Bob, resulting id is b. Sends them to Charlie, resulting id is c. Charlie signs something that spends the coins he received, sending them to Chuck.
Chain 2: miner A has coins of OutputID a, sends them to Bill, resulting id is still b. Bill sends them to Charlie, resulting id is c. Charlie's signature spending the coins is still valid, so Chuck can spend the coins without Charlie's consent, even though Charlie has potentially received the coins from a different person.
This attack is weirdness, and I feel like there are some subtle problems with leaving it possible.
from sia.
DavidVorick
commented on August 12, 2024
So, I've implemented it such that the output id includes the hash of the transaction that announced it. That's all fancy for transactions, but I've left a quirk in the contracts, which I'm probably also going to change, but not entirely sold that it's a necessary change.
A contract output has the same ID regardless of where the money is sent. So the output id for window_i is going to be the same, regardless of whether the address in the output is the host's address or the client's address. This should also be changed.
from sia.
DavidVorick
commented on August 12, 2024
fxd
from sia.
lukechampine
commented on August 12, 2024
should probably reference the commit that fixed it. Or mention "fixes 32" in the commit message. I frequently forget to do that though.
from sia.
DavidVorick
commented on August 12, 2024
hmm. It's really implemented in the whole pull request. #40
from sia.
lukechampine
commented on August 12, 2024
In that case I should mention it in the merge commit. Whatevs
from sia.
Related Issues (20)
- localhost:9980/consensus HOT 3
- how to launch SIA daemon using SiaJs?
- A critical error loading Sia has occured: Siad unexpectedly exited. Error log: Sia Daemon v1.3.3
- Can't use wallet with SiaCoins - Siad has exited unexpectedly.
- A critical error loading Sia has occured: Siad unexpectedly exited. "are you running another instance of siad?" HOT 1
- Crash upon non bootstrapped blockchain download
- 'A critical error loading Sia has occurred: Siad unexpectedly exited.'
- ./siac wallet transactions method issue HOT 1
- Siad has exited unexpectedly. Please submit a bug report including the error log here.
- How to run ./siad daemon on testnet ?
- Changehero_get listed at the list of exchanges
- siad loading transaction pool HOT 2
- Siad has exited unexpectedly. Please submit a bug report including the error log here. HOT 3
- BUG REPORT Sia Daemon v1.3.3 Git Revision 94ea84e Loading... (0/6) Loading siad... (1/6) Loading gateway... (2/6) Loading consensus... (3/6) Loading transaction pool... (4/6) Loading wallet... (5/6) Loading host... (6/6) Loading renter... Finished loading in 1.6310935 seconds
- error while loading the WAL at startup: failed to recover WAL: walFile metadata mismatch
- siad.exe error
- you 1.3 update locked my wallet and the password i used before does not work. you are to send me a way to unlock may wallet and no I am not redownloading anything else!!!!
- typographic error "shudown"
- WAL file is still present after clean shutdown/ causes WARN messages in log
- the password I created does not work and the long list of encryption words does not work. my walet is locked. I have been running JSE miner for days and have nowhere to put my coins. I had faith in JSE as like a cround floor botcoin, then you locked my wallet and screwed me. Thank God I had put no coins in it. YOU WILL PROVIDE ME A WAY TP UNLOCK MY WALLET OR I WILL ERASE JSE AND AGREE WITH MANY EXPERTS THAT SAY CYBERCURRENY IF JUST ANOTHER FIAT CURRENCY AS USELESS AS THE U.S. DOLLAR WITH NOT BACKING OTHER THAN THE FAITH FOOLS LIKE ME PUT IN IT! I do not want instructions to redowload this or that. I did everything you told me to do. You JSE Siacoin wil fix my wallet.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sia.