You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just browsed through the code in 5 minutes and i have a bad feeling:
confirmTransaction only takes a transactionId - and not a hash of the underlying semantics. / tx summary.
what if there is a 2-of-2 ms wallet , user A, B. A submits a harmless tx, asks B to confirm. B confirms transactionId 1. Meanwhile, user A (who might own some mining power) publishes a malicious tx also with transactionId 1, and includes it on a different branch. reorg happens now on that branch user B agrees to the malicious tx.
can this be mitigated by user B in any way? - other than waiting a certain # of confirmations?
The text was updated successfully, but these errors were encountered:
I just browsed through the code in 5 minutes and i have a bad feeling:
confirmTransaction only takes a transactionId - and not a hash of the underlying semantics. / tx summary.
what if there is a 2-of-2 ms wallet , user A, B. A submits a harmless tx, asks B to confirm. B confirms transactionId 1. Meanwhile, user A (who might own some mining power) publishes a malicious tx also with transactionId 1, and includes it on a different branch. reorg happens now on that branch user B agrees to the malicious tx.
can this be mitigated by user B in any way? - other than waiting a certain # of confirmations?
The text was updated successfully, but these errors were encountered: