RE: upcoming changes in Gridcoin (e.g. effects on less rich users; fixes on (known) exploits)

You are viewing a single comment's thread from:

RE: upcoming changes in Gridcoin (e.g. effects on less rich users; fixes on (known) exploits)

grider123 (62)in #gridcoin • 7 years ago

Good point. But as far as I remember Rob has written that the client always prefers the newest matching keypair ;)

7 years ago in #gridcoin by grider123 (62)

$0.00

1 vote

Sort:

Trending

[-]

dutch (61) 7 years ago (edited)

If that were the case, I could take any CPID I wanted from anyone else. Get their email from the blockchain, get their CPID from any of a number of sources, use them to request a new keypair by sending a beacon and I own the CPID.

$0.00

[-]

grider123 (62) 7 years ago (edited)

I just copied from chat:

So on his second exploit he said that he can lock out a researcher, if he writes a program to create a beacon right after the beacon is about to expire. We do have a line of code in the system that Prefers the existing keypair IF the client refreshes their own keypair (as it would be impossible for the attacker to sign a NEW message with the existing keypair) first. So to cave on our 'feature' to allow beacon deletion, we sort of have this exploit, but the client constantly checks once every 4 hours if its beacon is about to expire and tries to refresh it. Now that I remember a little more about this exploit, we added code TO PROD, that refreshes a beacon 2 WEEKS before it expires to try to prevent this. We always prefer the newest Matching keypair, so that does invalidate this hack also.
At least it makes me say - Technically this paper is no longer accurate.

$0.00

STEEM 0.21

TRX 0.20

JST 0.034

BTC 91733.41

ETH 3109.59

USDT 1.00

SBD 2.99

RE: upcoming changes in Gridcoin (e.g. effects on less rich users; fixes on (known) exploits)

Coin Marketplace