RE: upcoming changes in Gridcoin (e.g. effects on less rich users; fixes on (known) exploits)
I just copied from chat:
So on his second exploit he said that he can lock out a researcher, if he writes a program to create a beacon right after the beacon is about to expire. We do have a line of code in the system that Prefers the existing keypair IF the client refreshes their own keypair (as it would be impossible for the attacker to sign a NEW message with the existing keypair) first. So to cave on our 'feature' to allow beacon deletion, we sort of have this exploit, but the client constantly checks once every 4 hours if its beacon is about to expire and tries to refresh it. Now that I remember a little more about this exploit, we added code TO PROD, that refreshes a beacon 2 WEEKS before it expires to try to prevent this. We always prefer the newest Matching keypair, so that does invalidate this hack also.
At least it makes me say - Technically this paper is no longer accurate.