altcoinj

mirror of https://github.com/Qortal/altcoinj.git synced 2025-02-07 06:44:16 +00:00

History

JeremyRand 0237a504c4 Fix verification bug in Namecoin. P2P full-block by-hash retrieval wasn't verifying that the received block had a header whose hash matched the requested hash. This probably made it trivially easy to falsify name records, since any internally valid block supplied by a malicious P2P peer (or a MITM attacker) would be accepted, and the name transactions in it trusted as valid, even if the block had (for example) minimum difficulty. The REST Merkle API is unaffected. There's a reason I haven't deployed libdohj-namecoin to end users yet; this is that reason. Review takes time.	2016-07-21 19:59:20 +00:00
..
src/main/java/org/libdohj/names	Fix verification bug in Namecoin.	2016-07-21 19:59:20 +00:00
pom.xml	Add classes for name lookups with SPV verification.	2016-07-04 04:04:39 +00:00

JeremyRand 0237a504c4 Fix verification bug in Namecoin.

P2P full-block by-hash retrieval wasn't verifying that the received block had a header whose hash matched the requested hash.

This probably made it trivially easy to falsify name records, since any internally valid block supplied by a malicious P2P peer (or a MITM attacker) would be accepted, and the name transactions in it trusted as valid, even if the block had (for example) minimum difficulty.

The REST Merkle API is unaffected.

There's a reason I haven't deployed libdohj-namecoin to end users yet; this is that reason.  Review takes time.

2016-07-21 19:59:20 +00:00

src/main/java/org/libdohj/names

Fix verification bug in Namecoin.

2016-07-21 19:59:20 +00:00

pom.xml

Add classes for name lookups with SPV verification.

2016-07-04 04:04:39 +00:00