You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Audit: It might be worthwhile to add verification of all received messages that they come either from expected miner pub keys or registered signer pub keys. Stackerdb already does write verification, but to decrease reliance on this verification at the nodee, add message verification earlier. If we want to open the signer to allow accessing some external node later on, this could help prevent something like a man in the middle attack.
The text was updated successfully, but these errors were encountered:
Currently closing for now. Calls to the node are unverified and the returned data concerning the list of elligble writers cannot be trusted unless the node itself is trusted and is in a trusted network. Therefore, introducing further verification checks would have no benefit
Audit: It might be worthwhile to add verification of all received messages that they come either from expected miner pub keys or registered signer pub keys. Stackerdb already does write verification, but to decrease reliance on this verification at the nodee, add message verification earlier. If we want to open the signer to allow accessing some external node later on, this could help prevent something like a man in the middle attack.
The text was updated successfully, but these errors were encountered: