Proper address checking for all CryptoNote currencies #48
Conversation
Added new setting config.poolServer.addressBase58Prefix. Should be the same as CRYPTONOTE_PUBLIC_ADDRESS_BASE58_PREFIX in src/cryptonote_config.h currency config.
|
|
|
It was fixed on my branch a week ago. Forgot to update this push request. Now I've done it. |
|
Advised to turn off, the current version, this problem does not exist |
|
The problem with address validation does exist. It is a significant vulnerability of node-cryptonote-pool. Could you give me a link to your pool, so I could show you that there is a problem with it? :) As for the bug you've mentioned, it was fixed with my latest pull request: fancoder@7b46a02 |
|
address validation works perfectly. This code is specific for Monero, and has no issues with address validation. If you are running this code for other coins, such as Ducknote, then yes there is issues but again this code is not written for ducknote it is written for Monero. |
|
dayas, you're getting it wholly wrong. There is no difference in address validation algorithm for CryptoNote coins. The one used originally in node-cryptonote-pull is subject to a flaw which may result in ANY cryptonote pool being attacked and brought down. Just give me a link to your pool, I can show you. CryptoNote's addresses are not defined by the first letter and the length only, but also through more rules. The address consists of:
The original method doesn't validate the key pairs, which may lead to the improper address being accepted by the pool, but breaking the payout and freezing the pool. |
|
Well, yes, indeed it is. 2014-07-16 23:45 GMT+08:00 CliffordST [email protected]:
—枫影— |
Added new setting config.poolServer.addressBase58Prefix. Should be
the same as CRYPTONOTE_PUBLIC_ADDRESS_BASE58_PREFIX in
src/cryptonote_config.h currency config.