silkroadnomad
commented
6 years ago This is not a bug. A unconfirmed transaction goes into the mempool and gets only accepted if the transaction was paid. It is possible that more then one transaction gets send out from multiple nodes the same time with the same inputs but only one transaction will be taken by the receiving confirm - dApp.
A possible DoS-attack could be accomplished by sending unpaid fake transactions via Send - dApp transactions to "Confirmation - dApp" which would deliver the standard DOI - template to the email owner.
Unchecked solution possibility: Implement DKIM technology, so the sender - email of DOI-request must deliver a valid DKIM inside the transaction in order to proof his valid origin domain.
So far the DKIM procedure needs to be researched and its possible integration into Doichain should be evaluated.
also see: #56
https://github.com/Doichain/core/issues/13