Open kayabaNerve opened 3 years ago
This is new thanks to Implicit Merit Removals. When a Verification is archived, if a SignedVerification exists for a competitor, a partial SignedMeritRemoval can be created.
https://github.com/MerosCrypto/Meros/blob/b7a6a1f0fcc0f4ed5fb32530e3b09b42982233ed/src/Network/SyncManager.nim#L577-L580 is the spot where we detect this and have this opportunity. We simply don't at this time.
Critical as this leaves a malicious Merit Holder undetected despite live Verifications.
This is new thanks to Implicit Merit Removals. When a Verification is archived, if a SignedVerification exists for a competitor, a partial SignedMeritRemoval can be created.
https://github.com/MerosCrypto/Meros/blob/b7a6a1f0fcc0f4ed5fb32530e3b09b42982233ed/src/Network/SyncManager.nim#L577-L580 is the spot where we detect this and have this opportunity. We simply don't at this time.
Critical as this leaves a malicious Merit Holder undetected despite live Verifications.