InvictusRMC
commented
1 year ago This is indeed the current behaviour. You can overcome this attack vector by validating blocks before they're saved.
Open Artanidos opened 1 year ago
InvictusRMC
commented
1 year ago This is indeed the current behaviour. You can overcome this attack vector by validating blocks before they're saved.
Artanidos
commented
1 year ago Thx for quick reply. I initialize the trustchain as follows, in this case I can only validate our own specific blocks. trustchain.registerTransactionValidator(Backend.BLOCK_TYPE, object : TransactionValidator {
Do I have to subclass the TrustChainCommunity, rewrite the class itself or are there better posibilities? Sry, for asking noob questions, but I started with Kotlin 2 weeks ago. I am more the C/C++/C# guy ;-)
I discovered that also blocks from other apps, peerchat in my case, are stored in the database.
Not aware that this might happen I tried to unpack the transaction, which results in a crash.
What I had to do is to check block.type before unpacking. What I can also do is to change the serviceId for the TrustChainCommunity, but as we are also open source, this serviceId is also addressable by other apps. What I fear is that someone can use DOS attacks to make the db explode (no disk space left).
Am I missing something? I would rather add an encrypted API key in the blocks, so that the app can check if this block comes from the same app and only store those blocks.