search

decred / dcrstakepool

Stakepool for Decred.
Other
73 stars 75 forks source link

Config: Check that cold wallet key and voting wallet key are not the same #407

Open jholdstock opened 5 years ago

jholdstock commented 5 years ago

According to @dajohi there have been cases in the past where users have attempted to use the same wallet and/or account for both voting and collecting voting fees.

We can help VSP operators to avoid these kind of mistakes by adding some simple checks to the code, either check if the 2x pubkeys are identical, or check if they belong to 2x distinct wallets. The former is trivial to implement, I am not sure if RPCs exist for the latter.

JoeGruffins commented 5 years ago

While working on this issue I had the idea that the voting key should be taken out of the config all together. The readme specifies that the "default" account should be used anyway. We can get that pubkey programmatically and there's no reason to have the user input it then check it.
There is the chance that an operator has for some reason used a different account. I don't think it will cause a problem to switch accounts midstream, but I will test it out on my server. If anyone has a reason for leaving the voting pubkey in the conf please let me know, otherwise I think I will go the direction of removing it.

jholdstock commented 5 years ago

Having dcrstakepool programmatically retrieve the voting wallet pubkey seems like a good idea. I guess the solution would be something like:

@chappjc any thoughts about this?

chappjc commented 5 years ago

Solution concept is good and will be a welcome change to ops. I did a very superficial review of https://github.com/decred/dcrstakepool/issues/422, but it looks to be going in a good direction. I'd like to review that more closely though.