Open herrold opened 6 years ago
see: https://github.com/dvf/blockchain/issues/50
The underlying exploit to tamper with a blockchain is described there
props to: @TimelessP
The fix should be fairly simple: affected file: blockchain/blockchain.py
https://github.com/dvf/blockchain/blob/4010cf3273e19146a9cd7b37cf355cb751ffef88/blockchain.py#L82
A noted, currently it reads:
if length > max_length and self.valid_chain(chain):
@TimelessP suggests a change as follows:
if length > max_length and self.valid_chain(chain) and length == len(chain):
(and then of course the same fix needs to be applied to the C# code)
Additionally, be sure to log offending hosts.
Yep, this seems correct.
dvf
commented
6 years ago dvf
commented
6 years ago
see: https://github.com/dvf/blockchain/issues/50
The underlying exploit to tamper with a blockchain is described there
props to: @TimelessP
The fix should be fairly simple: affected file: blockchain/blockchain.py
https://github.com/dvf/blockchain/blob/4010cf3273e19146a9cd7b37cf355cb751ffef88/blockchain.py#L82
A noted, currently it reads:
@TimelessP suggests a change as follows:
(and then of course the same fix needs to be applied to the C# code)
Additionally, be sure to log offending hosts.