Multiple wallet identifiers from same wallet seed

[princefishthrower]

Disclaimer before anybody freaks out: This could be a non-issue, but I don't know enough about the inner workings of RaiBlocks to be sure if it is actually a security issue and I figured it was my responsibility to report it here.

The problem: It is possible, from the same wallet seed, to produce multiple wallet identifiers, whether from the same email/password combination, or differing email/password combinations, in which all these varying combinations produce varying wallet identifiers albeit with the same address - that is, the same public key.

Steps to reproduce:

1. Use a valid wallet seed from the window that is opened by clicking "recover your wallet with your wallet seed"
2. Provide any valid email and password - you will see it doesn't matter what combination you choose, the address in the wallet will be the same (though not the wallet identifier)
3. You get the window that gives you your wallet identifier and the wallet seed (wallet seed shown should be the same wallet seed you provided)
4. Upon clicking "go to your wallet" - you will see the address is always the same, indifferent to what email or password you provide

Main concern: My concern is that an attacker could do this thousands/hundreds of thousands of times, and then send various different transactions from these multiple wallets simultaneously, creating a challenging and confusing load on the network - on the blockchain all the requests would appear from the same address. Again, this could mainly be mitigated by the blockchain itself - I'm not a RaiBlocks expert so I'm not sure if this would be the case.

Possible solution/mitigation: Not sure; we can't test if the email or password match the seed, since you don't store the seed server side...

But... you could limit the number of times an email can register with a seed, indifferent to whatever seed they are using, just get the times the email pings the server - this could prevent a lot of spamming, which could be a recurring issue as RaiBlocks gains popularity/market cap. 😊

[Riches]

When you import the seed a new 'Wallet' is generated by the server and an identifier is assigned to you. The private key is deterministically derived from the seed, so the seed will always produce the same wallet/address/public key.

When a user requests for a block to be broadcasted the server will forward this block to the node which will in turn broadcast it to other nodes. Even if these blocks have come from different identifiers they will all come from the same address, signed by the same private key.

If multiple conflicting blocks exist on the network other nodes will vote on which one they believe to be the most genuine, this block will be added to the lattice of other nodes and the transaction will be settled. Any subsequent blocks will get rejected as they would share the same parent as the block that has already been settled.

I believe the items raised are not particularly issues, however some concerns do stem from this:

• Does RaiWallet.com have measures in place to ensure its users do not spam the network with broadcast requests?
• Is the RaiBlocks network strong enough to withstand a rudimentary DoS attack? (probably yes given its transaction capacity)

[princefishthrower]

What I've seen is that the public key (address) is always the same from the wallet seed, but the wallet identifier is not. The part I don't fully understand is the wallet identifier - but that must be generated client side (?) because it's different every time, even if you use the same seed/email/password combination.

And yes, now that I think about it more I guess it really isn't an issue, the whole point of the blockchain is to eliminate these multiple send/receive attacks - just like you said, probably the better question here is if the site itself can handle DoS attacks, since it appears a user can create infinite wallets with just one wallet seed.

[Riches]

The wallet identifier is generated RaiWallet.com server side. The only purpose of the identifier is to allow the client to store the encrypted wallet against some identifier so it can be requested again at a later date. Storing the same wallet under multiple identifiers should not really be a problem.

[princefishthrower]

Ok, I guess this issue is closed then! 😄