jcrubino
commented
10 years ago Curious, is this a spv wallet?
Open sowbug opened 10 years ago
jcrubino
commented
10 years ago Curious, is this a spv wallet?
sowbug
commented
10 years ago Sort of. As of today, it fully trusts the Electrum server. That server could lie about the entire blockchain starting from block one, and this app would believe it.
To implement SPV, we'd need to build into the app the headers of all blocks to date, store them away as we get new ones, then verify the Merkle branch for any transaction we care about. I'm pretty sure that this would make it harder, but not at all impossible, for an attacker compromising an Electrum server to trick a user into accepting a double-spend. It's a good idea to do this eventually, but I don't consider it a 1.0 feature. Meanwhile, the wallet is more or less as trustworthy as blockchain.info (i.e., if you trust that site to confirm transactions, you're taking about the same risk with this app).
It probably goes without saying that this app doesn't download the whole blockchain. For the target platform (Chromebooks), it doesn't make sense.
The frontend should just be a proxy between the two. No reason to make it any smarter.