sowbug / happynine

A BIP 0032 HD wallet for Bitcoin, implemented as a Chrome App.
http://www.sowbug.com/
Other
18 stars 0 forks source link

Backend should drive Electrum server communication #36

Open sowbug opened 10 years ago

sowbug commented 10 years ago

The frontend should just be a proxy between the two. No reason to make it any smarter.

jcrubino commented 10 years ago

Curious, is this a spv wallet?

sowbug commented 10 years ago

Sort of. As of today, it fully trusts the Electrum server. That server could lie about the entire blockchain starting from block one, and this app would believe it.

To implement SPV, we'd need to build into the app the headers of all blocks to date, store them away as we get new ones, then verify the Merkle branch for any transaction we care about. I'm pretty sure that this would make it harder, but not at all impossible, for an attacker compromising an Electrum server to trick a user into accepting a double-spend. It's a good idea to do this eventually, but I don't consider it a 1.0 feature. Meanwhile, the wallet is more or less as trustworthy as blockchain.info (i.e., if you trust that site to confirm transactions, you're taking about the same risk with this app).

It probably goes without saying that this app doesn't download the whole blockchain. For the target platform (Chromebooks), it doesn't make sense.