Closed thombruce closed 4 years ago
Not really a bug, but closer fit than feature... See: https://github.com/thombruce/helvellyn/pull/58#issuecomment-615530807
In that comment, I detail the rough issue which is expanded upon in the comment it further links to.
We should not perform a token lookup for confirmations...
Here's a brief detail/workaround for timing attacks: https://gist.github.com/ahacking/f9f26d86ac9cbce486c2 I think I like this workaround, but will have to give the options deeper thought.
Not really a bug, but closer fit than feature... See: https://github.com/thombruce/helvellyn/pull/58#issuecomment-615530807
In that comment, I detail the rough issue which is expanded upon in the comment it further links to.
We should not perform a token lookup for confirmations...
Here's a brief detail/workaround for timing attacks: https://gist.github.com/ahacking/f9f26d86ac9cbce486c2 I think I like this workaround, but will have to give the options deeper thought.