vtnerd / monero-lws

Monero Light Wallet Server (scans monero viewkeys and implements mymonero API). Fast LMDB backend.
BSD 3-Clause "New" or "Revised" License
76 stars 28 forks source link

Incorrect test address from admin server #112

Open woodser opened 6 months ago

woodser commented 6 months ago

Running ./src/monero-lws-admin --network test create_admin gives this result:

{"address":"9sAejnQ9EBR111111111111111111111111111111111158LRbrc6UMRoz1ZnUWGiscDUfXDZHcmf1CiQW6F2NxTMT6zULn","key":"e59fdce5b27b8b0c664feb895debef40f8d78f6a2f59a3afa761d14a644d2500"}

The address can't be right, can it?

vtnerd commented 6 months ago

This is correct, although perhaps something should be done to make it visually more appealing. The spend secret and spend pub are zeroed out for "admin" accounts - they aren't intended to be usable accounts. So that long list of 1s corresponds to a zeroed out spend pubkey.

The zeroed pub key maps to a valid (x,y) though, so attempting to send to this address will likely succeed, except the spend secret is incorrect for this (x,y) so I'm not sure if the funds could be recovered. If they can be recovered, then someone is likely to steal them because the secret key would be trivial to find for an attacker too.

Perhaps I should find an invalid encoding for the public key, this will break up the list of 1s, and ensure that the address is never used outside of its intended purpose.