0crat
commented
5 years ago @yegor256/z please, pay attention to this issue
Closed dapi closed 5 years ago
0crat
commented
5 years ago @dapi/z this project will fix the problem faster if you donate a few dollars to it; just click here and pay via Stripe, it's very fast, convenient and appreciated; thanks a lot!
yegor256
commented
5 years ago @dapi can you please explain what exactly will be done by the fraudulent node in order to compromise our protocol?
dapi
commented
5 years ago Change node’s local time into the future and spend whole time of shifted period to calculate score’s value instead of expected 24 hours.
yegor256
commented
5 years ago @dapi I quote the White Paper: "The score is only valid when the starting time is earlier than the current time, but not earlier than 24 hours ago." Thus, every client, which will see your score, will just ignore it as "invalid" if your time is ahead in the future, comparing to the local time of the client.
yegor256
commented
5 years ago @dapi This problem is already fixed, I believe. However, if you see it again, please don't hesitate to create a new issue. Thanks for your contribution!
0crat
commented
5 years ago Job gh:zold-io/papers#68 is not assigned, can't get performer
0crat
commented
5 years ago This job is not in scope
dapi
commented
5 years ago This problem is already fixed, I believe. However, if you see it again, please don't hesitate to create a new issue. Thanks for your contribution!
I'm not sure. I believe you must not use remote timestamp to check or trust given score in any cases.
That is why we can’t decide is score still alive or not and can’t really know how long has it been calculating.
Possible solution is to have something
trusted network time, to compare received score time with it.