Comments (4)
chris-belcher
commented on August 26, 2024
Actually one resource of the maker's that a DOSer could use up is position in the HD wallet. If a DOSer partially fills a maker's order it will cause the maker to get another address from it's wallet. Do this a couple of times and the next address pointer will go beyond the gap limit. Do a real coinjoin and coins will be moved beyond the gap limit.
Then when the operator of the maker queries the balance of the wallet, it will appear as if they lost coins. The worst this attack can do is scare the operator a little, they would check their logs and set their gap limit to the required number to reach their coins.
from joinmarket.
chris-belcher
commented on August 26, 2024
An obvious solution is to store the HD key pointer in the wallet file. Restoring the wallet from seed may not find these keys but there could be an added message to try increasing the gap limit (or max mix depth) if the user believes coins have gone missing.
from joinmarket.
chris-belcher
commented on August 26, 2024
wallet file now stores the index of the HD wallet b3dc7c7 closing this dos opportunity
from joinmarket.
chris-belcher
commented on August 26, 2024
Another obvious DOS method is that the taker can create transactions that take a long time, or never get mined into a block. For example by the change address having size 1 satoshi.
Makers could check for simple non-standard transactions but they'd also need a timeout for waiting for their UTXOs to confirm. Perhaps even a timeout related to how much in fees they're earning for that transaction.
from joinmarket.
Related Issues (20)
- Setup Docker
- Doublespending a sendpayment sweep, possible? HOT 7
- Install the script for me
- #joinmarket IRC tor relay HOT 1
- PGP pubkey key thread HOT 19
- No JSON object could be decoded HOT 5
- Failed to load wallet, error message: NameError("global name 'SegwitWallet' is not defined",) HOT 1
- twisted.internet.error.ReactorNotRunning: Can't stop reactor that isn't running. HOT 3
- Off-chain joinmarket fees
- Darkscience IRC network connection info HOT 1
- Agora throttling due to "Flooding" HOT 2
- wallet-tool.py "Method not found" HOT 1
- Support cookie authentication for local node HOT 2
- Problems and payment in cryptrocurrency
- Metal coin
- sendpayment.py -N 1 -m 4 wallet.jmdat 55555 bc1_address always fails. HOT 4
- pastebin Telegram bot
- Create landing page and documentation website HOT 2
- GUI does not start after installation
- Recover not scanning enough internal addresses? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from joinmarket.