[bisq-network/bisq] Add irregular txType, add check for total balance, prevent proposal withhold attack (#2587)

sqrrm notifications at github.com
Thu Mar 28 17:04:16 UTC 2019 

sqrrm commented on this pull request.



>                          // We clone the ballot instead applying the vote to the existing ballot from ballotListService
                         // The items from ballotListService.getBallotList() contains my votes.
-                        // Maybe we should cross verify if the vote we had in our local list matches my own vote we
-                        // received from the network?
-                        return new Ballot(ballot.getProposal(), vote);
+
+                        if (ballot.getVote() != null) {
+                            // If we had set a vote it was an own active vote
+                            if (!entry.getValue().isPresent()) {
+                                log.warn("We found a local vote but don't have that vote in the data from the " +
+                                        "blind vote. ballot={}", ballot);
+                            }
+                            if (ballot.getVote() != entry.getValue().get()) {

This needs to be an `else if`, `entry.getValue()` is checked in the previous `if`but code execution continues.

> -                        return new Ballot(ballot.getProposal(), vote);
+
+                        if (ballot.getVote() != null) {
+                            // If we had set a vote it was an own active vote
+                            if (!entry.getValue().isPresent()) {
+                                log.warn("We found a local vote but don't have that vote in the data from the " +
+                                        "blind vote. ballot={}", ballot);
+                            }
+                            if (ballot.getVote() != entry.getValue().get()) {
+                                log.warn("We found a local vote but the vote from the " +
+                                                "blind vote does not match. ballot={}, vote from blindVote data={}",
+                                        ballot, entry.getValue().get());
+                            }
+                        }
+
+                        // We only return accpeted or rejected votes

```suggestion
                        // We only return accepted or rejected votes
```

> @@ -396,6 +413,17 @@ private BallotList createBallotList(VoteWithProposalTxIdList voteWithProposalTxI
         if (!missingBallots.isEmpty())
             throw new VoteResultException.MissingBallotException(ballots, missingBallots);
 
+        // If we received a proposal after we had already voted we consider it as an proposla withhold attack and

```suggestion
        // If we received a proposal after we had already voted we consider it as an proposal withhold attack and
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/2587#pullrequestreview-220148159
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190328/57eff06f/attachment.html>

More information about the bisq-github mailing list