[bisq-network/bisq] Add irregular txType, add check for total balance, prevent proposal withhold attack (#2587)
sqrrm
notifications at github.com
Thu Mar 28 17:04:16 UTC 2019
sqrrm commented on this pull request.
> // We clone the ballot instead applying the vote to the existing ballot from ballotListService
// The items from ballotListService.getBallotList() contains my votes.
- // Maybe we should cross verify if the vote we had in our local list matches my own vote we
- // received from the network?
- return new Ballot(ballot.getProposal(), vote);
+
+ if (ballot.getVote() != null) {
+ // If we had set a vote it was an own active vote
+ if (!entry.getValue().isPresent()) {
+ log.warn("We found a local vote but don't have that vote in the data from the " +
+ "blind vote. ballot={}", ballot);
+ }
+ if (ballot.getVote() != entry.getValue().get()) {
This needs to be an `else if`, `entry.getValue()` is checked in the previous `if`but code execution continues.
> - return new Ballot(ballot.getProposal(), vote);
+
+ if (ballot.getVote() != null) {
+ // If we had set a vote it was an own active vote
+ if (!entry.getValue().isPresent()) {
+ log.warn("We found a local vote but don't have that vote in the data from the " +
+ "blind vote. ballot={}", ballot);
+ }
+ if (ballot.getVote() != entry.getValue().get()) {
+ log.warn("We found a local vote but the vote from the " +
+ "blind vote does not match. ballot={}, vote from blindVote data={}",
+ ballot, entry.getValue().get());
+ }
+ }
+
+ // We only return accpeted or rejected votes
```suggestion
// We only return accepted or rejected votes
```
> @@ -396,6 +413,17 @@ private BallotList createBallotList(VoteWithProposalTxIdList voteWithProposalTxI
if (!missingBallots.isEmpty())
throw new VoteResultException.MissingBallotException(ballots, missingBallots);
+ // If we received a proposal after we had already voted we consider it as an proposla withhold attack and
```suggestion
// If we received a proposal after we had already voted we consider it as an proposal withhold attack and
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/2587#pullrequestreview-220148159
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190328/57eff06f/attachment.html>
More information about the bisq-github
mailing list