testing. IOTA is vulnerable to replay attacks but has no int

Fledgling blockchain startup IOTA has ran into yet another technical issue. Researcher Joseph Rebstock has detailed a vulnerability in its network which makes users susceptible toreplay attacks – a common exploit vector in which valid data is erroneously repeated in order to steal cryptocurrency from users.

The issues stems from a function related to IOTA’s choice to use one-time signatures when processing transactions on theTangle – the company’s self-proclaimed “next-generation” blockchain technology which promises more efficient transactions and scalability.

“ Reattaching is often required to get a transaction through and bundles can only be safely signed a single time,” the research explains. “Therefore the user is allowed to simply reattach any bundle of transactions they want without any proof of ownership. This should not be a problem because every bundle has a unique hash.”

But as it turns out, the function does not work as intended.

“ The expected behaviour should be that only one use of the same bundle hash should be allowed inside a consistent transaction history (subtangle),” Rebstock writes. But instead, “[t]he coordinator will repeatedly approve the same bundle hash over and over.”

“This means that while you may have signed a transaction to send 500 Miota it can be attached to the network 10 times draining the account of 5,000 Miota,” he insists.

The researcher has provided several examples to prove the validity of the attack vector:

In all fairness, the attack vector described in the report hinges on reusing wallet addresses – a malpractice the company has repeatedly warned against.

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/ruanjian/article-88137-1.html