Taylor Hornby
Taylor Hornby
The wallets already poll lightwalletd for the mempool contents. This is a sketch of a proposal to hijack that polling to enable sending and receiving transactions from lightwalletd in constant...
The docs say to just pass the `--darkside-very-insecure` flag bug you actually have to pass more flags than that, e.g. `./lightwalletd --darkside-very-insecure --no-tls-very-insecure --zcash-conf-path ~/.zcash-mainnet/zcash.conf --data-dir . `
For example you can read from arbitrary files and hit remote remote services using the blocks-URL API.
In #186 a corrupted cache file will be truncated which could make it harder to investigate rare bugs. Modify the code to leave a copy of the corrupted file somewhere...
``` └─ $ make GO111MODULE=on CGO_ENABLED=1 go build -i -v ./cmd/server ``` Linda ran into https://github.com/golang/go/issues/37962 which is happening because I think the `-i` flag means install dependencies to the...
Steps to reproduce: 1. Have darksidewalletd serve blocks 1000-1003. 2. Modify darksidewalletd's state so that it only has blocks 1000 and 1001. What actually happens: - The ingestion algorithm keeps...
https://github.com/zcash/lightwalletd/pull/164/files?file-filters%5B%5D=.conf&file-filters%5B%5D=.go&file-filters%5B%5D=.mod&file-filters%5B%5D=.sh#r372662421
The ZMQ interface isn't authenticated, other than the fact that it listens on `127.0.0.1`. Users should be clearly warned that all users on the system can submit blocks into the...
There's not much actual risk here since the database path will (hopefully) be coming from a trustworthy source, but there might be an opportunity to make weird things happen if...
It looks like the code logs light clients' IP addresses when they make API requests, e.g. [here](https://github.com/zcash-hackworks/lightwalletd/blob/master/cmd/server/main.go#L72). Logging this information makes it vulnerable to theft when the `lightwalletd` server gets...