mineiota icon indicating copy to clipboard operation
mineiota copied to clipboard

Published 20 hours ago verified publisher icon janfiedler

Any user can control funds

Open Stoyvo opened this issue 6 years ago • 5 comments

Hello,

Public IOTA Address gives possibility to Add To Sharing or Withdraw. Website has "Miners" page, which lists portion of all public addresses. Click on this "hidden" address, and you get full address on another website.

Then, you take this address and can decide FOR THE OTHER MINER if we Add To Staking or Withdraw...

What if another user is attacking me, and always adds to Staking? How do I withdraw!?

Stoyvo avatar Feb 05 '19 04:02 Stoyvo

Hi, I know about this situation can happened. In this case you are protected. If somebody "attacking" you by this way. If you have 100 iota and is added to stake you can withdraw immediately 100 iota back without additional fee. So this cannot harm you until exchange price will drastically change.

But there is situation what can harm you. If you collect stake in long term and somebody withdraw your stake. You get iota on your public address but you are no more staking. And you cannot send iota back and start staking. So as miner you are protected as stake you are not.

But this will change in future. Due to implementation BTC lighting network I am working on signing function. Where you will must send from your public address 0 value transaction with some data that will confirm you are owner of your public address. Once this will be done, it can be used also for withdraw function. In default it will be off, but if somebody want stake in big he can turn this protection on.

janfiedler avatar Feb 05 '19 12:02 janfiedler

Someone just did this to me. ~7 pivx were withdrawn from staking and sent to my IOTA address without my approval. Not the end of the world, but this should definitely be fixed.

n9Mtq4 avatar Feb 07 '19 21:02 n9Mtq4

I am so sorry this happen to you. I give it on top of my todo list.

janfiedler avatar Feb 07 '19 22:02 janfiedler

Until than, I made it little more complicated for "attacker". Removed public addresses from miners list. Still they can found it through jackpot or history of withdraws. But with extremely fast rising difficulty, who knows if there will be any miners soon.

janfiedler avatar Feb 07 '19 22:02 janfiedler

Thanks for the quick mitigation. Wouldn't want it to happen to anyone else, although I probably wasn't the only one. And hopefully monero changes its algorithm to keep CPUs and GPUs competitive.

n9Mtq4 avatar Feb 07 '19 22:02 n9Mtq4