0-conf possible attack using large transactions #33
Assignees
Labels
Comments
|
This could be a mempool spam attack against the daemon itself. Don't you think it's worth reporting upstream, with some more details on how to perform it? |
|
I agree, transactions like this shouldn't be propagated through the network. |
|
I made an issue on the monero repo. |
|
I'll leave this issue open until it is either fixed on the upstream or fixed in kasisto itself |
|
@cmaves In the future, please respect responsible disclosure by using using Monero's Vulnerability Response Process regardless of whether this issue is a confirmed vulnerability or not. Thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By making a very simple modification to the monero-wallet-rpc, one can generate a valid low priority transaction that is small enough to be relayed, but large enough to never be confirmed by the network. After looking through the code. I looked through the code and I didn't see a protection against this kind of attack.
After 24 hours this transaction will drop from the mempool and the sender will be able to use the Monero again.
The text was updated successfully, but these errors were encountered: