ba053a5468
This PR mitigates an issue with Ledger's on-device RLP deserialization, see https://github.com/LedgerHQ/app-ethereum/issues/409 Ledger's RLP deserialization code does not validate the length of the RLP list received, and it may prematurely enter the signing flow when a APDU chunk boundary falls immediately before the EIP-155 chain_id when deserializing a transaction. Since the chain_id is uninitialized, it is 0 during this signing flow. This may cause the user to accidentally sign the transaction with chain_id = 0. That signature would be returned from the device 1 packet earlier than expected by the communication loop. The device blocks the second-to-last packet waiting for the signer flow, and then errors on the successive packet (which contains the chain_id, zeroed r, and zeroed s) Since the signature's early arrival causes successive errors during the communication process, geth does not parse the improper signature produced by the device, and therefore no improperly-signed transaction can be created. User funds are not at risk. We mitigate by selecting the highest chunk size that leaves at least 4 bytes in the final chunk. |
||
|---|---|---|
| .github | ||
| accounts | ||
| assets/images | ||
| beacon | ||
| bmt | ||
| build | ||
| cicd | ||
| cmd | ||
| common | ||
| compression/rle | ||
| consensus | ||
| console | ||
| containers/docker | ||
| contracts | ||
| core | ||
| crypto | ||
| docker | ||
| eth | ||
| ethclient | ||
| ethdb | ||
| ethstats | ||
| event | ||
| genesis | ||
| internal | ||
| les | ||
| light | ||
| log | ||
| metrics | ||
| miner | ||
| node | ||
| p2p | ||
| params | ||
| rlp | ||
| rpc | ||
| swarm | ||
| tests | ||
| trie | ||
| XDCx | ||
| XDCxDAO | ||
| XDCxlending | ||
| .dockerignore | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| COPYING | ||
| COPYING.LESSER | ||
| Dockerfile | ||
| Dockerfile.bootnode | ||
| Dockerfile.node | ||
| go.mod | ||
| go.sum | ||
| interfaces.go | ||
| Makefile | ||
| README.md | ||
XDPoSChain
XinFin XDPoSchain
Enterprise ready hybrid blockchain for global trade and finance
XinFin Hybrid Blockchain
XinFin Hybrid Blockchain is an Enterprise ready Blockchain for global trade and finance
Visit: XinFin.org Contribute: Developer Docs
XinFin Network XDPoS is community driven project to achieve the following
-
XinFin DPOS (XDPoS) consensus that selects 108 set of Masternodes to achieve a high throughput Energy efficient consensus with instant block finality
-
KYC Enforcement on Masternodes for Enterprise Adoption and compliance
-
Ability to port/relay limited set of data and transactions from privacy channels to public channel
-
Interoperability between applications hosted on Private Blockchains like Corda, Hyperledger, Quorum(JP Morgan) using relayers to XinFin Network
-
Customer Centric and consortium driven Governance to equally benefit the validators as well as providing comfort for large scale enterprise applications to be hosted on the Network. This achieves
-
Rapid Upgradability
-
DApps Standardisation for rapid commercialisation
-
Compliance with major global jurisdictions.
-
KYC for masternodes
OVERVIEW
To add a layer of KYC for masternodes in the current system and a sense of ownership amongst the masternodes hence tying such a cluster of masternodes to physical entity which can held accountable for its actions.
Design
We established a bidirectional connection between a candidate and its owner inorder to retrieve a candidate belonging to a specific owner & vice versa.
All the masternodes are recognized by the KYC of their owners and hence are considered as a single verified entity ( for eg. while voting for invalid KYC, only one vote is considered per such cluster )
The contract is very strict in handing out penalty for invalid KYC, it results loss of all funds invested in all of its candidates.
For eg. say A proposes condidates B,C,D by paying for its proposal cost. If at a later stage if some predecided amount of owners ( investors ) vote that a KYC for a A is invalid then A & all of its candidates (B,C,D) will lose their position & all their funds will be lost ( will remain with contract wallet ).
For developers
Continues integration & delivery
See https://github.com/XinFinOrg/XDPoSChain/tree/dev-upgrade/cicd
To contribute
Simple create a pull request along with proper reasoning, we'll get back to you.
Our Channels : Telegram Developer Group or XDC.Dev