Alessandro Sorniotti authored
The aim of this change set is to apply the well-established "Secure by default" security principle to the way the validator validates transactions in a block. The current code behaves as follows: create an array of validation codes, set by default to "all transactions are valid"; then perform validation which may mark transactions as invalid. Furthermore, in other parts of the code, if no array of validation codes is yet persent in the block, a new one is indiscriminately created (again, marking all transactions as valid). This approach is a security anti-pattern because it opens up to attacks where an adversary may force the code through a path where the default "tx is valid" validation code is maintained even for invalid txes. This change set ensures that validation code arrays are created and set to a new value (TxValidationCode_NOT_VALIDATED) which ensures that a transaction that hasn't been validated cannot be mistaken for a valid one. Change-Id: I5dbb18dd77af3cd14b168042ae660e4e27bf29dd Signed-off-by: Alessandro Sorniotti <firstname.lastname@example.org>53de0781
To find the state of this project's repository at the time of any of these versions, check out the tags.