mirror of
https://github.com/Qortal/altcoinj.git
synced 2025-02-11 17:55:53 +00:00
0237a504c4
P2P full-block by-hash retrieval wasn't verifying that the received block had a header whose hash matched the requested hash. This probably made it trivially easy to falsify name records, since any internally valid block supplied by a malicious P2P peer (or a MITM attacker) would be accepted, and the name transactions in it trusted as valid, even if the block had (for example) minimum difficulty. The REST Merkle API is unaffected. There's a reason I haven't deployed libdohj-namecoin to end users yet; this is that reason. Review takes time.