nimiq / core-js Goto Github PK
View Code? Open in Web Editor NEWOfficial JavaScript implementation of the Nimiq protocol
Home Page: https://nimiq.com
License: Other
Official JavaScript implementation of the Nimiq protocol
Home Page: https://nimiq.com
License: Other
The method _verifyTransactionBalance in Mempool.js does not mind the transaction fees.
Setup central management, monitoring
e.g. peers that keep sending junk data
Use cloud service(s) to setup a large number of nodes (1k-100k), both backbone and browser.
The following might be a small vulnerability:
Blocks with an arbitrary timestamp seem to get accepted as long as they are at a later date then the current head. If a malicious miner then commits a valid block with the last possible timestamp and this block becomes the new head, any block mined on top of that with a honest valid timestamp will be rejected because it is not later then the head.
Update: The malicious miner could use this issue for example by submitting valid blocks with timestamps that increment by a rather big amount, e.g. one week. Thereby, the difficulty will decrease and it will be easy for the malicious miner to mine a lot of blocks. Of course the total work doesn't imcrement that much by doing so, so another branch can outperform that malicious blockchain. However, the code must not get stuck on that malicious blockchain. A possible solution might be to not accept heads that have a timestamp much later then the current time in _isValidExtension in Blockchain.js.
Primarily models persisted in the blockchain:
Might also be relevant for models exchanged via network.
We might need to split large P2P messages (e.g. blocks) into several WS/RTC messages.
http://viblast.com/blog/2015/2/5/webrtc-data-channel-message-size/
e.g. blockchain head does not update when receiving a new block that is already in the database.
e.g. Safari
The property for a sender public key in a transaction is senderPubKey
, but Mempool.pushTransaction()
is using transaction.publicKey
instead, which means every transaction (after the first one) gets rejected because the code thinks they all have the same sender public key (i.e. undefined
).
Maximise reward per byte.
The importPrivate in Crypto.js throws the following Exception:
Failed to execute 'importKey' on 'SubtleCrypto': 5 arguments required, but only 2 present.
If you want, I can add a test to the crypto.spec.js
Also add logic to deal with reject messages and/or apis to expose them.
In order to verify balance proofs efficiently, accountsHash
in BlockHeader
should correspond to the AccountsTree hash after the block is applied, instead of before.
Currently a call to getBalance(address)
in Accounts.js gives false
for an unknown address. Probably getting 0 or a Balance instance with value 0 would be desirable.
There are already a couple of Accounts/AccountsTree tests to start with:
https://github.com/nimiq-network/core/tree/master/src/test/specs/generic/consensus/accounts
Accounts: e.g.
AccountsTree: e.g.
Needs to consider the case that the peer is on a long fork.
In contrast to the PublicKey class that is well-used across the core, the PrivateKey implementation seems to be a copy-pasted version (actually in line 12 there is PublicKey instead of PrivateKey) that is never really used.
The problem is that, again in contrast to pub keys, private keys cannot be exported in 'raw' format in the subtle crypto lib we are using. Hence, while the 65 byte size of pub keys makes sense, the private key can only be represented as, e.g., 'pkcs8', which requires different handling.
Issue #2 also indicates that the private key topic is still somewhat open.
I think the current implementation is more like a stub. Depending on what we need the class for in the long run (serializing it for wallet portability maybe?), the implementation should reflect the way it is exported from the crypto lib.
TL;DR: I don't see how to use the PrivateKey class as-is (or where it is used), so either it needs additional explanation or another implementation.
I added new tests specifying the functionality of the new BlockUtils class.
Build #18 is now failing, because converting a difficulty to compact and back does not return the same difficulty.
This is easy to verify for several difficulties (e.g., 250
) and the following code:
difficulty == BlockUtils.compactToDifficulty(BlockUtils.difficultyToCompact(difficulty))
Moreover, I have a question regarding valid values for difficulty:
What values are allowed for a difficulty? 0
does not seem to be valid, since BlockUtils divides by the difficulty. Is Policy.BLOCK_TARGET_MAX
the maximal value?
In order to keep balance proofs small, we should reduce the maximum number of children per node from 256 to 16.
_verifyTransaction
and _verifyTransactionBalance
in Mempool.js doen't check if value+fee of the transaction === 0
Needs to consider pre-allocated coins in genesis block / founders rewards.
Importing a private key to the Wallet does not seem to be fully implemented yet.
I guess after creating a CryptoKey from an ArrayBuffer using importPrivate(privateKey)
it should be stored in _keys and if the wallet is persistent also in the WalletStore ?
Update: Or probably it would be better to actually remove that import method and then do importing by creating a new Wallet instance with the keys to import and then maybe have a setPersistent Method in the wallet that can save the keys to the WalletStore?
Needs to consider the corner case that consensus might never be established if connection to the network fails.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.