diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-10-15 12:25:26 +0000 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-11-01 18:59:37 +0000 |
commit | d5472bd87b8e93706295d8aa7ff99e5ad594277d (patch) | |
tree | 37d3ecbbad5cde75df9afe774009fbdc3d078b7e /src/wallet/wallet_rpc_server.cpp | |
parent | wallet2: do not repeatedly ask for pool txes sent to us (diff) | |
download | monero-d5472bd87b8e93706295d8aa7ff99e5ad594277d.tar.xz |
wallet2: do not send an unnecessary last getblocks.bin call on refresh
The "everything refreshed" state was detected when a refresh call did
not return any new blocks. This can be detected without that extra
"empty" call by comparing the claimed node height to the height of
the last block retrieved. Doing this avoids that last call, saves
some bandwidth, and makes the common refresh case use only one call
rather than two.
As a side effect, it prevents an information leak reported by
Tramèr et al: if the wallet retrieves a set of blocks which includes
an output sent to the refreshing wallet, the wallet will prompt the
user for the password to decode the amount and calculate the key
image for the new output, and this will delay subsequent calls to
getblocks.bin, allowing a passive adversary to note the delay and
deduce when the wallet receives at least one output.
This can still happen if the wallet downloads more than 1000 blocks,
since this will be split in several calls, but then the most the
adversary can tell is which 1000 block section the user received
some monero (the adversary can estimate the heights of the blocks
by calculating how many "large" transfers are done, which will be
sections of blocks, the last of which will usually be below 1000,
but the size of the data should allow the actual number of blocks
sent to be determined fairly accurately).
This timing trick still be used via the subsequent scan for incoming
txes in the txpool, which will be fixed later.
Diffstat (limited to 'src/wallet/wallet_rpc_server.cpp')
0 files changed, 0 insertions, 0 deletions