Jonathan Chappelow chappjc

## thorchain_vulnerability_RBF.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              1 star
            
          
                HildisviniOttar
                / thorchain_vulnerability_RBF.md
            
            
              Last active
              January 1, 2022 22:04
            
          
    Vulnerability in utxo mempool observation

THORChain operates by delegating a large number of small transactions to nodes that each hold their own hot wallet called "Yggdrasil" that is constantly topped up.
Node operators know their Yggdrasil wallet private key. To prevent theft, the Yggdrasil wallet is monitored for outbounds and any unauthorised outbounds results in a bond fine of 1.5x stolen.
A vulnerability exists where an attacker can replace legitimate outbounds in the mempool with nefarious non-observable transactions resulting in theft from SWAP/WITHDRAW recipients (customers).
Attack


## coinswap-design.md

      
              1 file
            
          
              12 forks
            
          
              10 comments
            
          
              89 stars
            
          
                chris-belcher
                / coinswap-design.md
            
            
              Last active
              April 26, 2024 04:37
            
              
                Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility
              
          
    Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility

25/5/2020
Abstract

Imagine a future where a user Alice has bitcoins and wants to send them with maximal privacy, so she creates a special kind of transaction. For anyone looking at the blockchain her transaction appears completely normal with her coins seemingly going from address A to address B. But in reality her coins end up in address Z which is entirely unconnected to either A or B.
Now imagine another user, Carol, who isn't too bothered by privacy and sends her bitcoin using a regular wallet which exists today. But because Carol's transaction looks exactly the same as Alice's, anybody analyzing the blockchain must now deal with the possibility that Carol's transaction actually sent her coins to a totally unconnected address. So Carol's privacy is improved even though she didn't change her behaviour, and perhaps had never even heard of this software.

  
## parallel-nodes.tmux
#!/bin/sh
#
# Script to setup parallel dcrd nodes with separate wallets.
# Useful for testing reorgs by disconnecting nodes, mining individually, then
# reconnecting them.
#
#             alpha  <------>  beta
#    listen   19100           19200
# rpclisten   19101 <.     .> 19201
#           w-alpha  |     | w-beta

## dcrdsimnetsetup8nodes.sh
#!/bin/sh

set -e

SIMNET_NODES_ROOT=~/dcrdsimnetnodes
MASTERNODE_ADDR=127.0.0.1:19555
NODE1_ADDR=127.0.0.1:19501
NODE2_ADDR=127.0.0.1:19502
NODE3_ADDR=127.0.0.1:19503
NODE4_ADDR=127.0.0.1:19504

## decred_example_txscript_step.go
package main

import (
	"encoding/hex"
	"fmt"
	"os"

	"github.com/decred/dcrd/chaincfg/chainhash"
	"github.com/decred/dcrd/txscript/v4"
	"github.com/decred/dcrd/wire"

## update-qt4.sh
#!/bin/bash

# Based on the directions here: https://wiki.archlinux.org/index.php/DeveloperWiki:Building_in_a_Clean_Chroot
# This will take a while to build, with most of the time spent on QT4. There is some redundancy with creating
# multiple clean chroots, but I think this approach is easier and more reliable for most systems.

# Specify a build directory. Defaults to /tmp:
BUILDDIR="/tmp"

# Install devtools if it's not already installed:

## using_btcd_simnet.md

      
              1 file
            
          
              4 forks
            
          
              5 comments
            
          
              28 stars
            
          
                davecgh
                / using_btcd_simnet.md
            
            
              Last active
              July 2, 2023 14:21
            
              
                Using btcd's simnet to test changes on a private network
              
          
    Table of Contents


Overview
Getting Started


### 1. Overview
When developing bitcoin applications or testing potential changes, it is often extremely useful to have a test network where transactions are actually mined into blocks and difficulty levels are low enough to generate blocks as needed.
In order to facilitate these scenarios, btcd provides a simulation network (--simnet). The following is an overview of the most important properties that distinguish it from the main network:

  
## handler.go
// Now available in package form at https://github.com/rjz/githubhook

package handler

// https://developer.github.com/webhooks/
import (
	"crypto/hmac"
	"crypto/sha1"
	"encoding/hex"
	"errors"

## golang-tls.md

      
              1 file
            
          
              256 forks
            
          
              14 comments
            
          
              877 stars
            
          
                denji
                / golang-tls.md
            
            
              Last active
              April 29, 2024 03:39
                — forked from spikebike/client.go
            
              
                Simple Golang HTTPS/TLS Examples
              
          
    Moved to git repository: https://github.com/denji/golang-tls

Generate private key (.key)

# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)

  
## future.go
package future

// A Future represents the result of some asynchronous computation.
// Future returns the result of the work as an error, or nil if the work
// was performed successfully.
// Implementers must observe these invariants
// 1. There may be multiple concurrent callers, or Future may be called many
//     times in sequence, it must always return the same value.
// 2. Future blocks until the work has been performed.
type Future func() error
	#!/bin/sh
	#
	# Script to setup parallel dcrd nodes with separate wallets.
	# Useful for testing reorgs by disconnecting nodes, mining individually, then
	# reconnecting them.
	#
	# alpha <------> beta
	# listen 19100 19200
	# rpclisten 19101 <. .> 19201
	# w-alpha \| \| w-beta
	#!/bin/sh

	set -e

	SIMNET_NODES_ROOT=~/dcrdsimnetnodes
	MASTERNODE_ADDR=127.0.0.1:19555
	NODE1_ADDR=127.0.0.1:19501
	NODE2_ADDR=127.0.0.1:19502
	NODE3_ADDR=127.0.0.1:19503
	NODE4_ADDR=127.0.0.1:19504
	package main

	import (
	"encoding/hex"
	"fmt"
	"os"

	"github.com/decred/dcrd/chaincfg/chainhash"
	"github.com/decred/dcrd/txscript/v4"
	"github.com/decred/dcrd/wire"
	#!/bin/bash

	# Based on the directions here: https://wiki.archlinux.org/index.php/DeveloperWiki:Building_in_a_Clean_Chroot
	# This will take a while to build, with most of the time spent on QT4. There is some redundancy with creating
	# multiple clean chroots, but I think this approach is easier and more reliable for most systems.

	# Specify a build directory. Defaults to /tmp:
	BUILDDIR="/tmp"

	# Install devtools if it's not already installed:
	// Now available in package form at https://github.com/rjz/githubhook

	package handler

	// https://developer.github.com/webhooks/
	import (
	"crypto/hmac"
	"crypto/sha1"
	"encoding/hex"
	"errors"
	package future

	// A Future represents the result of some asynchronous computation.
	// Future returns the result of the work as an error, or nil if the work
	// was performed successfully.
	// Implementers must observe these invariants
	// 1. There may be multiple concurrent callers, or Future may be called many
	// times in sequence, it must always return the same value.
	// 2. Future blocks until the work has been performed.
	type Future func() error