Skip to content

Instantly share code, notes, and snippets.

View chappjc's full-sized avatar

Jonathan Chappelow chappjc

View GitHub Profile

Vulnerability in utxo mempool observation

THORChain operates by delegating a large number of small transactions to nodes that each hold their own hot wallet called "Yggdrasil" that is constantly topped up.

Node operators know their Yggdrasil wallet private key. To prevent theft, the Yggdrasil wallet is monitored for outbounds and any unauthorised outbounds results in a bond fine of 1.5x stolen.

A vulnerability exists where an attacker can replace legitimate outbounds in the mempool with nefarious non-observable transactions resulting in theft from SWAP/WITHDRAW recipients (customers).


chris-belcher /
Last active July 10, 2024 23:47
Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility

Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility



Imagine a future where a user Alice has bitcoins and wants to send them with maximal privacy, so she creates a special kind of transaction. For anyone looking at the blockchain her transaction appears completely normal with her coins seemingly going from address A to address B. But in reality her coins end up in address Z which is entirely unconnected to either A or B.

Now imagine another user, Carol, who isn't too bothered by privacy and sends her bitcoin using a regular wallet which exists today. But because Carol's transaction looks exactly the same as Alice's, anybody analyzing the blockchain must now deal with the possibility that Carol's transaction actually sent her coins to a totally unconnected address. So Carol's privacy is improved even though she didn't change her behaviour, and perhaps had never even heard of this software.

matheusd / parallel-nodes.tmux
Created October 5, 2018 13:47
Tmux setup for simnet and 2 parallel nodes with wallets to test reorgs
# Script to setup parallel dcrd nodes with separate wallets.
# Useful for testing reorgs by disconnecting nodes, mining individually, then
# reconnecting them.
# alpha <------> beta
# listen 19100 19200
# rpclisten 19101 <. .> 19201
# w-alpha | | w-beta
davecgh /
Last active November 13, 2018 06:25
Script to create a sample 8 node Decred simnet network
set -e
davecgh / decred_example_txscript_step.go
Last active November 5, 2023 18:12
Example of stepping through a Decred script using the txscript API.
package main
import (
lisabbasil /
Last active November 8, 2018 01:43 — forked from anonymous/
Quick and simple shell script for updating lib32-qt4 in Arch Linux.
# Based on the directions here:
# This will take a while to build, with most of the time spent on QT4. There is some redundancy with creating
# multiple clean chroots, but I think this approach is easier and more reliable for most systems.
# Specify a build directory. Defaults to /tmp:
# Install devtools if it's not already installed:
rjz / handler.go
Last active March 26, 2024 23:40
Handle Github webhooks with golang
// Now available in package form at
package handler
import (
denji /
Last active July 1, 2024 05:41 — forked from spikebike/client.go
Simple Golang HTTPS/TLS Examples

Moved to git repository:

Generate private key (.key)
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
package future
// A Future represents the result of some asynchronous computation.
// Future returns the result of the work as an error, or nil if the work
// was performed successfully.
// Implementers must observe these invariants
// 1. There may be multiple concurrent callers, or Future may be called many
// times in sequence, it must always return the same value.
// 2. Future blocks until the work has been performed.
type Future func() error