Skip to content

Commit

Permalink
Fix potential share duplication vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@traysi
traysi committed Apr 30, 2020
1 parent f59b1e2 commit d892f77
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
5 changes: 4 additions & 1 deletion lib/jobManager.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ var JobManager = module.exports = function JobManager(options) {

};

this.processShare = function (miner_given_jobId, previousDifficulty, difficulty, miner_given_nonce, ipAddress, port, workerName, miner_given_header, miner_given_mixhash, callback_parent) {
this.processShare = function (miner_given_jobId, previousDifficulty, difficulty, miner_given_nonce, ipAddress, port, workerName, miner_given_header, miner_given_mixhash, extraNonce1, callback_parent) {

var submitTime = Date.now() / 1000 | 0;

Expand Down Expand Up @@ -224,6 +224,9 @@ var JobManager = module.exports = function JobManager(options) {
if (miner_given_mixhash.length !== 64)
return shareError([20, 'incorrect size of mixhash, must be 32 bytes']);

if (miner_given_nonce.indexOf(extraNonce1.substring(0,4)) !== 0)
return shareError([24, 'nonce out of worker range']);

if (!job.registerSubmit(header_hash.toLowerCase(), miner_given_nonce.toLowerCase()))
return shareError([22, 'duplicate share']);

Expand Down
3 changes: 2 additions & 1 deletion lib/pool.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -466,7 +466,8 @@ var pool = module.exports = function pool(options, authorizeFn) {
client.socket.localPort,
params.name,
params.header,
params.mixhash
params.mixhash,
client.extraNonce1
, function (result) { resultCallback(result.error, result.result ? true : null) });

}).on('malformedMessage', function (message) {
Expand Down

0 comments on commit d892f77

Please sign in to comment.