You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a risk that between the moment you review a multisig transaction, it is changed under the hood and you approve the wrong thing.
Ideally, multisig review prints a transaction ID, and you approve of a transaction ID, that you check before and after approval. Pass a --verify-id hash or something...
The text was updated successfully, but these errors were encountered:
There is still a race condition. We can do get table on eosio.msig right before the approve, hash the packed TX and right after as you said you approve we check again and can immediately cancel if there's a mismatch.....
It's not bulletproof (ideally the approve msig would have that built-in, maybe we optional param so it's backward compat). but ok mitigation.
There is a risk that between the moment you review a multisig transaction, it is changed under the hood and you approve the wrong thing.
Ideally,
multisig review
prints a transaction ID, and you approve of a transaction ID, that you check before and after approval. Pass a--verify-id hash
or something...The text was updated successfully, but these errors were encountered: