You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ideal Behavior:
Prior to connecting, a peer would validate that the remote is on their whitelist.
Actual Behvaior:
If remote peer calls addPeer, they can subvert the client's whitelist.
Example: Peer A creates a swarm with only Peer B on the whitelist. If Peer C calls addPeer(A), then A will allow the connection, even though they have not whitelisted Peer C.
constswarm=require('discovery-swarm')// On Peer A's computer with IP 192.168.128.100constopts={whitelist: ['192.168.128.200']// Peer B}constsw=swarm(opts)sw.listen(19000)// On Peer C's computer with IP IP 192.168.128.50constsw=swarm()sw.addPeer('arbitraryName',{host: '192.168.128.100',port: '19000'})
The text was updated successfully, but these errors were encountered:
Ideal Behavior:
Prior to connecting, a peer would validate that the remote is on their whitelist.
Actual Behvaior:
If remote peer calls addPeer, they can subvert the client's whitelist.
Example: Peer A creates a swarm with only Peer B on the whitelist. If Peer C calls addPeer(A), then A will allow the connection, even though they have not whitelisted Peer C.
The text was updated successfully, but these errors were encountered: