Skip to main content
Cardano

Questions tagged [security]

Ask Question

The tag has no usage guidance.

34 questions
Newest Active Bountied Unanswered
1 vote
1 answer
25 views

What number of confirmations is considered secure in Cardano?

There is k finalization param in Ouroboros, but it is absolutely non-practical. It takes around 36 hours AFAIU.
uhbif19's user avatar
uhbif19
  • 121
1 vote
0 answers
28 views

What's the benefit of headers-first sync in Cardano?

Looking at the source code, it seems that Cardano used to not have headers-first sync, but later, it started doing headers-first sync. In bitcoin, there's a benefit in headers-first sync because block ...
The Quantum Physicist's user avatar
The Quantum Physicist
  • 123
0 votes
1 answer
48 views

Opportunity for theft of funds in Martify marketplace

I am some kinda embarrassed by "mkBuyValidator" in Martify Marketplace on-chain code . For buyer there is only one check for token transfer (on line 68): (valueOf (valuePaidTo info sig) (...
Anastasia Martyniuk's user avatar
Anastasia Martyniuk
  • 37
0 votes
1 answer
90 views

Confusion about the time until true immutability

The security parameter k is set to 2160 blocks. The code comment describing this genesis parameter makes it crystal clear it defines the maximum number of blocks the chain could potentially roll back. ...
LACE pool's user avatar
LACE pool
  • 609
1 vote
1 answer
87 views

Cardano-cli requires signing key to be a file, fails with a named pipe

Please see the discussion here. https://forum.cardano.org/t/cardano-cli-signing-a-transaction-without-directly-accessing-the-skey-file-in-plain-text/103742/11 cardano-cli should be able to read ...
Alfred Vilsmeier's user avatar
Alfred Vilsmeier
  • 21
3 votes
1 answer
55 views

What is the best (and most secure) way to store private keys in an Express server?

I'm working on a server that will have access to a specific wallet that hold funds and NFTs to submit transactions. Therefore, it will have to manage private keys. I'm thinking of storing them ...
Falcon Stakepool's user avatar
Falcon Stakepool
  • 1,085
0 votes
1 answer
319 views

How Do I Deploy a Wallet Connector to the Website in a Safe Way

If I want to start making a program that connects to the user's web wallet, such as nami in the google chrome browser, how do I ensure the security of the connection? Using Nami and Google Chrome are ...
KryptoKing's user avatar
KryptoKing
  • 952
2 votes
1 answer
89 views

How expressive & secure is the Plutarch eDSL?

The Plutarch eDSL tries to control how plutus core is generated to create a smaller and thus a more efficient validator script (their GitHub). I am not an in depth user of this tool. Does its approach ...
Fermat's user avatar
Fermat
  • 1,872
0 votes
1 answer
78 views

Cardano dapp user authentication based on the wallet address

What are the best options to add user-authentication system based on the wallet address for my website? Thanks
Tahzeeb's user avatar
Tahzeeb
  • 23
0 votes
2 answers
281 views

Is there a way to know if your wallet was restored (accessed) without a transaction being made?

In most cases, I would assume that if your wallet is compromised, your funds are going to be stolen and that is how you are going to know it is compromised. However, let's assume a hypothetical threat ...
Jacob - SNOWY Pool's user avatar
Jacob - SNOWY Pool
  • 563
1 vote
3 answers
130 views

What Utility Do Third-Party Services Provide with Undisclosed Slot Lottery Information?

Small Sample of Concerns Belonging to Larger Family of Unknown Real or Figurative Concerns I would like to send my predetermined Slot Leader reports to PoolTool, yet I only use the API key they ...
Louis Waweru's user avatar
Louis Waweru
  • 275
1 vote
3 answers
93 views

What are some ways a SPO can attack the network and what mechanisms exist to discourage or mitigate such attacks?

What are some ways a SPO can attack the Cardano blockchain? E.g. in Bitcoin, a miner could intentionally exclude certain transactions to the extend that the miner's hash power allows. Is something ...
Joshua Chia's user avatar
Joshua Chia
  • 1,255
3 votes
1 answer
57 views

Can you run a stake pool pseudonymously?

To be a stake pool operator and run a stake pool, can you do this pseudonymously? If so, What are the pro/cons to this? Would this be preferred to prevent hacks, enhance DevSecOp, and potentially ...
TheStophe's user avatar
TheStophe
  • 400
1 vote
0 answers
38 views

Design considerations when automatically signing and submitting Cardano transactions

Automating transactions (eg an Oracle that regularly publishes meta data to the blockchain) require that we balance the necessity to sign each transaction using a signing key with the security of the ...
spirois's user avatar
spirois
  • 131
5 votes
2 answers
381 views

Can I avoid using a public IP on Block-Producer (BP) node?

My BP and relays are on the same local subnet, I would prefer to give them the private IP address in the topology files. However, all of the guides I've come across explicitly state using public IPs. ...
Louis Waweru's user avatar
Louis Waweru
  • 275

15 30 50 per page
1
2 3