Questions tagged [security]
The security tag has no usage guidance.
34
questions
1
vote
1
answer
25
views
What number of confirmations is considered secure in Cardano?
There is k finalization param in Ouroboros, but it is absolutely non-practical. It takes around 36 hours AFAIU.
1
vote
0
answers
28
views
What's the benefit of headers-first sync in Cardano?
Looking at the source code, it seems that Cardano used to not have headers-first sync, but later, it started doing headers-first sync. In bitcoin, there's a benefit in headers-first sync because block ...
0
votes
1
answer
48
views
Opportunity for theft of funds in Martify marketplace
I am some kinda embarrassed by "mkBuyValidator" in Martify Marketplace on-chain code . For buyer there is only one check for token transfer (on line 68):
(valueOf (valuePaidTo info sig) (...
0
votes
1
answer
90
views
Confusion about the time until true immutability
The security parameter k is set to 2160 blocks. The code comment describing this genesis parameter makes it crystal clear it defines the maximum number of blocks the chain could potentially roll back. ...
1
vote
1
answer
87
views
Cardano-cli requires signing key to be a file, fails with a named pipe
Please see the discussion here. https://forum.cardano.org/t/cardano-cli-signing-a-transaction-without-directly-accessing-the-skey-file-in-plain-text/103742/11
cardano-cli should be able to read ...
3
votes
1
answer
55
views
What is the best (and most secure) way to store private keys in an Express server?
I'm working on a server that will have access to a specific wallet that hold funds and NFTs to submit transactions. Therefore, it will have to manage private keys.
I'm thinking of storing them ...
0
votes
1
answer
319
views
How Do I Deploy a Wallet Connector to the Website in a Safe Way
If I want to start making a program that connects to the user's web wallet, such as nami in the google chrome browser, how do I ensure the security of the connection?
Using Nami and Google Chrome are ...
2
votes
1
answer
89
views
How expressive & secure is the Plutarch eDSL?
The Plutarch eDSL tries to control how plutus core is generated to create a smaller and thus a more efficient validator script (their GitHub).
I am not an in depth user of this tool. Does its approach ...
0
votes
1
answer
78
views
Cardano dapp user authentication based on the wallet address
What are the best options to add user-authentication system based on the wallet address for my website? Thanks
0
votes
2
answers
281
views
Is there a way to know if your wallet was restored (accessed) without a transaction being made?
In most cases, I would assume that if your wallet is compromised, your funds are going to be stolen and that is how you are going to know it is compromised. However, let's assume a hypothetical threat ...
1
vote
3
answers
130
views
What Utility Do Third-Party Services Provide with Undisclosed Slot Lottery Information?
Small Sample of Concerns Belonging to Larger Family of Unknown Real or Figurative Concerns
I would like to send my predetermined Slot Leader reports to PoolTool, yet I only use the API key they ...
1
vote
3
answers
93
views
What are some ways a SPO can attack the network and what mechanisms exist to discourage or mitigate such attacks?
What are some ways a SPO can attack the Cardano blockchain? E.g. in Bitcoin, a miner could intentionally exclude certain transactions to the extend that the miner's hash power allows. Is something ...
3
votes
1
answer
57
views
Can you run a stake pool pseudonymously?
To be a stake pool operator and run a stake pool, can you do this pseudonymously? If so, What are the pro/cons to this?
Would this be preferred to prevent hacks, enhance DevSecOp, and potentially ...
1
vote
0
answers
38
views
Design considerations when automatically signing and submitting Cardano transactions
Automating transactions (eg an Oracle that regularly publishes meta data to the blockchain) require that we balance the necessity to sign each transaction using a signing key with the security of the ...
5
votes
2
answers
381
views
Can I avoid using a public IP on Block-Producer (BP) node?
My BP and relays are on the same local subnet, I would prefer to give them the private IP address in the topology files.
However, all of the guides I've come across explicitly state using public IPs. ...