p30629751
/
merkletreejs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update README

This commit is contained in:
Miguel Mota 2022-11-14 09:34:46 -08:00
parent 429669cb53
commit 2861f03fde
No known key found for this signature in database
GPG Key ID: 67EC1161588A00F9
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -142,9 +142,15 @@ npm test
As is, this implemenation is vulnerable to a [second pre-image attack](https://en.wikipedia.org/wiki/Merkle_tree#Second_preimage_attack). Use a difference hashing function for leaves and nodes, so that `H(x) != H'(x)`. As is, this implemenation is vulnerable to a [second pre-image attack](https://en.wikipedia.org/wiki/Merkle_tree#Second_preimage_attack). Use a difference hashing function for leaves and nodes, so that `H(x) != H'(x)`.
Also, as is, this implementation is vulnerable to a forgery attack for an unbalanced tree, where the last leaf node can be duplicated to create an artificial balanced tree, resulting in the same Merkle root hash. Do not accept unbalanced tree to prevent this. Also, as is, this implementation is vulnerable to a forgery attack for an unbalanced tree, where the last leaf node can be duplicated to create an artificial balanced tree, resulting in the same Merkle root hash. Do not accept unbalanced tree to prevent this. More info [here](https://bitcointalk.org/?topic=102395).
More info [here](https://bitcointalk.org/?topic=102395). Please use the library [@openzeppelin/merkle-tree](https://github.com/OpenZeppelin/merkle-tree) if you're integrating with OpenZeppelin contracts or using multiproofs.
There are known issues with multiproof implementation as pointed out in [issues](https://github.com/merkletreejs/merkletreejs/issues/63).
### Disclaimer
This library was created for my own purposes and is provided as-is. Use at your own risk.
## Resources ## Resources