Quick update:
Yesterday the network had a breach where an issue with the public key to wallet verification enabled somone to steal and re-sell 800K BMB.
The patch for this issue was simple, and the cost of not having the patch catastrophic (it enabled anyone to steal funds with a simple tampering of transaction data because the signature attached to a transaction was not checked against the withdrawing wallet to ensure they were both from the same private key).
Luckily the funds were returned by the buyer.
You can see the patch here:
https://github.com/mr-pandabear/bamboo/commit/e8336611c3f4add703e925d65c581dfc516cc0bd#diff-bb0926cbaf68b7b7f85dbfae0e096e891684164d8b0602fac0cc3ebbccb1885aR122
The network has now been patched and is functioning as normal.
Yesterday the network had a breach where an issue with the public key to wallet verification enabled somone to steal and re-sell 800K BMB.
The patch for this issue was simple, and the cost of not having the patch catastrophic (it enabled anyone to steal funds with a simple tampering of transaction data because the signature attached to a transaction was not checked against the withdrawing wallet to ensure they were both from the same private key).
Luckily the funds were returned by the buyer.
You can see the patch here:
https://github.com/mr-pandabear/bamboo/commit/e8336611c3f4add703e925d65c581dfc516cc0bd#diff-bb0926cbaf68b7b7f85dbfae0e096e891684164d8b0602fac0cc3ebbccb1885aR122
The network has now been patched and is functioning as normal.
Great work, I am glad it was discovered this early in development and just 2 people were affected.
