14:40:51
kiersten5821:matrix.org:
ok, i think this doesn't fix the problem, because the transfer function doesn't let you select inputs > <@jeffro256> https://github.com/monero-project/monero/pull/10281
14:41:00
kiersten5821:matrix.org:
so say a legitimate user did transfer, and the tx failed during the multisig step
14:41:04
kiersten5821:matrix.org:
and then a new block comes
14:41:05
kiersten5821:matrix.org:
and new inputs come in
14:41:11
kiersten5821:matrix.org:
and then the transfer function picks entirely different inputs
14:41:16
kiersten5821:matrix.org:
now you're bricked
14:41:25
kiersten5821:matrix.org:
because you can't distinguish this and the malicious ca
14:41:47
kiersten5821:matrix.org:
but you also can't make the transfer using the initial inputs
14:42:43
kiersten5821:matrix.org:
separately, the vuln response process readme https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md doesn't have a valid link to see the current pool available to pay bounties
16:04:10
jeffro256:
Its kind of hacky, but you can freeze of all the other inputs , then transfer, then thaw them all