Starting a new mix is out of service for a few minutes due to a vulnerability in the token emission box contract!
This issue has nothing to do with user’s deposits/half-boxes/full-boxes and only concerns owners’ boxes.
Already in progress mixes can continue to work with no problem; only starting a new mix requires you to update to the new code/binary.
Even if you have mixes in progress, You can update to the new code/binary. Your mixes will continue to work with no problem after the update.
By using this vulnerability, in some cases, one could spend more than one of our token boxes and only provide a single copy of the token box in the outputs of the spending transaction. one could send token boxes’ ergs to her own address but could not have more tokens than she was supposed to have.
Btw, no attack was performed usign this vulnerability!
Fixed code/binary will be ready to be used in just a few minutes.
Also, support for token mixing will be added soon.
Very cool. I have a small question about this ErgoMix implementation. How does it end up submitting txs without requiring an unlocked wallet? Is it due to the fact that the P2S contracts require no signature and so you can simply craft a valid tx (with the secret required held locally/privately) and post it to the network via any node?
And if there is no signing, could this be susceptible to a MitM attack? My memory of ErgoMix is a bit fuzzy (and I haven’t read the contracts), but seeing as the withdrawal address is editable and the tx (I believe?) is unsigned, can’t someone copy the payload, change the withdrawal address, submit a larger fee, and withdraw your coins first?
I’m probably missing something since I’m inferring a bit since there explanation for this implementation hasn’t been written yet, but if you could respond that would be great @anon2020s
@anon2020s 's mixer is based on mine. And mine is based on ErgoAppKit. The latter has signing functionality, then the mixer is not using the node in order to form and sign the transactions, it also keeps secrets locally (a lot of one-time secrets being used, one new secret per each step of mixing). The node is used only for broadcasting.