收据是否对平台构成潜在的安全风险?
Are receipts a potential security risk for the platform?
来自文档:
The important feature of Receipts is that they don’t contain a signature. All receipts are valid by default. This means if a chunk receives a Receipt that contains token transfer, it will deposit tokens without a need to verify the source of the transfer, because all receipts are considered valid.
如果收据是通过网络(从一个分片到另一个分片)传递状态变化的主要方法,那么中间人攻击是否有可能注入无效收据并因此强制未签名交易应用于区块链?
还是我遗漏了什么?
那是不可能的,因为所有的收据都是默克尔化的,默克尔根包含在块头中。在应用块之前,验证器首先验证收据默克尔根是否与块头中的匹配。如果不匹配则该块无效并将被挑战。
来自文档:
The important feature of Receipts is that they don’t contain a signature. All receipts are valid by default. This means if a chunk receives a Receipt that contains token transfer, it will deposit tokens without a need to verify the source of the transfer, because all receipts are considered valid.
如果收据是通过网络(从一个分片到另一个分片)传递状态变化的主要方法,那么中间人攻击是否有可能注入无效收据并因此强制未签名交易应用于区块链?
还是我遗漏了什么?
那是不可能的,因为所有的收据都是默克尔化的,默克尔根包含在块头中。在应用块之前,验证器首先验证收据默克尔根是否与块头中的匹配。如果不匹配则该块无效并将被挑战。