Skip to content

gtanzer/tangled-curl

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
burn_bundles.go
burn_bundles.go
 
 
curlexamples.py
curlexamples.py
 
 
main.go
main.go
 
 
steal_bundles.go
steal_bundles.go
 
 
vuln-iota.md
vuln-iota.md
 
 

Repository files navigation

Vulnerability report on IOTA and colliding bundles

Read the report here.

Examples of valid IOTA bundles which collide.

BURN_BUNDLEs collide on the 72nd trit of the Address field of the last transaction in each bundle.

STEAL_BUNDLEs collide on the 17th trit of the Value fields in the 4th and 6th transaction in each bundle.

The bundles in each pair have the same hash, and thus the same signature.

$ go build
$ ./tangled-curl
Collision! Can burn funds
Collision! Can steal funds
$

About

IOTA's hash function curl is broken

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 95.4%
  • Python 4.6%