-
v1.0.2 — relay hardening
vsecoder released this
2026-04-18 16:58:04 +02:00 Critical
- RELAY_PROOF dedup by envelopeID (chain.go): prevents N× fee drain
by N colluding relays extracting the sender's FeeSig from gossip
and each submitting their own claim. - DELETE /relay/inbox/{id} now requires Ed25519-signed proof of
ownership linked to the identity-registry X25519 (was anonymous
grief DELETE by anyone knowing a pub). - Rate-limit + body-size cap on all /relay/* HTTP endpoints
(was completely unbounded — 500-envelope burst per victim wiped
real messages via the FIFO eviction).
Serious
- CONTACT_REQUEST now refuses to overwrite a BlockContact record
back to pending — block becomes sticky, spammers can't unblock
themselves by paying another MinContactFee. - WS inbox:* and typing:* hard-fail when the authenticated identity
has no registered X25519 (was a soft-fail fallback that let
Ed25519-only identities subscribe to any inbox topic).
Downloads
- RELAY_PROOF dedup by envelopeID (chain.go): prevents N× fee drain