electrum-cash activity

bitcoincashautist commented on issue #40 at electrum-cash / Electrum-Cash Application

2026-03-16T19:13:10Z

The CVE is more of a headache:

 * Forged tree (attacker claims 16 leaves):
 *
 *                             [**root**]
 *                      __________/  \__________________
 *                     /                                \
 *                   14                                 c                   Height 3
 *                _ /   \ _                    _______/   \_____
 *              /           \                 /                 \
 *             6             13              b                   b'         Height 2
 *           /    \        /    \         /      \            /     \
 *          2      5      9      12      17       a         17'      a'     Height 1
 *         / \    / \    / \    /  \    /  \     /  \      /  \     /  \
 *        0   1  3   4  7   8  10  11  15  16   18  18'   15' 16'  18' 18'  Height 0
 *        ----------------------------------------------------------------
 *        0   1  2   3  4   5   6   7   8   9   10   11!  12! 13!  14! 15!
 *
 *     Nodes with ! are phantom leaves. The attacker duplicated the entire
 *     subtree under 'b' to create fake leaves 11-15.
 *
 * The attack works because:
 *   - Real proof for leaf 9:    [15, a, b', 14] with b' as RIGHT sibling
 *   - Forged proof for leaf 13: [15', a', b, 14] with b as LEFT sibling
 *
 * The CVE guard detects this: in forged proofs, a duplicate will appear as a
 * LEFT sibling (sibling == current when index bit is 1). Legitimate duplicates
 * from bagging only appear as RIGHT siblings.

Since I shared this with Jonathan I have removed js lib and replaced it with ts. Then, I have updated my lib to ts-v1.1.0 and it now has proper guards against the CVE. Also, added a readme: https://gitlab.com/0353F40E/mmr-accumulator/-/blob/master/readme.md

Jonathan Silverblood opened issue #40: Implement Simplified Header Verification (SHV) at electrum-cash / Electrum-Cash Application

2026-03-13T07:12:07Z

Jonathan Silverblood closed issue #36: Update pipeline to v1.1.0 at electrum-cash / Electrum-Cash Application

2026-03-11T10:17:08Z

Changes:

package lint job renamed to style
package syntax job now required

Jonathan Silverblood deleted project branch 36-update-pipeline-to-v1-1-0 at electrum-cash / Electrum-Cash Application

2026-03-11T10:15:53Z

Jonathan Silverblood (d655dbe6) at 11 Mar 10:15

Jonathan Silverblood pushed to project branch development at electrum-cash / Electrum-Cash Application

2026-03-11T10:15:51Z

Jonathan Silverblood (8a050c0d) at 11 Mar 10:15

Merge branch '36-update-pipeline-to-v1-1-0' into 'development'

... and 1 more commit

Jonathan Silverblood accepted merge request !11: Resolve "Update pipeline to v1.1.0" at electrum-cash / Electrum-Cash Application

2026-03-11T10:15:51Z

Closes #36

Jonathan Silverblood pushed to project branch 36-update-pipeline-to-v1-1-0 at electrum-cash / Electrum-Cash Application

2026-03-11T10:12:35Z

Jonathan Silverblood (d655dbe6) at 11 Mar 10:12

Merge branch '36-update-pipeline-to-v1-1-0' of https://gitlab.com/e...

... and 1 more commit

Jonathan Silverblood pushed to project branch 36-update-pipeline-to-v1-1-0 at electrum-cash / Electrum-Cash Application

2026-03-11T10:11:39Z

Jonathan Silverblood (06ef733b) at 11 Mar 10:11

update pipeline

... and 4 more commits

Jonathan Silverblood pushed to project branch 36-update-pipeline-to-v1-1-0 at electrum-cash / Electrum-Cash Application

2026-03-11T10:10:21Z

Jonathan Silverblood (e7ce86ba) at 11 Mar 10:10

Jonathan Silverblood closed issue #37: Add broadcast() function at electrum-cash / Electrum-Cash Application

2026-03-10T09:26:33Z

Jonathan Silverblood deleted project branch 37-add-broadcast-function at electrum-cash / Electrum-Cash Application

2026-03-10T09:26:28Z

Jonathan Silverblood (4b7ac9f0) at 10 Mar 09:26

Jonathan Silverblood accepted merge request !12: Resolve "Add broadcast() function" at electrum-cash / Electrum-Cash Application

2026-03-10T09:26:21Z

Closes #37

Jonathan Silverblood pushed to project branch development at electrum-cash / Electrum-Cash Application

2026-03-10T09:26:21Z

Jonathan Silverblood (2d33a7e1) at 10 Mar 09:26

Merge branch '37-add-broadcast-function' into 'development'

... and 1 more commit

Jonathan Silverblood pushed to project branch 37-add-broadcast-function at electrum-cash / Electrum-Cash Application

2026-03-10T09:23:23Z

Jonathan Silverblood (4b7ac9f0) at 10 Mar 09:23

...

Jonathan Silverblood pushed to project branch 37-add-broadcast-function at electrum-cash / Electrum-Cash Application

2026-03-10T09:20:43Z

Jonathan Silverblood (6ee1b6a4) at 10 Mar 09:20

update test and tsdown proactively

... and 1 more commit

Jonathan Silverblood pushed to project branch 37-add-broadcast-function at electrum-cash / Electrum-Cash Application

2026-03-10T09:14:39Z

Jonathan Silverblood (ad41337c) at 10 Mar 09:14

Merge branch 'development' into 37-add-broadcast-function

... and 1 more commit

Jonathan Silverblood pushed to project branch 37-add-broadcast-function at electrum-cash / Electrum-Cash Application

2026-03-10T09:11:39Z

Jonathan Silverblood (5fa96ff5) at 10 Mar 09:11

add broadcast function

... and 2 more commits

Jonathan Silverblood pushed to project branch 37-add-broadcast-function at electrum-cash / Electrum-Cash Application

2026-03-10T09:07:38Z

Jonathan Silverblood (6992b7b6) at 10 Mar 09:07

add broadcast function

Jonathan Silverblood pushed to project branch 37-add-broadcast-function at electrum-cash / Electrum-Cash Application

2026-03-10T09:04:58Z

Jonathan Silverblood (ccda5fc1) at 10 Mar 09:04

update package and lock

... and 1 more commit

Jonathan Silverblood pushed to project branch 37-add-broadcast-function at electrum-cash / Electrum-Cash Application

2026-03-10T09:02:45Z

Jonathan Silverblood (4ccd3547) at 10 Mar 09:02

update package lock to resolve conflicts