[e-lang] An attack on a mint

Tyler Close tyler.close at gmail.com
Mon Mar 3 10:24:59 EST 2008

On Mon, Mar 3, 2008 at 3:55 AM, Mark Miller <erights at gmail.com> wrote:
> On Sun, Mar 2, 2008 at 5:34 PM, David Wagner <daw at cs.berkeley.edu> wrote:
>  >  (I seem to recall discussing this second attack when we did the
>  >  Waterken security review.  I think Tyler may have already applied
>  >  the second transformation to defeat the second attack -- though I
>  >  cannot remember.
>  I don't remember either, and I'm curious. Tyler?

The mint we looked at in the Waterken security review implemented the
IOU protocol, rather than the SimpleMoney protocol, but I think the
analogous call is Transfer.transfer():

    transfer(final Hold src, final Hold dst) {
        return ref(kind.unsealer.unseal(((HoldX)dst).x).take(

The PurseX.take() method is:

     int take(final PurseX src) {
            if (dead) { throw new NullPointerException(); }
            if (src.dead) { throw new NullPointerException(); }
            final int r = src.balance;
            balance += r;
            src.balance = 0;
            return r;

So, I don't think this implementation has any of the bugs discussed in
this email.


More information about the e-lang mailing list