On Mon, Mar 3, 2008 at 3:55 AM, Mark Miller <erights at gmail.com> wrote:
> On Sun, Mar 2, 2008 at 5:34 PM, David Wagner <daw at cs.berkeley.edu> wrote:
> > (I seem to recall discussing this second attack when we did the
> > Waterken security review. I think Tyler may have already applied
> > the second transformation to defeat the second attack -- though I
> > cannot remember.
>
> I don't remember either, and I'm curious. Tyler?
The mint we looked at in the Waterken security review implemented the
IOU protocol, rather than the SimpleMoney protocol, but I think the
analogous call is Transfer.transfer():
transfer(final Hold src, final Hold dst) {
return ref(kind.unsealer.unseal(((HoldX)dst).x).take(
kind.unsealer.unseal(((HoldX)src).x)));
}
The PurseX.take() method is:
int take(final PurseX src) {
if (dead) { throw new NullPointerException(); }
if (src.dead) { throw new NullPointerException(); }
final int r = src.balance;
balance += r;
src.balance = 0;
return r;
}
So, I don't think this implementation has any of the bugs discussed in
this email.
--Tyler