generated from proofoftom/buidler-waffle-typechain-quasar
-
Notifications
You must be signed in to change notification settings - Fork 91
Attack Vector Taxonomy
Spencer Graham edited this page Jun 10, 2020
·
7 revisions
This page lists all the known attack vectors of a fully trust-minimized clr.fund, with the purpose of deciding which to address vs. which to circumvent via trusted mechanisms for the MVP and each subsequent phase
This is a work in progress -- please add attack vectors that are missing
- Making contributions to a given recipient from fake (aka sybil) accounts -- this is what using BrightId is meant to prevent
- Bribing individuals to contribute to a given recipient -- this is what MACI is meant to prevent
- Fill up the recipient list for a given round so that you are the only one who can receive funds
- others?
- Message-based DOS attack: fill up the message tree with spam to prevent others from sending messages
- Contributor-based DOS attack: fill up the user tree to prevent others from contributing
- Recipient-based DOS attack: fill up the recipient list with spam to prevent others from signing up as recipients
- others?