You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current implementation allows for an Update Account Permission transaction to be exploited by hackers to completely take over the permissions of a victim's account. This means that once a malicious party gains access to perform this transaction, they can override the existing permissions, ruling the account and victim completely lost the control of account.
Recommendation:
In any situation, nobody can revoke control of an account from private key. Implementing this will prevent unauthorized parties from transferring or modifying account permissions, thereby maintaining the integrity and security of user accounts.
The text was updated successfully, but these errors were encountered:
@aghamir Once the private key is lost, the account is completely out of control. In a multi-signature system, will the account become even less secure?
Issue Details:
The current implementation allows for an Update Account Permission transaction to be exploited by hackers to completely take over the permissions of a victim's account. This means that once a malicious party gains access to perform this transaction, they can override the existing permissions, ruling the account and victim completely lost the control of account.
Recommendation:
In any situation, nobody can revoke control of an account from private key. Implementing this will prevent unauthorized parties from transferring or modifying account permissions, thereby maintaining the integrity and security of user accounts.
The text was updated successfully, but these errors were encountered: