Is the unlock_time field a security risk?

Hey all,

Say I'm a malicious cryptocurrency actor, but I have an established presence in the Monero community. For example, let's say I'm the lead developer or owner of Cake Wallet. Let's also say that for whatever reason I was scorned by someone in the Monero community and now I'm spiteful. I want to see it all burn.

I release an update to Cake Wallet and set the unlock_time field to ulong.MaxValue (uint64_t). Now as users go about their daily lives, sending funds, they slowly start to realize that their change is locked, and they aren't able to spend it. Instead of the change being available for use within the 10 block waiting period, it is perpetually unavailable for use. This change, which may sum to a collective billions of dollars, won't be available for their spending for a hundred million generations.

What do these users of Cake Wallet do? They can't do anything.

This event would become a stain on the Monero community, discouraging adoption and use.

Has anybody else thought of this as a vulnerability, am I correct, or incorrect?

submitted by /u/XMR-Agorist-Action
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *