Bitcoin Forum
June 14, 2024, 01:04:47 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Alternate cryptocurrencies > Altcoin Discussion > Vulnerability in mmcFE Manual Withdrawal Logic
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Vulnerability in mmcFE Manual Withdrawal Logic  (Read 524 times)
the1silverwolf (OP)
Member
**
Offline Offline

Activity: 112
Merit: 10



View Profile
June 09, 2013, 06:01:30 AM
 #1
To: Any pool operator using mmcFE or any one of a dozen derivative forks.

A vulnerability has been discovered in the Manual Withdrawal logic that can allow Withdrawals to be duplicated.

The vulnerability is in accountdetails.php.

Essentially firing off several withdrawal requests in less than a second can sometimes allow multiple withdrawals to be processed.

Resulting in duplicate payments being sent before the first one completes and the users account balance is set to 0.

You should disable manual withdrawal until you can code a work around.

Details here : https://bitcointalk.org/index.php?topic=228419.msg2416246#msg2416246

Moderator : you might want to make this thread a sticky as there are tons of pools based upon this code.
--
the1silverwolf
Pages: [1]
  Print  
Bitcoin Forum > Alternate cryptocurrencies > Altcoin Discussion > Vulnerability in mmcFE Manual Withdrawal Logic
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!