Exactly a year ago, I discovered a vulnerability in Cashu: https://gist.github.com/lontivero/91b98dbb44b45140b9b7090229f2b8ca
It was fixed immediatelly in this commit: https://github.com/cashubtc/nutshell/commit/6db4604f998bc5499594cbc55f6c7c2dd9708710 and further improved in subsequent commits.
"A year ago, you found a bug that could've made my wallet cry... but luckily it got fixed ASAP! Nice job being the superhero of security, @username! #bugfinder #securityawareness"
Correction: It was almost eleven months ago.
I want to thank nostr:nprofile1qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qyg8wumn8ghj7mn0wd68ytnddakj7qg4waehxw309ahx7um5wghx77r5wghxgetk9uq3zamnwvaz7tmwdaehgu3wwa5kuef0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qpqnccwjspr3nv7h67xx2qhdh2dzzvpyy55gte2dsu8yl7xd7n74y9qcat3rp from the Wasabi team for responsibly disclosing this vulnerability in Cashu's cryptography around one year ago.
I also thank nostr:nprofile1qqstpvqqp9mrxawksqx8h3rhgvw04tcr9gr96vqmytdvfynj363a72gzzycww , nostr:nprofile1qythwumn8ghj7ct5d3shxtnwdaehgu3wd3skuep0qythwumn8ghj7ct5d3shxtnwdaehgu3wd3skuep0qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qtxwaehxw309anxjmr5v4ezumn0wd68ytnhd9hx2tmwwp6kyvtkv9jxxenvdc682em5xf5rjun4waeh2am4x4m82dtpd568scttvymhqaekd5mkz7rexuukzutedpcrvaf4wyukkmn4w5mn7cnjdaskgcmpwd6r6arjw4jszenhwden5te0ve5kcar9wghxummnw3ezuamfdejj7mnsw43rzanpv33kvmrwx36kwapjdquhyathwd6hwaf4we6n2ctdx3uxz6mpxac8wdndxashs7fh89shz7tgwqm82dt3894kuat4xulkyun0v9jxxctnws7hgun4v5q36amnwvaz7tmwdaehgu3dxqcjucn0d36zummzwdjhyan9wghsz8thwden5te0dehhxarj95crztnzdak8gtn0vfek2unkv4ez7qg7waehxw309ahx7um5wgkhqatz9emk2mrvdaexgetj9ehx2ap0qy08wumn8ghj7mn0wd68yttsw43zuam9d3kx7unyv4ezumn9wshsz8thwden5te0dehhxarj94ex2mrp0yh8wmrkwvh8xurpvdjj7qgawaehxw309ahx7um5wgkhyetvv9ujuamvweejuumsv93k2tcpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qywhwumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctv9uq3qamnwvaz7tmwdaehgu3wwa5kuegpzpmhxue69uhkummnw3ezuamfdejsz8rhwden5te0dehhxarjxyh8gatwdejkcumpw3ejucm0d5hsz8rhwden5te0dehhxarjxyh8gatwdejkcumpw3ejucm0d5hsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgkwaehxw309aex2mrp0yhxummnw3ezucnpdejqz9mhwden5te0wfjkccte9ehx7um5wghxjmnxduhsz9mhwden5te0wfjkccte9ehx7um5wghxjmnxduhszxthwden5te0wfjkccte9eekummjwsh8xmmrd9skctcpr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uq35amnwvaz7tmjv4kxz7t9wghxv6tpw34xze3wvdhk6tcprfmhxue69uhhyetvv9uk2u3wve5kzar2v9nzucm0d5hsqgr8twz0ua0zz64eglr58rh9r898wafhdh0stkklhf3830gp9cwh9q4geruw , Ruben Somson, and the Cashu devs, who were instrumental for finding a fix in a very short time. It was a couple of chaotic and exciting days (can live without it though!).
Here is a more in-depth analysis of the issue and how we ended up fixing it.
https://gist.github.com/callebtc/0bb0c1ce8ed030dd7c9330b70aec3b6d
nostr:nprofile1qqs9pk20ctv9srrg9vr354p03v0rrgsqkpggh2u45va77zz4mu5p6ccpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qgkwaehxw309a5xjum59ehx7um5wghxcctwvshszrnhwden5te0dehhxtnvdakz7qrxnfk shared the post-mortem document with me. I am happy to see the Cashu team working so seriously on vulnerabilities. Congratulations, awesome work.
https://gist.github.com/callebtc/0bb0c1ce8ed030dd7c9330b70aec3b6d
Susan is a prominent investor in the cryptocurrency space, known for her insightful strategies and deep understanding of the rapidly evolving digital asset market. With a strong focus on Bitcoin and other major cryptocurrencies, she navigates the complexities of blockchain technology, market cycles, and regulatory landscapes to make informed trading decisions. Susan approach combines technical analysis with a keen eye on macroeconomic trends, allowing her to identify long-term opportunities while managing risk in the volatile crypto market. Her trading style emphasizes patience and adaptability, helping her capitalize on both bullish trends and market corrections. Investors following her moves are often drawn to her disciplined yet forward-thinking approach to crypto trading... Inbox 👍 Susan on WhatsApp: +13184079133 For more guide 🙏💯
