Fixed duplicate share vulnerability with the nonce

zone117x fix
pedromaestu · Sep 30, 2014 · 780b525 · 780b525
1 parent cd36f84
commit 780b525
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/pool.js b/lib/pool.js
@@ -518,7 +518,11 @@ function handleMinerMethod(method, params, ip, portData, sendReply, pushMessage)
                 return;
             }
 
+	    params.nonce = params.nonce.substr(0, 8).toLowerCase();
+
             if (job.submissions.indexOf(params.nonce) !== -1){
+                var minerText = miner ? (' ' + miner.login + '@' + miner.ip) : '';
+                log('warn', logSystem, 'Duplicate share: ' + JSON.stringify(params) + ' from ' + minerText);
                 sendReply('Duplicate share');
                 return;
             }