Info
Source on GitHub
Smart Contract Address
0QAA8aYTV7vF7CPNzK7nZOGiKebX69NpcMgMGceoYqKwUhU1
Source on GitHub
Smart Contract Address
0QDsj2uAXnI9IOLqptUulnuYfEuX07DP3XhKUCGIxfdEN7ZT
Testing and Issues
You can test this entry and submit issues during the testing period of the Blockchain Contest, Stage 2 contest.
Entries with serious issues will not be able to win the contest, but even minor issues might be important for overall results.
Voting
Comments
Messenger.
Designed for exchanging encrypted messages between users. Uses Asymmetric Encryption. The sender encrypts his message with the public key of the recipient. The recipient decrypts the message with his private key. The keys are used the same as for signing and verifying the signature of messages in the contract code generated when creating the contract (Ed25519).
    
    
    
  Designed for exchanging encrypted messages between users. Uses Asymmetric Encryption. The sender encrypts his message with the public key of the recipient. The recipient decrypts the message with his private key. The keys are used the same as for signing and verifying the signature of messages in the contract code generated when creating the contract (Ed25519).
Contract manager.
Only information about the smart contract manager is stored on the PC. Information about the contracts created in it is stored in the smart contract (Manager) in the ton blockchain. The private key and address of the contract are stored. The private key is encrypted and decrypted by the manager’s private key.
    
    
    
  Only information about the smart contract manager is stored on the PC. Information about the contracts created in it is stored in the smart contract (Manager) in the ton blockchain. The private key and address of the contract are stored. The private key is encrypted and decrypted by the manager’s private key.
You have not added any comments yet...
  by rating
  
  
  
  
  
  
  
    
    
  
  
  
  
  
  
  
  
    
    
  
  
  
  
Issues
I personally do not think the idea of messenger over blockchain is a good option. I also mentioned in chat that this is not really good idea using asymmetric cryptography for encrypting the traffic between parties, so much better to replace it with Diffie-Hellfman
    
    
    
  This would be a Messenger for very rich people.
We found the following issue in the Messenger contract:
- Public contract keeps contact list in a dictionary indexed by public keys. It is possible to identify an internal message sent to the contract with a new public key (often it is possible to do even before it is sent) and advancingly send a message which will register the non-owned public key with a controlled address. The replies then will be sent to the controlled address and can't be read, but they can be relayed to the real address with some funds stolen in the process. The message will arrive successfully and noone will notice the "man in the middle" taking a commision for every relayed message.
    
    
    
  We found the following issue in the Messenger contract:
- Public contract keeps contact list in a dictionary indexed by public keys. It is possible to identify an internal message sent to the contract with a new public key (often it is possible to do even before it is sent) and advancingly send a message which will register the non-owned public key with a controlled address. The replies then will be sent to the controlled address and can't be read, but they can be relayed to the real address with some funds stolen in the process. The message will arrive successfully and noone will notice the "man in the middle" taking a commision for every relayed message.
Nobody added any issues yet...