Identifier: Core-SV-004
The whitelist could be bypassed by IP spoofing due to the way we determined the IP of a request. This could also be used to fill up the peer list with loopback IP addresses to cause a DoS attack and prevent block propagation.
Reported by: alessio
Use request.info.remoteAddress as provided by Hapi to get an IP of the peer.
Patch: ArkEcosystem/core#1695
Closed.
Release: https://github.com/ArkEcosystem/core/releases/tag/2.0.16