Open
Description
As python-obelisk is a core part of OpenBazaar, I wanted to inquire about the threat model behind the obelisk protocol and how much of it is inherited in the python-obelisk client. In particular, how much trust does the python-obelisk client give to the obeliskd, and what is the server capable of doing under these assumptions?
Clearly, a malicious obeliskd could deny service. However, is it possible that they fake transactions, transaction amounts, and generally respond with inaccurate data in a way that the client isn't able to detect?
Thanks for your input.
Metadata
Metadata
Assignees
Labels
No labels