From 539ca4cf15e7588771ae76cfff2d5e24580988a5 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Tue, 11 Dec 2018 10:12:29 +0000 Subject: [PATCH] Update proposals/1442-state-resolution.md Co-Authored-By: erikjohnston --- proposals/1442-state-resolution.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/1442-state-resolution.md b/proposals/1442-state-resolution.md index ed789215..bded8e6e 100644 --- a/proposals/1442-state-resolution.md +++ b/proposals/1442-state-resolution.md @@ -470,7 +470,7 @@ Intuitively using rejected events feels dangerous, however: that allows said event. A malicious server could therefore produce a fork where it claims the state is that particular set of state, duplicate the rejected event to point to that fork, and send the event. The - duplicated event will pass auth. Therefore ignoring rejected events wouldn't + duplicated event would then pass the auth checks. Ignoring rejected events would therefore not reduce any potential attack vectors We specifically don't use rejected auth events in the iterative auth checks, as