so all of these "back ping connect failed to xxx.xxx.xxx.xxx" are indicative of other peers not being updated to new release? or swaths of malicious nodes?

well, "unhealthy nodes"

Typically it means those do not accept incoming connections.

ah. thank you

Do multisig wallets check the key images that are exported from other members to ensure that they're legit? Could a malicious actor send you junk key images that would lead your multisig wallet to have improper state? Would a malicious attacker be able to keep sending you junk key images to bloat your wallet with bad data?

If another multisig participant sends you data that causes you to generate wrong key images, your tx will be rejected.

If they do, what difference does it make compared to someone not sending you data anyway?

Extra time importing I guess. But worry not, you will not pay epsilon extra in fees.

I am not sure whether you can tell *who* sent you bad data however, if you're in a N/M with M >= 3.

Alex|LocalMonero: the current impl cannot detect bad key images until you make an invalid tx

the seraphis lib has robust legacy multisig key image recovery that could theoretically be used in wallet2 github.com/UkoeHB/monero/blob/67543…/tests/unit_tests/multisig.cpp#L305

moneromooo: UkoeHB the multisig wallet that RINO.io sets up for you where they hold one key and you hold the other key requires key images to be synced between the client and backend server. I'm thinking of a theoretical DoS vector where a malicious actor would spam the export/import key images API endpoint of the service with junk outputs to bloat the backend wallet to terabytes. Is this a realistic vector?

hm I'm not actually sure

possibly

What kind of spam do you have in mind ?

If it's wallet cache space, old data gets replaced.

If it's bandwidth, it's not the wallet's purview really.

Just keep posting bad key images over and over.

If you post bad key images over and over, the other side will never be able to send txes. But it's kinda "duh, of course", no ?

If the backend has no way to tell if the key images are bad or not then it's forced to store them regardless, and an attacker can bloat the backend database with terabytes of junk over time.

So, a counter to that vector would be to try to generate a tx for the full wallet balance without broadcasting, right?

<+moneromooo> If it's wallet cache space, old data gets replaced.

You'd have to double check to be 100% sure though. Just in case.

You'd have to broadcast, unless you wnat to add tx verification ability to the wallet.

Alex|LocalMonero: looking at the import_multisig() function it looks like it clamps the input data to the number of outputs your multisig owns. Then it just overwrites any preexisting data

Are unspent key images considered old data that gets replaced?

UkoeHB: Ah, that's great. That would prevent this vector.

however the endpoint itself may be overloaded to cause memory access error idk

does RPC restrict max payload size?

Alex|LocalMonero: Are unspent key images considered old data that gets replaced? -> yes it seems to overwrite everything