Suggested by: Alexey Chernyshov

  1. Suggestion Remove FindPeer query as it gets PeerId and returns PeerId. Therefore it is redundant.
  2. Suggestion SignedQueryRequest should have an AccountId. Right now it has only signature which is not connected to any account.
  3. Suggestion The messages in API should have API version. Introduce versioning for API.
  4. Suggestion The API and client libraries in different languages should be tested in CI on release.
  5. Bug There are no logs on the peer if tx is rejected.
  6. Suggestion Right now if the user has not been given any amount of asset (balance is zero), the query for their balance will return error instead of 0. The query behavior should be changed as it is not intuitive.
  7. Suggestion  Timestamp is sent as a string in query, might be better to send as a compact integer in scale encoding. In general all integers might benefit from scale compact encoding.
  8. Vulnerability Iroha is susceptible to a "Repeated transaction attack". If man in the middle catches a signed transaction. They can resend it and it will pass validation, therefore making changes for another user's account.
    It is suggested to check previous blocks for existence of this tx hash.
  • No labels