|
|
|
|
|
|
by koolba
57 days ago
|
|
|
Even SHA pinning only lets you go one hop. If the pinned action itself uses any non pinned actions, you’re still susceptible. I don’t think this problem is fixable without a higher level way to specify the full nested tree. Something like TOFU for the first time your action ran (pinning all children as of that run) might be an improvement, but that is still can be gamed by a timed attack that modifies the action at a later date (literally, if time greater than X do …). |
|
|