Reject failed object block submit results by MoneroOcean · Pull Request #131 · MoneroOcean/nodejs-pool

MoneroOcean · 2026-05-19T03:51:49Z

Fix a logic regression where non-main-coin RPC responses with any defined result (including rejection objects such as {status: "FAILED"}) were treated as successful block submissions and caused the pool to skip local slow-hash verification.
Prevent miners from exploiting that behavior to credit forged high-difficulty shares or cause undefined block hashes for some coin-specific paths.

Tighten the default block-submit acceptance predicate in lib/coins/core/factories.js by changing acceptDefinedResult to return false for absent rpcResult.result and to reject result objects that lack a block_id and whose status is not "OK".
Add assertions to tests/pool/coin/submitters.js to cover rejection-shaped results and to verify status: "OK" and explicit block_id cases remain accepted.
Commit message: Reject failed object block submit results.

Ran syntax checks with node --check lib/coins/core/factories.js && node --check tests/pool/coin/submitters.js, which succeeded.
Attempted the targeted test run with npm test -- --test-name-pattern="dero block submit handlers|pool coin helpers: submitters", but it was blocked because protocol-buffers (a dependency required by the test harness) is not installed.
Attempted npm install to populate dependencies but it failed with a registry 403 Forbidden for crypto-js, preventing full test execution in this environment.

Reject failed object block submit results

4dad716

MoneroOcean added aardvark codex labels May 19, 2026 — with ChatGPT Codex Connector

MoneroOcean added aardvark codex and removed aardvark codex labels May 19, 2026

MoneroOcean merged commit eea5620 into master May 19, 2026
1 check passed

MoneroOcean deleted the codex/fix-vulnerability-in-block-submission-logic branch May 19, 2026 03:54

Provide feedback