Closed
Description
The attack below seems to be a vulnerability:
User U broadcasts a transaction to which calls \mix to withdrawn funds from the mixer. A malicious Ethereum node A notices the transaction in the mempool, resigns and rebroadcasts it from his own Ethereum address (with a higher gas price).
If the resigned tx is executed first, A will receive the \mix output \vout.
If the above is a genuine vulnerability, the \mix parameters must be tied to the sender (via eth.sender.