nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
The staking contract accepts UpdateValidator transactions that set new_voting_key=Some(…) while omitting new_proof_of_knowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block justification verification aggregates validator voting keys and verifies a single aggregated BLS signature against that aggregate public key, a rogue-key voting key in the validator set can allow an attacker to forge a quorum-looking justification while …