Include balances in hashes, and use separators.

[zw]

I haven't had time to review your code yet, so sorry if you've already done this, but I was just checking inbound links to my description page for the technique (your implementation predates this; might be worth a read, to compare notes!) and found someone pointing out the same buglet that was recently fixed in my and olalonde's implementations. I had a very quick look for issues or pulls merged, but it looks like the guy either didn't tell you or used other channels to tell you.

[ConceptPending]

No one contacted me about this, but I will take a look and look at fixing tonight.

Thanks for the heads up.

As part of any implementation of this type of system, the site holding customer funds should be using hashes that are provably unique to that customer. It should be standard that your leaf hash be constructed in some deterministic (but outside the site's manipulation) method like hash(email + balance + timestamp).

Preferred methods of doing this should probably be part of the documentation with a request that the site display the method they are using in a details section.