Title: TerraCoin (Not NovaCoin/PPCoin) exploit: difficulty/reward coaster Post by: tacotime on February 25, 2013, 04:20:33 PM Brief description of the exploit
Difficulty and reward adjust per block for NovaCoin and PPCoin (see main.cpp). By mining every other block and having a large hash power (ideally as large as possible), difficulty may be kept low and reward may be kept high for the person with the high hash power. This is because there is a maximum cap on difficulty change for each round. The higher the hashing power, the more the exploiter benefits. Code (Unix, python 2.7, Novacoin targeting) Code: from subprocess import Popen, PIPE, STDOUT Code (Windows, python 2.7, Novacoin targeting) Code: from subprocess import Popen, PIPE, STDOUT Requires the following files to exist: novacoind (or ppcoind) executable that is running prior to executing the python code above reaper executable reaper.conf (configured as per normal) novamine.conf: Code: host novacoinhost Code: host litecoinhost Code:
Notes - The exploit is made doubly beneficial by inducing both decreased difficulty and increased block reward for the attacker, as per NVC/PPCs algorithms for adjustment - Solo miners with high hash rates especially benefit - The attack is easily identified by watching the network block rate and difficulty/block reward - The attack can be collusional; if lots of miners run it, it benefits all of them by giving them more coins for less electricity - The attack should also work on round-based proportional pay-per-share pools - The attack screws up PPS pools that are smaller than the attacker's hash power, because the pool will likely only get every other block - Such an attack is avoidable by making retarget based on a larger span of blocks, hence why bitcoin chose two week retarget times - The attack has previously been observed on the litecoin network, but is especially easy to implement here because of per-block retargeting - To use cgminer, simply put 'cgminer --your_args' in the lines labeled: miner_cmd = 'whatever' Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: Sunny King on February 25, 2013, 04:49:46 PM How much advantage are you expecting exactly with this 'exploit' say if you have 50% of network hash power to collude?
The difficulty is computed based on a one-week moving average so it should be reasonably stable (comparable to litecoin's 3.5 day average). I'd say it's more of a problem with bitcoin's algorithm demonstrated clearly by freicoin and many other altcoins before it (including litecoin). Mine the heck with low difficulty for a day then stop for 3 months. Sure enough you can write a script for terracoin to take advantage of its difficulty jumps as well, likely gaining more advantage than the scheme you described here for PPC/NVC. Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: tacotime on February 25, 2013, 04:56:02 PM Maybe I misunderstood your code; retargets are based on a one week moving average?
This is from your main.cpp: Code: // ppcoin: target change every block It's a little convoluted, help me out? edit: Even if you base it on a one week moving average, with 50% of the network running the script wouldn't you achieve a disproportionate increase in block reward per amount of work required to find a block? Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: Sunny King on February 25, 2013, 05:10:14 PM Code: static const int64 nTargetTimespan = 7 * 24 * 60 * 60; // one week You can read https://en.wikipedia.org/wiki/Exponential_moving_average#Exponential_moving_average for the concept of exponential moving average. I used a variation of it for ppcoin's difficulty adjustment. Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: Sunny King on February 25, 2013, 05:21:30 PM edit: Even if you base it on a one week moving average, with 50% of the network running the script wouldn't you achieve a disproportionate increase in block reward per amount of work required to find a block? Not much, as say you mine odd block average every 5 minutes, even block average 15 minutes. The difficulty would remain relatively stable overall, but the average difficulty of odd blocks would be smaller than those of even blocks because of continuous adjustment (this is true for any continuous adjustment e.g. devcoin). But it's only slightly lower (say 1% magnitude) if the sampling interval is long enough. Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: tacotime on February 25, 2013, 05:29:05 PM Okay, so weighting factors decrease exponentially, that is, the farther towards the end of the week the values go from the present, the less they influence the difficulty. So, a possible attack would be to mine with high hash rate for 2 days, wait 5 days until the high hash rate has barely any impact on the present difficulty, and repeat?
Additionally, because of Code: // ppcoin: subsidy is cut in half every 16x multiply of difficulty Code: if (output_j['blocks'] % 2 == 0): Code: if (output_j['blocks'] % 16 == 0): edit: Sorry, made lots of edits for clarity/typos. I agree that the exploit as posted in the OP doesn't work as stated because of how I understood your adjustment algorithm, but it should work by mining for 288 PPC/NVC blocks followed by mining something else for 720 PPC/NVC blocks and then hopping back on the chain. I guess this is more analogous to pool hopping than anything else. Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: Sunny King on February 25, 2013, 06:24:09 PM Block reward is a function of difficulty, nothing to do with block height.
Sure you can mine 2 days and push up the difficulty, then stop. Mind you this is an existing problem with all bitcoin forks. Even litecoin is subject to huge oscillations of difficulty in 50% range. The continuous adjustment alleviates this problem, by immediately raising difficulty gradually, also for ppcoin it also lowers the block subsidy in the process. So it is actually less advantageous for the strategy. Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: tacotime on February 25, 2013, 06:50:55 PM Right. Okay, I'll try and fix this by the end of the week. The neat thing about PPC/NVC is that it helps with hopping between chains because there are no present difficulty change times, so you can just hop on at any time to the chain and begin ramping up the difficulty. This is in contrast to BTC or LTC in which difficulty adjustments occur at fixed periods. Because of the fixed periods, it'd be more difficult to get the chains to coincide with one another. Thus, per-block difficulty adjustment seems to encourage block chain hopping, especially as the number of chains exist that use it increase.
Anyway, it'd go something like this: Mine NVC for 288 blocks Mine PPC for 288 blocks Wait for LTC to adjust difficulty, then hop on to that chain and mine for 2016 blocks if (NVC has mined at least 720 blocks since) mine for 288 blocks else wait if (PPC has mined at least 720 blocks since) mine for 288 blocks else wait Wait for LTC to adjust difficulty, then hop on to that chain and mine for 2016 blocks etc The more chains there are the greater benefit to the person manipulating the difficulty, especially if these chains have per-block difficulty adjustments because the amount of time spent waiting is decreased Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: crazy_rabbit on February 25, 2013, 07:01:48 PM Block reward is a function of difficulty, nothing to do with block height. Sure you can mine 2 days and push up the difficulty, then stop. Mind you this is an existing problem with all bitcoin forks. Even litecoin is subject to huge oscillations of difficulty in 50% range. The continuous adjustment alleviates this problem, by immediately raising difficulty gradually, also for ppcoin it also lowers the block subsidy in the process. So it is actually less advantageous for the strategy. Is this a problem with Terracoin? It was my understanding that the retarget rate is so much quicker that it would settle pretty quickly once you jumped off the chain. Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: tacotime on February 25, 2013, 07:05:08 PM Is this a problem with Terracoin? It was my understanding that the retarget rate is so much quicker that it would settle pretty quickly once you jumped off the chain. The shorter the retarget time, the more susceptible a chain is to this sort of exploitation; for TRC you would just adjust the code above to mine TRC for 30 blocks, mine something else for the next 30 blocks, then hop onto TRC again. This is why retarget times should NEVER be set too short. The code (I guess) would be Code: floor((blockheight) / 30) % 2 == 0 I was mistaken as thought that PPC retargeted per block with a small maximum decrease or increase, but it actually adjusts difficulty based on the rolling exponential average for the past 1008 blocks. Title: Re: NovaCoin/PPCoin exploit: difficulty/reward coaster Post by: crazy_rabbit on March 26, 2013, 06:34:22 AM Is this a problem with Terracoin? It was my understanding that the retarget rate is so much quicker that it would settle pretty quickly once you jumped off the chain. The shorter the retarget time, the more susceptible a chain is to this sort of exploitation; for TRC you would just adjust the code above to mine TRC for 30 blocks, mine something else for the next 30 blocks, then hop onto TRC again. This is why retarget times should NEVER be set too short. The code (I guess) would be Code: floor((blockheight) / 30) % 2 == 0 I was mistaken as thought that PPC retargeted per block with a small maximum decrease or increase, but it actually adjusts difficulty based on the rolling exponential average for the past 1008 blocks. We are talking about the pros'/cons' of this over here: https://bitcointalk.org/index.php?topic=157449.new#new Title: Re: TerraCoin (Not NovaCoin/PPCoin) exploit: difficulty/reward coaster Post by: mr_random on March 26, 2013, 07:56:29 PM Interesting...
|