|
Title: PIVX and possibly 200 other blockchains vulnerable to bug Post by: qwizzie on August 13, 2019, 07:18:49 PM https://i.imgur.com/FfeFIpG.jpg
Source picture : Cointelegraph article itself Read more here : https://cointelegraph.com/news/pivx-possibly-other-pos-chains-vulnerable-to-bug-attackers-profit Note : PIVX is a fork of Dash (forked from Dash v0.12.0.x) and is using a custom proof of stake (PoS) model. Both PIVX and over 200 other PoS blockchains appear to be vulnerable to disproportionately high staking rewards. Dash on the other hand does not have this vulnerability, because Dash has a proof of work (PoW) model. Bitgreen (a PoS altcoin running on PIVX) stated it will start planning a migration from PIVX to Dash. Quote As a final solution, the BitGreen project plans to migrate from the still-vulnerable PIVX network to DASH on its next update Link : https://beincrypto.com/pivx-response-to-network-vulnerability-casts-doubt-on-project/ Update : https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/ Title: Re: PIVX and possibly 200 other blockchains vulnerable to bug Post by: qwizzie on August 13, 2019, 07:56:43 PM https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/
Quote The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past. However, my gut says there is a fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network, but rather is in the nature of the Proof of Stake itself Looks like those "200 other blockchains" figure is on the conservative side :o Title: Re: PIVX and possibly 200 other blockchains vulnerable to bug Post by: Khaos77 on August 14, 2019, 02:41:32 AM https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/ Quote The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past. However, my gut says there is a fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network, but rather is in the nature of the Proof of Stake itself Looks like those "200 other blockchains" figure is on the conservative side :o So far no proof of stake coins running with coin-age have been proven vulnerable. Coins such as ZEIT use PoS version 1 with coin-age. Proof of Stake Version 1 : Used Coin-Age Proof of Stake Version 2 : Removed Coin-Age and moved to block depth Proof of Stake Version 3: Used Block Depth and other modifications So far only PoS V3 coins have been shown to be affected. Since Pivx did not actually fix their issue , the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did. Title: Re: PIVX and possibly 200 other blockchains vulnerable to bug Post by: qwizzie on August 14, 2019, 04:08:50 AM https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/ Quote The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past. However, my gut says there is a fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network, but rather is in the nature of the Proof of Stake itself Looks like those "200 other blockchains" figure is on the conservative side :o So far no proof of stake coins running with coin-age have been proven vulnerable. Coins such as ZEIT use PoS version 1 with coin-age. Proof of Stake Version 1 : Used Coin-Age Proof of Stake Version 2 : Removed Coin-Age and moved to block depth Proof of Stake Version 3: Used Block Depth and other modifications So far only PoS V3 coins have been shown to be affected. Since Pivx did not actually fix their issue , the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did. Interesting information, thank you. Title: Re: PIVX and possibly 200 other blockchains vulnerable to bug Post by: Khaos77 on August 14, 2019, 04:22:21 AM https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/ Quote The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past. However, my gut says there is a fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network, but rather is in the nature of the Proof of Stake itself Looks like those "200 other blockchains" figure is on the conservative side :o So far no proof of stake coins running with coin-age have been proven vulnerable. Coins such as ZEIT use PoS version 1 with coin-age. Proof of Stake Version 1 : Used Coin-Age Proof of Stake Version 2 : Removed Coin-Age and moved to block depth Proof of Stake Version 3: Used Block Depth and other modifications So far only PoS V3 coins have been shown to be affected. Since Pivx did not actually fix their issue , the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did. Interesting information, thank you. Pivx Team released a response to the article. https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/ Quote There are some discrepancies with that Mr. Yoon seems to be basing his conclusions on. There is more than 87 coins in this wallet. It’s over 11k. Main Address DHagKZ4ByFgxXe3txYysxqG5x6PvcSmwQS Owner Unknown Balance 11,625.05234493 PIVX Addresses 100 with non zero-balance 100 Hmm, Discrepancy According to https://chainz.cryptoid.info/pivx/address.dws?DCLsuSttqkWABZkNvVHNbRFxWtTTHXYRMS.htm Balance appears to be Quote Balance 90.12076074 PIVX not the amount claimed by the Pivx devs, :PTitle: Re: PIVX and possibly 200 other blockchains vulnerable to bug Post by: qwizzie on August 14, 2019, 04:27:20 AM Pivx Team released a response to the article. https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/ Quote There are some discrepancies with that Mr. Yoon seems to be basing his conclusions on. There is more than 87 coins in this wallet. It’s over 11k. Main Address DHagKZ4ByFgxXe3txYysxqG5x6PvcSmwQS Owner Unknown Balance 11,625.05234493 PIVX Addresses 100 with non zero-balance 100 Hmm, Discrepancy According to https://chainz.cryptoid.info/pivx/address.dws?DCLsuSttqkWABZkNvVHNbRFxWtTTHXYRMS.htm Balance appears to be Quote Balance 90.12076074 PIVX not the amount claimed by the Pivx devs, :PYeah, i was wondering about that myself (i did not check the addresses though). Below seems to summarize the main problem by the way : https://i.imgur.com/EjdXS0v.jpg Link : https://www.reddit.com/r/pivx/comments/cpy3ea/a_response_to_the_article_pivx_and_200_pos_chains/ Title: Re: PIVX and possibly 200 other blockchains vulnerable to bug Post by: bathrobehero on August 14, 2019, 12:05:41 PM Yeah, i was wondering about that myself (i did not check the addresses though). Below seems to summarize the main problem by the way : https://i.imgur.com/EjdXS0v.jpg Link : https://www.reddit.com/r/pivx/comments/cpy3ea/a_response_to_the_article_pivx_and_200_pos_chains/ Whoa, did not expect to see myself quoted from reddit. I'm very curious how long the fix will take and if they decide to punish the offenders in any way. |
