|
Title: Duplicate Shares Exploit -- Most Pools Affected Post by: hdmediaservices on May 19, 2015, 05:08:19 PM I have a feeling most Scrypt mining pools are still affected by the duplicate shares exploit.
Perhaps this topic will get the other ones moving to fix the exploit where a miner can submit duplicate shares -- receiving 2x, 3x, 4x or more credit for their mining share on a pool. The following Scrypt pools have FIXED the issue: 1. Hash-to-Coins.com 2. IPOMiner.com 3. Smarterhash.com 4. ????? Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: mrbodz on May 19, 2015, 11:05:45 PM ipominer has definitely fixed theirs. Me and wuher were discussing it a couple of weeks ago.
Ahmed Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: djm34 on May 19, 2015, 11:19:50 PM I have a feeling most Scrypt mining pools are still affected by the duplicate shares exploit. thanks for the tip ;D gpu will rule again scrypt soon ;DPerhaps this topic will get the other ones moving to fix the exploit where a miner can submit duplicate shares -- receiving 2x, 3x, 4x or more credit for their mining share on a pool. The following Scrypt pools have fixed the issue: 1. Hash-to-Coins.com 2. IPOMiner.com 3. ???? Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: zccopwrx on May 20, 2015, 12:23:41 PM This thread is all and dandy, but how about someone sharing actual details on the issue, and what branch of stratum has it repaired, and the proof of said repair?
Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: hdmediaservices on May 20, 2015, 03:25:27 PM Wow - all I can say is choose your pools wisely. Ask them if they have made the fix otherwise you could be cheated in your payments by someone else submitting duplicate shares. I'm not sure how this is fixed - as I'm not a coder, but it affects practically every pool out there. Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: zccopwrx on May 20, 2015, 05:10:57 PM Heres is a example of the fix.
To summarize, you need to force lowercase on all submitted shares. The exploit occurs when someone submits an valid share, then resubmits it and changes capitalization on any part of it (because shares are case insensitive to be valid) https://github.com/ahmedbodi/powerpool/commit/b82e8b5ec4c79c0bbf820c898fba246ccf273cb5 Now go on, fix all the pools! Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: Miner-TE on May 20, 2015, 06:44:28 PM Stratum-mining reportedly fixed 14 days ago.
https://github.com/Crypto-Expert/stratum-mining/commit/d5b4ffddf60117c177945e0ea544288e9a9b2db9 I have not heard reports of NOMP base pools being exploited and have been told NOMP is unaffected by this issue. Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: hdmediaservices on May 20, 2015, 07:34:00 PM This is good to know if true. Who has indicated that NOMP is unaffected? Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: mrbodz on May 20, 2015, 08:40:08 PM NOMP is affected. Ive checked it from what i can tell
Ahmed Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: hdmediaservices on May 20, 2015, 08:45:04 PM Perhaps this is why pool owners are being very very quiet about this exploit. Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: lifeforcepools on May 20, 2015, 08:46:34 PM http://pools.smarterhash.com pools have been patched to guard against this exploit.
Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: mrbodz on May 20, 2015, 11:05:46 PM Perhaps this is why pool owners are being very very quiet about this exploit. most just dont know about it. to put it bluntly. 99% of altcoin hash is in 1 place. suprnova. so he's the only one who should care about the patch Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: hdmediaservices on May 20, 2015, 11:30:29 PM LOL - Really? How much does SuprNova have total for Scrypt mining? As I'm not seeing much. Title: Re: Duplicate Shares Exploit -- Most Pools Affected Post by: Miner-TE on May 21, 2015, 01:07:29 AM Looks like I may have gotten wrong information on NOMP not being affected. Anyone have a modified miner to test with?
https://github.com/zone117x/node-open-mining-portal/issues/430 |