Bitcoin Forum

Alternate cryptocurrencies => Altcoin Discussion => Topic started by: Byte-Gox on April 12, 2013, 12:40:45 PM



Title: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Byte-Gox on April 12, 2013, 12:40:45 PM
Goog morning guys,

We are very happy to announce the release of the exchange (http://exchange.bytecoin.in)

It is still rough but the background is highly functional, but like in all betas, bugs are likely to show up.

Please use this thread to post all your feedback about the exchange and what changes/improvements you would like to see.

Enjoy!

Edit: IT experts, please test the site for security vulnerabilities. We want to make sure the exchange is rock solid. Thanks in advance


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Remember remember the 5th of November on April 12, 2013, 12:44:10 PM
BTE<->BTC?


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Byte-Gox on April 12, 2013, 12:51:18 PM
Correct!


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Walter Rothbard on April 12, 2013, 12:58:00 PM
Fantastic!


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Byte-Gox on April 12, 2013, 01:26:41 PM
IT experts, please test the site for security vulnerabilities. We want to make sure the exchange is rock solid. Thanks in advance


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: grc on April 12, 2013, 02:08:51 PM
IT experts, please test the site for security vulnerabilities. We want to make sure the exchange is rock solid. Thanks in advance

Trying to withdraw without any money gives a fatal error.

Also, I'd replace "username doesn't exist" and "incorrect password" with a less revealing message like "invalid username/password combination", but that's just me being fussy.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: grc on April 12, 2013, 02:55:57 PM
DO NOT USE THIS SITE YET

It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

Not to mention that in the process of testing it my 0.5 BTE magically turned into 0.005 BTE. I made one order to sell 0.5 BTE at a price of 0.1 (BTC per BTE I presume, but I can't be sure since are no units given for the price, amount or total). When I cancelled it, I only got 0.05 BTE back. I did a similar thing again and it further reduced my balance to 0.005 BTE.

So I'd definitely recommend avoiding this site for now/ever.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Remember remember the 5th of November on April 12, 2013, 03:17:08 PM
DO NOT USE THIS SITE

It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

Not to mention that in the process of testing it my 0.5 BTE magically turned into 0.005 BTE. I made one order to sell 0.5 BTE at a price of 0.1 (BTC per BTE I presume, but I can't be sure since are no units given for the price, amount or total). When I cancelled it, I only got 0.05 BTE back. I did a similar thing again and it further reduced my balance to 0.005 BTE.

So I'd definitely recommend avoiding this site for now/ever.
Best way to fix csrf is to use POST more(with some hidden randomly generated tokens) for most stuff, and less GET requests with dynamic data.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: crazy_rabbit on April 12, 2013, 03:25:31 PM
DO NOT USE THIS SITE

It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

Not to mention that in the process of testing it my 0.5 BTE magically turned into 0.005 BTE. I made one order to sell 0.5 BTE at a price of 0.1 (BTC per BTE I presume, but I can't be sure since are no units given for the price, amount or total). When I cancelled it, I only got 0.05 BTE back. I did a similar thing again and it further reduced my balance to 0.005 BTE.

So I'd definitely recommend avoiding this site for now/ever.

Wow you're a real jerk considering they asked for help pointing out security vulnerabilities and you go all ape-shit on them with your enormous red font.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: grc on April 12, 2013, 03:30:00 PM
Wow you're a real jerk considering they asked for help pointing out security vulnerabilities and you go all ape-shit on them with your enormous red font.

Sorry. I just don't want other people to lose money like I did.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Byte-Gox on April 12, 2013, 03:31:23 PM
Wow you're a real jerk considering they asked for help pointing out security vulnerabilities and you go all ape-shit on them with your enormous red font.

Sorry. I just don't want other people to lose money like I did.

How much did you lose?

Post your address


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: grc on April 12, 2013, 03:34:47 PM
Wow you're a real jerk considering they asked for help pointing out security vulnerabilities and you go all ape-shit on them with your enormous red font.

Sorry. I just don't want other people to lose money like I did.

How much did you lose?

Post your address

Not much at all. I just used a tiny bit while testing and lost almost most of it, so I wanted to warn others. I apologise if I was rude about it before.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: saigo on April 12, 2013, 03:47:08 PM

seems I have an emerald to sell - https://bitcointalk.org/index.php?topic=174455.20   :-\


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: brie on April 12, 2013, 04:47:31 PM
DO NOT USE THIS SITE YET
It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

I have an easy solution for the exchange to fix the biggest problem there.

Simply allow users to lock their payment address.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Rubberduckie on April 12, 2013, 06:34:36 PM
Goog morning guys,

We are very happy to announce the release of the exchange (http://exchange.bytecoin.in)

It is still rough but the background is highly functional, but like in all betas, bugs are likely to show up.

Please use this thread to post all your feedback about the exchange and what changes/improvements you would like to see.

Enjoy!

Edit: IT experts, please test the site for security vulnerabilities. We want to make sure the exchange is rock solid. Thanks in advance

nice work Sir :)


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Rubberduckie on April 12, 2013, 07:25:20 PM
Deposits and payouts work fine  :)


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: jhd on April 12, 2013, 09:17:05 PM
Thanx for it i try it soon :D


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Byte-Gox on April 12, 2013, 09:34:24 PM
Welcome guys!


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: blastbob on April 12, 2013, 10:05:12 PM
I am buying 3750 BTE! fill my order please.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: dust on April 12, 2013, 11:06:40 PM
DO NOT USE THIS SITE YET
It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

I have an easy solution for the exchange to fix the biggest problem there.

Simply allow users to lock their payment address.
The correct solution is to protect against all CSRF attacks.

I also recommend avoiding this site completely until this critical issue is fixed.  Any site you visit in the same browser could steal your entire balance with absolutely zero interaction from you.
EDIT: FIXED

Funny, the first thing I thought of after seeing this site was "it is probably vulnerable to CSRF".


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Ilikeham on April 13, 2013, 05:55:55 PM
exchange.bytecoin.in ?

I assume it's the same owners who have the pool that made my bytecoins go "poof" on withdrawal.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Byte-Gox on April 17, 2013, 11:21:31 AM
DO NOT USE THIS SITE YET
It is vulnerable to cross-site request forgery.

This basically means that if you are logged in to the exchange, any random site you visit can log you out, cancel your orders, possibly create new orders (haven't checked this one yet), or withdraw your money to the attacker's address (I have successfully done this with my own account).

I have an easy solution for the exchange to fix the biggest problem there.

Simply allow users to lock their payment address.
The correct solution is to protect against all CSRF attacks.

I also recommend avoiding this site completely until this critical issue is fixed.  Any site you visit in the same browser could steal your entire balance with absolutely zero interaction from you.

Funny, the first thing I thought of after seeing this site was "it is probably vulnerable to CSRF".

Issue Fixed!

And thanks to all for finding and reporting the bugs. We will continue to improve on it and we are always open to suggestions and feedback. No need to scream it in BIG RED FONT lol ;)


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Trading on April 17, 2013, 08:32:57 PM
We certainly need more exchanges to trade alt coins and, therefore, this initiative deserves praise. However, I think it would have more success with a more general accepted coin, like terracoin or ppcoin. Any plans to accept also these ones?


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Walter Rothbard on April 17, 2013, 09:05:37 PM
I notice you also added timestamps to the recent trade data, which is a big improvement, IMO.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: blastbob on April 18, 2013, 09:32:06 PM
Had an error when withdrawing BTC from the platform.. See your PM :)


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: bryanmills on April 19, 2013, 04:14:42 PM
Had an error when withdrawing BTC from the platform.. See your PM :)
Send me that to me also, i'll investigate your issue.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: blastbob on April 19, 2013, 04:54:00 PM
i got a rpc error somehow and nothing was sent, but amount was 0 after the error

Anyway it was only 0.06 BTC :)


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: bryanmills on April 19, 2013, 05:07:14 PM
All the bugs related to the withdrawals were fixed, thanks to all who reported me the issues. Oh and of course, the CSRF bug were fixed several days ago as ByteGox indicated above.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: c4n10 on April 19, 2013, 11:15:15 PM
I stopped by to check on my sale order and the exchange is displaying as a blank page for me...?


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Trading on April 20, 2013, 12:22:15 AM
It's clearly down.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: c4n10 on April 20, 2013, 12:24:57 AM
It's clearly down.

It's clearly not. pool.bytecoin.in is still up, bytecoin.in index page is still up and functional, there is nothing wrong with the site/server.

They have clearly removed the exchange and I would like more details (i.e. Is this permanent and if so can I get my coins back).


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Byte-Gox on April 20, 2013, 01:21:55 AM
It's clearly down.

It's clearly not. pool.bytecoin.in is still up, bytecoin.in index page is still up and functional, there is nothing wrong with the site/server.

They have clearly removed the exchange and I would like more details (i.e. Is this permanent and if so can I get my coins back).

Adding some improvements and fixing some bugs. Thanks for your patience and sorry for the inconvenience.

Should be up shortly.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: c4n10 on April 20, 2013, 01:23:20 AM
Adding some improvements and fixing some bugs. Thanks for your patience and sorry for the inconvenience.

Should be up shortly.

Sounds good!

Thank you for the update!


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: xorxor on April 20, 2013, 01:59:12 AM
these are up:

Account | Sell | Buy | Login | Register

this is down:

Main


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: weenfan on April 20, 2013, 03:40:46 AM
Everything seems to work except that you can't see the book now .. http://bytecoin.us.to:9000/ keep my emerald going .. :)


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: saigo on April 20, 2013, 05:21:07 AM
Everything seems to work except that you can't see the book now .. http://bytecoin.us.to:9000/ keep my emerald going .. :)

It reset on you :(  wanna buy a nice new shiny emerald ?


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: ehmdjii on April 20, 2013, 09:16:52 AM
is it normal to not see any orders if you are not logged in?

also, is there anywhere a graph where i can see the bte difficulty history?


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Walter Rothbard on April 22, 2013, 09:19:03 PM
I can't seem to log into this exchange or view it any more.  Is it gone permanently, or just having technical difficulties?


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Walter Rothbard on April 24, 2013, 06:06:08 PM
Is there any way we can get our money back out of this exchange?


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: jimmyk on April 24, 2013, 07:15:12 PM
I withdrew my coins yesterday and it worked fine.  Hope you get ur coins back.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: wmikrut on April 24, 2013, 07:19:26 PM
I could still withdraw/deposit it I wanted.
However, the main page is blank -- which is kind of strange... unless there is nothing to buy/sell.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: jimmyk on April 24, 2013, 07:24:26 PM
I could still withdraw/deposit it I wanted.
However, the main page is blank -- which is kind of strange... unless there is nothing to buy/sell.

When I logged in to get my deposit back my bid was still in... so there must be an error with the script, etc. otherwise it would've showed up on the main page.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Walter Rothbard on April 24, 2013, 10:08:33 PM
Never mind; I apparently hadn't tried logging in, since the main site appeared to be not displaying. :)  When I logged in, I finally saw that the BTE I sent days ago had finally been credited, and I was able to get it out.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: jimmyk on April 24, 2013, 10:21:21 PM
Never mind; I apparently hadn't tried logging in, since the main site appeared to be not displaying. :)  When I logged in, I finally saw that the BTE I sent days ago had finally been credited, and I was able to get it out.

Glad to hear you got your coins back.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Byte-Gox on April 27, 2013, 12:02:51 PM
Exchange is running again. Thank you all for your patience. :)


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Walter Rothbard on April 27, 2013, 01:32:54 PM
Exchange is running again. Thank you all for your patience. :)

Good to see you back.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: sal002 on May 02, 2013, 02:27:18 PM
I'll re-add Bytecoin to CoinChoose and point to this exchange for Bytecoin is someone can develop either a quick API to pull the latest pricing info or someone can quickly, in PHP, write a HTML scrapper to get the latest BYT to BTC conversion price.   Something simple like this - https://bter.com/api/1/ticker/frc_btc - would be great!


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: Bitcoin Socially on May 17, 2013, 08:30:36 PM
**BEWARE**

Byte-Gox has become a scammer and stole a lot of users coins using his pool and exchange.
Avoid pool.bytecoin.in (#post_) and exchange.bytecoin.in (#post_)... They are scam sites.


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: patrickquinn on May 21, 2013, 10:43:52 AM
You where given enough time. Its now time to refund your 'clients' before things get any worse. You clearly didn't know how to run a service, and that ok. You just need to be man enough to admit that fact and move on :)


Title: Re: [BETA] EXCHANGE.BYTECOIN.IN
Post by: fran2k on May 26, 2013, 09:29:39 PM
I'm having a problem while withdrawing BTCs.

Quote
Fatal error: Uncaught exception 'Exception' with message 'Request error: Array ( [c0de] => -4 [message] => Insufficient funds ) ' in /exchange/www/jsonRPCClient.php:145 Stack trace: #0 /exchange/www/account.php(94): jsonRPCClient->__call('sendtoaddress', Array) #1 /exchange/www/account.php(94): jsonRPCClient->sendtoaddress('1NN29fZtBeRVd7n...', 0.01114685) #2 {main} thrown in /exchange/www/jsonRPCClient.php on line 145'