 Show Posts
|
|
Pages: [1]
|
Thanks. The message signature does not work yet.
Writes an error: wrong signature.
Which bot is that? At first I couldn't sign my address in Draw Airdrop with message: unknown fields. But then I found out that signing your address is impossible in any bot now. Draw bot has not been upgraded yet but the draw is suspended anyway. What other bots did you try? Signing an address isn't possible in real name attestation bot. wrong signature |
|
|
|
Thanks. The message signature does not work yet.
Writes an error: wrong signature.
Which bot is that? At first I couldn't sign my address in Draw Airdrop with message: unknown fields. But then I found out that signing your address is impossible in any bot now. |
|
|
|
After updating, when I try to add a new chat bat, I see this error:
An exception occurred: TypeError: Cannot read property 'replace' of undefined; cause: undefined
I tried to create a new wallet and I can not add any chat bot for the same error.
PS Win64/32
while that gets fixed, you can add bots through that page https://obyte.io/botsThanks. The message signature does not work yet. Writes an error: wrong signature. |
|
|
|
An important security update is released. It fixes two serious vulnerabilities discovered and reported to us by security researcher pearl: * text messages in chat were incorrectly handled which allowed attackers to execute arbitrary code on victim's wallet. An attacker could supply arbitrary code in angularjs {{}} expressions and the victim's wallet would evaluate it. The attack vector could be used to steal the private keys. The vulnerability existed in all versions of Obyte wallet since the first release in 2016. However, to exploit the vulnerability, an attacker needs to first trick the victim to pair with the attacker's wallet or chatbot. Users who had their wallets protected with a good password and seed words deleted were better protected against such an attack. We have no reports of this vulnerability being actually exploited. The fix makes sure that user input is always treated as text and never evaluated. * restore from full backup function allowed file paths with directory traversal (../) characters in backup archive, which could enable an attacker to overwrite important user files, such as .bashrc. on Linux. The vulnerability existed in all versions of Obyte wallet since restore from full backup was introduced in mid 2017. However, to exploit the vulnerability, an attacker needs to first trick the victim to restore from a maliciously crafted backup file. We have no reports of this vulnerability being actually exploited. The fix checks for directory traversal characters in file paths in the backup archive and ignores such files. Since the two vulnerabilities are now publicly disclosed and each can be used to inflict serious damage to Obyte users who are not aware of them yet, the hub at obyte.org will refuse connections from non-upgraded wallets to keep them safe. All known operators of other hubs have been notified and recommended to apply the same policy. Only GUI wallets are affected by the vulnerabilities and the upgrade is mandatory for them, headless nodes (wallets, hubs, relays) are not affected. Please upgrade https://github.com/byteball/obyte-gui-wallet/releasesAfter updating, when I try to add a new chat bat, I see this error: An exception occurred: TypeError: Cannot read property 'replace' of undefined; cause: undefined I tried to create a new wallet and I can not add any chat bot for the same error. PS Win64/32 |
|
|
|
Я уже задавал вопрос в англоговорящей теме... Возможно тут получится получить более точный ответ  У меня есть байты, замороженные в смарт контракте до августа месяца 2019 года. Я привлекал людей в байт из Steem через реферальную программу. Мои байты заморожены в умном контракте, фактически, они не у меня на кошельке. 1. Что будет с байтами во время форка в таком случае? 2. Получу ли я такой же смарт контракт в сети ObyteCash? 3. Смогу ли я участвовать в аир-дропе? 4. Будут-ли средства в смарт-контракте все так же заморожены на год? Спасибо большое за ответы! |
|
|
|
|
Hello!
Congratulations, but:
At least 12 hours the links for downloading the wallet from obyte.org do not work!
Authorization Required Error
|
|
|
|
Thanks for keeping an eye on it! Addresses referred by wgf90cxkyv are now removed from the draw. Please let us know if you find any other signs of fraudulent activity.
OK! Please answer two questions: 1. I am an STEEM referrer and I am interested in: are you going to reward users who have registered after July 12? Half a year has passed since the launch of the bridge and many people were registered after this date, and gain the necessary reputation now. These users will not be rewarded anyway and their refer too. 2. Can I use BYTES frozen in a smart contract with steem attestation bot or real name attestation bot in Weekly Draw? Is it technically possible and are you going to add such support? Thank you very much for your reply, with interest in your product. |
|
|
|
|
Hello!
I have a supposition that some refers are abusing Weekly Draw!
There are refers who invite only attested users and this users immediately deposits exactly 10 GB. (Strange? They at least need to check.)
Detailed example of suspicious activity:
refer: wgf90cxkyv
total points: ~120
SIAYZE2S5XYEQVKMELGCB6VPWTYQLZPV 11,14164851 GB 10,11416485 points attested
5HYF4SU3RE77AF2O3GRFKRYECLUIRWCQ 10,24234144 GB 10,02423414 points attested
VYODIKMHCJ23ME64AHT7ONFO7WDNQANG 10,04170996 GB 10,004171 points attested
YXNQJWRRYYIBVDKUJ7TPZZBUJS5NBMXD 10,04016838 GB 10,00401684 points attested
LBQY6G32RJLX3LBTT6BIZCJSCAMIQKGV 10,03219945 GB 10,00321994 points attested
DF2MEN5W5AGPSJBH5VD7IP2STRQ5QQQC 10,03128896 GB 10,0031289 points attested
UJCHIFDYHWGYZ5XTJC5WCODELO5D4XMW 10,03075751 GB 10,00307575 points attested
HPPBG7SF6AKJ23QHYW34NSFSRVYFICU7 10,03034243 GB 10,00303424 points attested
K4SJX3MD4KDZFQAQWPAKQJQCEQ2BARXX 9,993271883 GB 9,993271883 points attested
AJM3H7SQ6FL257OKSSQY6552DVYXXGGG 9,952617925 GB 9,952617925 points attested
VMA6KDBSTVO4X5Q5R2ZHPU752WLEXSZL 9,936239608 GB 9,936239608 points attested
DO357MNXND52NDOMTQ7C5WQEFX6PAMMG 9,493648553 GB 9,493648553 points attested
MBMYKHMGVRTYADKYEUXPLC7U5RF3FWTG 0,331288957 GB 0,331288957 points attested
MZGV3CBSTRNQAV2EVQUKAHOVQADDKCZO 0,244172757 GB 0,244172757 points attested
CZBHTUGC2FYQMPDUHWOHKB6DP7AMQUTM 0 GB 0 points attested
Also need to check: z2rjatm4w4, t8y0q0cjbe, rh8to5u9jm, o9t64ovhy5
Surface analysis revealed suspicious activity: ~300 points (>more than 10% chance to win)
I apologize if I hurt the feelings of real referrals. Such activity seems suspicious. It needs to be checked.
If this makes sense, I can conduct an in-depth analysis of suspicious activity, find a pattern between transfers to find more potential abuse.
|
|
|
|
Good. Thank! It seems I understand a little more.
And what else does that shared address (based on hash of smart-contract definition) do?
For example, in my smart wallet 5 GB frozen for a year.
Can I use this smart wallet in Weekly Draw? Or is it theoretically impossible?
That would be cool, but I don't know if it's possible because if that smart-contract is between you and steem attestation bot then draw bot has no idea what this address is about until somebody withdraws from it. Maybe it could guess that it's locked reward address by who funded it, but I am not sure. Do you know anyone who can help us figure it out? The idea can be really great and can help more users participate in Weekly Draw. If I try to add my smart wallet to the Weekly Draw, I cannot sign the message that I own this wallet. (When I try to make a transfer from this wallet is not the same as signing a message?). Or how to sign a message with a smart wallet forcibly? |
|
|
|
Hi, help me understand please: I have a main wallet. I can export its private key through the wallet seed. I also have a smart wallet created with the Steem Attestation Bot. There are money that I can’t spend until the conditions of the smart contract (1 year of freezing). My question is: Does this smart wallet have its own private key? How can I export it separately? (Smart wallet seed?) Do I own the address of the smart wallet that Steem Attestation Bot created? PS I know that I can make a full backup copy. The question is not about this now. I know that money earlier than the terms of the contract will not be fulfilled. Thanks for answers. Smart-contracts (until they are not spent), contacts, private attestation profile data are all private data and only stored in your wallet, so it can't be backed up with seed words, but only with full backup. Seed words (user friendly version of private key) can restore only data that is on public DAG. When you create a smart-contract then the contract definition is only stored in wallet of both participant side. The definition is posted to DAG only when either side spends from that smart-contract because that's when other nodes need to validated if the transaction is valid. So, it doesn't have separate private key and cannot be exported separately, it just doesn't have all the public data in DAG when created. Restore from full backup and create full backups after every time you create a smart-contract/multi-sig/attestation that you can't afford to lose. Thank you very much for your answer. I'm just starting to understand how a byte ball works. Help me to understand. Why is the address of my smart contract (in which money is stored with Steam attestation) completely identical with my usual address and also visible in the blockchain if it is private information? That is shared address (based on hash of smart-contract definition) and you can see who deposited bytes to that address on explorer, but the definition is only in your and bots wallet. Definition is private only until somebody spends from it, so until you have not withdraw bytes from smart-contract to your actual wallet, others can't see what are the conditions of the smart-contract, this private info becomes available on Explorer when you have withdrawn (1 year from attestation) or bot has withdrawn (2 years from attestation). If you see the smart-contract address in your Receive tab then it probably means that you have selected the sub-wallet (smart-contract), you need to click the down arrow after wallet address and select your main wallet to see or spend from your main wallet. Good. Thank! It seems I understand a little more. And what else does that shared address (based on hash of smart-contract definition) do? For example, in my smart wallet 5 GB frozen for a year. Can I use this smart wallet in Weekly Draw? Or is it theoretically impossible? |
|
|
|
Hi, help me understand please: I have a main wallet. I can export its private key through the wallet seed. I also have a smart wallet created with the Steem Attestation Bot. There are money that I can’t spend until the conditions of the smart contract (1 year of freezing). My question is: Does this smart wallet have its own private key? How can I export it separately? (Smart wallet seed?) Do I own the address of the smart wallet that Steem Attestation Bot created? PS I know that I can make a full backup copy. The question is not about this now. I know that money earlier than the terms of the contract will not be fulfilled. Thanks for answers. Smart-contracts (until they are not spent), contacts, private attestation profile data are all private data and only stored in your wallet, so it can't be backed up with seed words, but only with full backup. Seed words (user friendly version of private key) can restore only data that is on public DAG. When you create a smart-contract then the contract definition is only stored in wallet of both participant side. The definition is posted to DAG only when either side spends from that smart-contract because that's when other nodes need to validated if the transaction is valid. So, it doesn't have separate private key and cannot be exported separately, it just doesn't have all the public data in DAG when created. Restore from full backup and create full backups after every time you create a smart-contract/multi-sig/attestation that you can't afford to lose. Thank you very much for your answer. I'm just starting to understand how a byte ball works. Help me to understand. Why is the address of my smart contract (in which money is stored with Steam attestation) completely identical with my usual address and also visible in the blockchain if it is private information? |
|
|
|
Hi, help me understand please: I have a main wallet. I can export its private key through the wallet seed. I also have a smart wallet created with the Steem Attestation Bot. There are money that I can’t spend until the conditions of the smart contract (1 year of freezing). My question is: Does this smart wallet have its own private key? How can I export it separately? (Smart wallet seed?) Do I own the address of the smart wallet that Steem Attestation Bot created? PS I know that I can make a full backup copy. The question is not about this now. I know that money earlier than the terms of the contract will not be fulfilled. Thanks for answers. |
|
|
|
|
