Bitcoin Forum
August 14, 2022, 06:05:09 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 77 »
1  Economy / Digital goods / Re: BitShop - cryptocurrency shopping cart script [PHP/MYSQL] (v1.1.2) on: October 08, 2018, 01:14:58 PM
Support is provided over on the official forum now: www.bitfreak.info/forum/
2  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW Thread | 1st mini-blockchain coin | SECURITY UPDATE! on: September 22, 2017, 10:45:24 AM
Using the new xcn is the perfect way out
OLD XCN replaced with new xcn
As I have previously stated I am working on a new coin coded from the ground up using a highly object orientated approach with cross-platform C++11 code and no large libraries like boost, but that will be at least a few months before I even have the foundations complete, and even after it's finished it will still be considered highly experimental. A coin like Cryptonite which at least has several years of history is going to be more trustworthy than a completely new coin, now that this bug has been patched I'd say Cryptonite is quite secure. I'm sure many people are going to be trying the exploit to see if they can get around our fixes, which will help us find any other holes in the protocol. Also I don't really think the attacker managed to shift the market a whole lot so it's not the end of the world, and we don't know how much of the funds were locked by exchanges, I'm sure the attacker would have triggered some alarm bells before being able to sell off all their coins.
3  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW Thread | 1st mini-blockchain coin | SECURITY UPDATE! on: September 22, 2017, 07:21:12 AM
Well it's not about a statement people are free to go or stay with; it is more about how you listen people's comments.

When it sayed this is an obvious bug, I got astonished. Obviously this coin wasn't well looked after. The suggestion I'd give is how you can show your devotion to plans of development, rather than just marketing plans (don't talk Bittrex or Poloniex anymore pls until get it). Convince people how this coin is going to make improvements, and continue to improve the stability to make sure likability of "obvious" bugs are going to be reduced by orders. High-tech is great, but reliability is the first priority on top of anything else.

I recalled few pages back people were still saying sync issue; I might be wrong that has been years and that can make people think something not right. Just get it done if not.
As pallas said the bug is only obvious when you know what to look for, there is a lot of code and without knowing what to look for it's very hard to pick out bugs, especially when neither of us were the original dev for Cryptonite. I developed the idea for the mini-blockchain several years ago but my C++ skills were lacking at the time so I hired a dev to create Cryptonite. The work was very rushed and he was working alone so there was bound to be some problems in the code, although I'm still quite suspicious of the original dev because it seems like he should have noticed this bug. Obviously it's embarrassing because a bug like this should not have been there in the first place. However we are lucky the attacker didn't do more damage then they did because they easily could have.
4  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW Thread | 1st mini-blockchain coin | SECURITY UPDATE! on: September 22, 2017, 07:12:13 AM
I talked to pallas  had problems with xcn, but he did not believe it

How do you deal with these problems now?
I am always in communication with pallas and we were not aware there was any serious issue until just recently when btc38 made us aware. There were bugs with the wallet but those issues were not linked to this attack.
5  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW Thread | 1st mini-blockchain coin | SECURITY UPDATE! on: September 21, 2017, 08:10:29 PM
The first example of the attack can be seen in this block: http://xcn-explorer.selektion21.de/?b=1007085

That block was mined late June, did this exploit have something to do with wallet problems during summer? I mean there were speculations about bad nodes and stuff like that?

About chinese exchanges, they are all going to close down. Not sure how many of those are going to have a new life somewhere else than in mainland china but it's safe to say that btc38 and bter are going to be closed soon.
I cannot really remember what was happening at that time but I don't think there was any active development on Cryptonite in that period and the block explorer was down, which is probably why it went unnoticed. I doubt the exploit had anything to do with wallet problems, the wallet has always been fairly buggy until recently, but many of those stability issues have been solved over the last few months.
6  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW Thread | 1st mini-blockchain coin | SECURITY UPDATE! on: September 21, 2017, 11:45:26 AM
Why is there no update on your website under Project Developer News since 2014 ?!
Most updates are made on this thread, Twitter, Slack, etc. I never really update the website except for the download page. I might just remove that page and a few others actually. I'm just very busy with several other projects which is why I'm not around much and why Pallas handles most Cryptonite stuff these days.
7  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW Thread | 1st mini-blockchain coin | SECURITY UPDATE! on: September 21, 2017, 08:08:09 AM
Ok guys now the main pool and many exchanges have updated to the new version I feel it's safe to release more information about exactly what happened.

Unfortunately it looks like btc38 is going to remove XCN based on that announcement. Btc38 were the ones who first realized something was wrong because they had a suspiciously high number of XCN in their exchange wallet. They notified us there was something wrong a few days ago and I coded up a blockchain analyzer to look for anything suspicious. I discovered that an attacker found a way to create transactions with outputs larger than the inputs, allowing the attacker to essentially create free coins. The first example of the attack can be seen in this block: http://xcn-explorer.selektion21.de/?b=1007085

They were able to generate a negative fee value because of an integer overflow bug, making it possible to have outputs larger than the input value. Obviously there were checks for integer overflows in place but some integers which should have been unsigned were left signed in the worst place possible, either intentionally or by simple mistake, by the original dev. It looks like the attacker spent most of the smaller outputs and left the massive outputs alone, the latest version should block those massive balances but I calculated they were able to get away with around 260 million XCN from the smaller outputs.

We gave btc38 and other exchanges a list of the addresses used by the attacker so they may have been able to freeze some of the attackers funds, based on my analysis it doesn't seem like there's a whole lot of transactions stemming off from the bad transactions. I also want to make it clear this bug has nothing to do with the mini-blockchain technology, the bug in the code was pretty obvious and quite easy to fix just by making some signed integers unsigned. Look at the latest changes on pallas's github to see exactly what we did to prevent this happening again.

In a few days I will release the source code for an XCN blockchain analyzer that I made to find the issue, it should also be useful for building an explorer that works efficiently. I will also release the javascript code I wrote some time ago for creating raw transactions and signing them, which I used to make sure our fix worked and should also be useful for creating a web wallet. Hopefully we can move past this even without too much issue, I was hoping our quick fix would be enough for btc38 not to drop XCN but I cannot blame them for being spooked by this, especially with the new laws in China.

The following is a list of blocks where the exploit was detected:

1007085, 1009490, 1035837, 1044220, 1052967, 1073572, 1103770, 1119219, 1139944, 1171685, 1188258, 1232798, 1246249, 1255968, 1271558, 1274983, 1278864, 1279894, 1281781, 1284716, 1286093, 1288597, 1290084, 1291824, 1294633, 1297819, 1298379, 1300671, 1302547, 1320111, 1320830, 1322596, 1323220, 1350726, 1360510, 1363161, 1364581, 1366301, 1366351, 1367675, 1369704, 1371786, 1373205, 1375144, 1377644
8  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW Thread! | 1st mini-blockchain coin on: May 06, 2017, 09:34:57 AM
Please update the original thread with a link to this one, so they know I'm "official" :-)
Original thread has been updated.
9  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW Thread! | 1st mini-blockchain coin on: May 05, 2017, 06:03:05 AM
I'm still around, was just visiting some relatives, back at home now.
10  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW THREAD! | 1st mini-blockchain coin | M7 PoW on: March 25, 2017, 06:46:42 AM
The only downsides are that the syncing process is a bit slow (when you sync from scratch or some older blockchain snapshot) and it sometimes freezes while syncing.
If you sync using an old snapshot it may take a while depending on how old your snapshot is because I believe it will try to download all the blocks it has missed. However doing a fresh sync should take about an hour or less if you have good network connectivity, which is very fast when you consider how long any other coin which is several years old will take to synchronize. I haven't synced Bitcoin in a very long time but I've read it now takes several days even with a fast connection.
11  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW THREAD! | 1st mini-blockchain coin | M7 PoW on: March 24, 2017, 03:24:10 PM
Hey guys, please give the new Windows wallet a try if you're on Windows, it should be a whole lot more stable now and syncing should work first try, but we want a bit of feedback so we know it will work for the exchanges (apparently some exchanges actually use Windows binaries). Even if you're using an old linux binary you should update your wallet because the sync fix by pallas will make syncing (from scratch) work better for all versions of the wallet.
12  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW THREAD! | 1st mini-blockchain coin | M7 PoW on: March 15, 2017, 05:05:21 AM
The wiki contains a brief explanation: http://cryptonite.info/wiki/index.php?title=Coinbase_account#64_bits_of_Granularity
13  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW THREAD! | 1st mini-blockchain coin | M7 PoW on: March 15, 2017, 03:44:26 AM
The coin amounts are so large because we use the full 64 bits of precision so have a much larger coin supply than most coins.
14  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite - NEW THREAD! | 1st mini-blockchain coin | M7 PoW on: March 05, 2017, 10:03:53 AM
I think that, when the sync bug is fixed, we will have no more issues with exchanges, hence why I'm having a dev work on it, and I will pay him bounty from my wallet (and from the people who will contribute).
I could do the fix myself, I just do not have enough time.
I will send you some XCN that I have, I don't have a whole lot so I might just send you all of it. I appreciate you guys trying to keep this coin alive in my absence. Some time ago I did try to figure out the sync issue by looking at the source code but it's so hard to understand such complex code especially when you didn't write that code yourself. I've been thinking seriously about writing a new coin from scratch using the MBC scheme along with some other stuff such as a quantum resistant signature scheme and the homomorphic encryption proposal by B.F. Franca (see this and this). I feel like if XCN did anything it has proven that the MBC scheme can work and isn't easy to exploit since it hasn't been done. I also think that when a coin is created from scratch it feels less like a simple clone of Bitcoin and people can appreciate it more, and it allows us to avoid all the issues inherent with the Bitcoin code. So much of the Bitcoin core code is also made redundant within the MBC scheme, like everything to do with scripts. The goal would be to create simple and elegant code that makes it easier to understand and modify. I would also prefer to avoid using Qt altogether, since the creation of GUI's should be a job for wallet software developers. That would also mean using a robust networking library instead of the one that comes with Qt. This is all just an idea right now, I'd like to hear what you guys think before going ahead with anything.
15  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite | 1st mini-blockchain coin | M7 PoW | No Premine on: January 02, 2017, 10:45:46 AM
Since whis was fixed soon after XCN release, it may be trivial to backport.
Could you point me to the commit on the bitcoin git? I will have a look.
I have previously tried looking for a specific commit which fixed the issue but couldn't seem to find one. I think the fix may have been included with some larger patch, I'm not really sure. I found several bug reports about random wallet corruption, such as this one, which were made around the start of 2014 and have the same error codes, however it seems they were closed without referencing a commit which solved the issue. I recall our core dev being stumped about the wallet corruption because he didn't change anything that could have caused it, so I'm fairly certain it is a bug inherited from Bitcoin.

This might be a bit more complex: do you have an idea what kind of work is needed for this?
Yes it wont be as simple as copying the Bitcoin implementation because we have the whole account tree thing. I have a rough idea as to what would be required, the hard part will be adapting all the changes Bitcoin has undergone in the last few years, much of the code has been overhauled to work in a very different way to how it worked when Cryptonite was forked from it, but many of those changes are necessary to make things like the parallel block downloading work properly.
16  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite | 1st mini-blockchain coin | M7 PoW | No Premine on: January 02, 2017, 08:22:31 AM
Since the original dev is around, i will be stepping back to let him resolve the issues.
I didn't code Cryptonite, I helped develop the concepts behind it and funded the development of it. If you read the first pages of this thread you will see we had a core dev but he's no longer around. As I've said before, not having a premine makes it hard to attract developers. I made a mistake assuming that open source developers would continue improving Cryptonite. My C++ skills are still fairly limited so it's unlikely I will be able to solve all these issues myself, but I am looking in the sync issues.

Based on some research I did a few days ago many of the bugs in Cryptonite have been carried over from Bitcoin. For example, there are Bitcoin bug reports about wallet corruption submitted around the time Cryptonite was forked from Bitcoin. The bugs are clearly related because even the error numbers and error messages are the same as the ones reported by people using Cryptonite. I think many of the bugs in Cryptonite could be solved simply by applying many of the fixes which have since been applied to Bitcoin.

The version of Bitcoin used to create Cryptonite also lacked several important features it has now. As I said earlier, the networking code was fairly poor and only allowed the blockchain to be downloaded from one peer at a time. Back then, Bitcoin also didn't download the block headers before downloading blocks, so it had to download blocks in order and couldn't do it in parallel.

Cryptonite was actually the first coin to implement the headers first approach, Bitcoin gained that feature shortly after the release of Cryptonite. However our headers first implementation was rushed and is not as robust as the Bitcoin implementation, and without good networking code we cannot download blocks in a parallel fashion from multiple peers at the same time, which is much faster and less error prone.

Once again I think many problems with Cryptonite could be solved by adapting the new networking code and new syncing code from Bitcoin so that the headers first synchronization works more smoothly. I am looking into how I can make some of these upgrades myself but like I said my skills are limited. Also I wont be back home for another day or two and I'm stuck with a slow laptop which doesn't have much of my software on it.

My point is, Cryptonite needs all the developers it can get right now. I know it's not easy to locate these bugs and fix them because it probably would have been done by someone by now. If we had the original dev it would probably be a lot easier to fix these issues but I doubt he will be coming back any time soon so we need other developers to keep Cryptonite alive.

I have been considering the idea of remaking Cryptonite and implementing a pre-mine, then allowing the old coins to be converted to the new coins, but I'm not exactly sure how that would be done in a fair manner. I'm not sure if that would really be a good idea but at least then we could provide a reason for devs to work on the new version of Cryptonite.
17  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite | 1st mini-blockchain coin | M7 PoW | No Premine on: December 30, 2016, 04:37:07 AM
For those people who asked to know more about the syncing process, here's a post I made a little while back:

The main difference really comes down to the fact the Bitcoin uses transaction scripting but Cryptonite doesn't. When you sync with Bitcoin you need to download the full blockchain in order to validate it and calculate your wallet balance because the inputs and outputs link the transactions together, which makes it difficult to prune old transactions.

For that same reason it can be slow to import a new private key into a bitcoind-based wallet because it needs to rescan the blockchain to recalculate the wallet balance. And that is why you simply cannot get the balance of any address which isn't in your wallet using bitcoind. However I think they've also recently remedied this problem a little bit with watch only addresses.

But I believe bitcoind still needs to perform a rescan after importing a watch only address in order to calculate the address balance, and I believe a Bitcoin wallet with pruning enabled wouldn't be able to perform those rescans because it wouldn't have the entire transaction history required to calculate the balances, because it has pruned that data.

The release notes for Bitcoin Core 0.11.0 stated that "Block pruning is currently incompatible with running a wallet due to the fact that block data is used for rescanning the wallet and importing keys or addresses (which require a rescan.)", and I'm uncertain if the situation has improved since then but they had plans for it.

I think I read some where not too long ago that they wanted to use a hash tree structure to store the unspent outputs and maybe even balances, some what similar to the "account tree" in Cryptonite, however I believe that would still require the full blockchain to be downloaded and scanned so the tree could be built, so syncing would still be very slow.

The main advantage with Cryptonite is that transactions don't link together, so all of them can safely be forgotten after a certain period of time. Instead of having to download the full blockchain, nodes only have to download a recent portion of the blockchain along with the account tree / balance sheet, with which they can become a full node.

The real trick is that the nodes share the account tree between themselves and they're able to use data embedded into the blockchain in order to verify the validity of their copy of the account tree. When a new block is accepted, transactions in the block will cause balances in the tree to be updated among all nodes so they all have the same copy of the balance sheet.

So when a transaction is being made, there is no need to reference what may be a very old transaction like with Bitcoin, instead the inputs and outputs of a transaction will simply reference address nodes in the account tree. It's a more purely mathematical approach without all the scripting on top, closer to how a normal banking system would work.

The consequences of this approach is that the balance of any address can be cheaply computed simply by looking up the balance of that address in the account tree, which all synced nodes will have an up-to-date copy of. It also means block pruning is completely compatible with using a wallet because blockchain rescans are not necessary.

Most importantly, it means that the time required for a new node to sync is vastly reduced, because instead of needing to download every transaction which has ever occurred, they only need to download transactions from the last week or so, along with the account tree which nodes are programmed to share, and they've got all they need to be a full node.

They will never have to worry about not having some old transaction which has been pruned from their disk because those transactions will never have to be referenced again. The account tree is a self contained balance sheet which tells a node essentially everything it needs to know in order to check balances and validate transactions.

Of course there are a lot of little finicky details like the inversion database which is required for undoing changes made to the account tree in the case of forking, and I would suggest reading the Cryptonite wiki if you want a deeper understanding of how it works. I tried to keep this explanation relatively simple so that it wasn't too hard to understand.
18  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite | 1st mini-blockchain coin | M7 PoW | No Premine on: December 27, 2016, 02:44:03 AM
@pallas: yeah the problems with syncing from scratch have existed for a long time. In my experience the best way to sync is to add a node which is already fully synced and working properly, and configured to share blocks. What exactly does syncing "from scratch" mean though? If you haven't started your XCN wallet in several months it will try to catch up by downloading all the blocks it missed but there's no guarantee any node will have blocks several months old. If you download Cryptonite for the first time or you delete your block files it wont attempt to download every block ever made, it will only download blocks from the last week, but it will download all the block headers (aka the "proof chain"). That process is also known to be fairly buggy from what I remember but I've gotten it to work many times.

@Blockchain Mechanic: well I pretty much just explained the syncing process to pallas. One of the other reasons I believe syncing is so problematic is because Cryptonite was forked from Bitcoin at a time when Bitcoin had rather crappy networking code. When syncing I believe it only downloads the blockchain from a single peer. Since then Bitcoin has obviously improved the networking code and it now downloads blocks in parallel from many different peers but Cryptonite is still stuck with that crappy code, I truly don't know why anyone would create it to work that way in the first place.

@dextronomous: yeah don't worry I'll probably put the block explorer back up, but first I need to recode it to work a bit differently. Like I said I cannot really do much until I get home but that's near the top of my to-do list.
19  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite | 1st mini-blockchain coin | M7 PoW | No Premine on: December 26, 2016, 01:58:17 AM
Cryptonite is not a Cryptonote coin, they have no relation.
20  Alternate cryptocurrencies / Announcements (Altcoins) / Re: [ANN][XCN] Cryptonite | 1st mini-blockchain coin | M7 PoW | No Premine on: December 25, 2016, 11:41:26 PM
What issues are they having exactly? I'm guessing the cause of the issue is one of these old bugs Cryptonite has always had, so solving those problems should solve a lot of other problems.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 77 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!