Bitcoin Forum
November 06, 2024, 11:15:27 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bug in Stratum Mining Software  (Read 3602 times)
denis2342 (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0



View Profile WWW
March 24, 2015, 06:58:49 PM
 #1

Hi

The Stratum Mining Software has a serious bug. It allows a Miner to send the same share several times without the duplicate check detecting it. With clever programming this can be more than 1000 shares that it should be in the worst case. Normally it is possible to get eight times the shares.

The problem is, that the duplicate check works with strings (nonce, extranonce...) and does check them case sensitive.
So the exploiter simply sends his values in all variations with small and big letters (because it is in hex)

example:

03:51:47.760512 IP 87.203.91.128.28348 > xxx.xxx.11.163.3333: Flags [P.], seq 535:1070, ack 216, win 64185, length 535
.m.g..h..P...kn..
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbf", "5d82727c"]}
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbf", "5d82727C"]}
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbf", "5D82727c"]}
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbf", "5D82727C"]}
{"id":913,"method":"mining.submit","params":["uphellper.5553", "424", "f5670100", "550cdcbF", "5d82727c"]}

03:51:47.859746 IP xxx.xxx.11.163.3333 > 87.203.91.128.28348: Flags [.], ack 1070, win 65535, length 0
.n..h..m.i.P........
03:51:47.951332 IP xxx.xxx.11.163.3333 > 87.203.91.128.28348: Flags [P.], seq 216:431, ack 1070, win 65535, length 215
.n..h..m.i.P....3..{"error": null, "id": 913, "result": true}
{"error": null, "id": 913, "result": true}
{"error": null, "id": 913, "result": true}
{"error": null, "id": 913, "result": true}
{"error": null, "id": 913, "result": true}

The diff for the fix looks like this:

file: stratum-mining/lib/template_registry.py

         # Check for duplicated submit
-        if not job.register_submit(extranonce1_bin, extranonce2, ntime, nonce):
+        if not job.register_submit(extranonce1_bin, extranonce2.lower(), ntime.lower(), nonce.lower()):
             log.info("Duplicate from %s, (%s %s %s %s)" % \

The fix may be not complete though.

I understand that the pool owners and especially slush (his pool seems to have this fixed) do not share their hard work.
But to not release this bugfix is not what the bitcoin community stands for.

If anyone appreciates this public disclosure you can show it here: 19c4bA6qHLjnWgYQmS9VuqwHuNT6jR5Atz

Denis, owner of the small but old pool btcmp.com

PS: the user which attacked my pool had the name "uphellper". Shame on You!
-ck
Legendary
*
Offline Offline

Activity: 4284
Merit: 1645


Ruu \o/


View Profile WWW
March 24, 2015, 08:17:42 PM
 #2

There is no public disclosure here. You are talking about client software aren't you? No pool software is stupid enough to allow you to submit duplicates and get paid for them and there is plenty of free and open pool software code (mine included) to see. The pools will just rightly reject duplicates.

Developer/maintainer for cgminer, ckpool/ckproxy, and the -ck kernel
2% Fee Solo mining at solo.ckpool.org
-ck
denis2342 (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0



View Profile WWW
March 25, 2015, 12:03:15 AM
 #3

Hi

I'm talking about the server side of the stratum mining.

The bug is in the reference code itself (at least I would say it is the reference because it was the first one).

https://github.com/slush0/stratum-mining

Denis
-ck
Legendary
*
Offline Offline

Activity: 4284
Merit: 1645


Ruu \o/


View Profile WWW
March 25, 2015, 12:20:00 AM
 #4

Nice. Fortunately there are alternatives.

Developer/maintainer for cgminer, ckpool/ckproxy, and the -ck kernel
2% Fee Solo mining at solo.ckpool.org
-ck
TheCoinFinder
Legendary
*
Offline Offline

Activity: 938
Merit: 1001



View Profile WWW
June 08, 2015, 08:19:58 PM
 #5

Thanks for fix.

Added it to my pool. It does seem to do the job.

.Deviant.io.                ▄▄▄▄███▄▄▄▄
             ▄█▀▀░░░░░░░░░▀▀█▄
           ██▀░░░░░░░░░░░░░░░░██
         ▄█▀░░░░░░░░░░░░░░░░░░░▐█▄
        ▐█░░░▄████████████████▄░░
        █▌░░███▀▀▀████████▀▀▀██▌▐█
        █▌░░█████▌  ▐▄▄   ██████░▐█
        ██░░▀██████████████████░▒██
        ▄██▄▄███▀▓▓▓▓▓▓▓▀███▄░▄███▄
     ▄██▓▓▓██▓▓███▀▀▒▒▒▀▀███▓▓██▓▓▓▓██
    ▐█▓▓▓▓█▓██▀▒▒▒▒▒▒▒▒▒▒▒▌▒▀████▓█▓▓▓
    ▀███████▒▒▒▒▒▒▒▒▒▒▒█▀█▒▒▒████████▀
      ▀████▒▒▒▒▒▒▒▒▒▒▄█▀▒▒█▒██▀▒████▀
      ▐█▓█▌▒▒▒▒▒▒▒▒██▒▓▓▓▒▀▒▒▒▒▓██▓█▌
      ██▓█▌▒▒▒▒▒▒██▓████▓▒▒▒▓▓▒███▓█▌
      ▐█▓██▒▒▒▒███▀▒▒▒█▌▓▓▓██▀▒██▓█▌
       ██▒█▌▒▀▒▒▒▒▒▒▒▒█▌▓██▀▒▒▒▒█▒██
        ██▒██▒▒▒▒▒▒▒▒▒█▀▒▒▒▒▒▒██▒██
         ▀█▓▓██▄▒▒▒▒▒▒▒▒▒▒▒▄██▓▓█▀
           ▀██▒▀█████▄█████▀▓██▀
         ▄▄▓▓▓█████▄▄▓▄▄█████▓▓▄▄

























      ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
     ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▓▓▓▓▓▓▓▓▓▓▓▓     ▓▀▓▓▓▌
     ▓▓▓   ▓▓▓▓▓        ▐▓▓▌
     ▓▓▓               ▐▓▓▓▌
    ▐▓▓▓               ▓▓▓▓▌
    ▐▓▓▓▓             ▓▓▓▓▓▌
    ▐▓▓▓▓▓▄▄         ▓▓▓▓▓▓▌
    ▐▓▓▓▓         ▄▓▓▓▓▓▓▓▓▌
    ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▀▀▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▀      ▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌    ▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▌          ▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▌         ▐▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌

    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓░░▓▓▓▓░░▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓²         ` ║▓▓▓▓▓
    ░▓▓▓▓              ╢▓▓▓▓
    ░▓▓▓Γ    ▓╥  ╓▓┐    ▓▓▓▓
    ░▓▓▓     ╙`   ╙     ▓▓▓▓
    ░▓▓▓╥   ─,,  ,,─   ╓▓▓▓▓
    ░▓▓▓▓▓▓░░▓▓▓▓▓▓░░░▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ▓▓▓▓▀▀▀▓▓▓▓▓    ▀▀▀▀▓▓▓▓
    ▓▓▓▓   `▓▓▓▀        ▓▓▓▓
    ▓▓▓▓▌            ▄▓▓▓▓▓▓
    ▓▓       ,▄▄▓▓   ▐▓▓▓▓▓▓
    ▓▓▄,▄▄   ▐▓▓▓▓▓   ▀▀ '▀▓
    ▓▓▓▓▓▓▓   ▀▓▀▀▀       ▄▓
    ▓▓▓▓▓▓▓             ▓▓▓▓
    ▓▓▓▓▀       ▄▄▓▓▌   ▓▓▓▓
    ▓▓▓▓▓▄▄▄▄   ▓▓▓▓▓▄,▄▓▓▓▓
    ▓▓▓▓▓▓▓▓▓▄  ▐▓▓▓▓▓▓▓▓▓▓▓
ThePiGuy
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
June 13, 2015, 02:44:36 AM
 #6

Does anyone know of actual pool that allows this duplicate share submission?
okae
Legendary
*
Offline Offline

Activity: 1401
Merit: 1008


northern exposure


View Profile WWW
June 14, 2015, 11:32:39 AM
 #7

Does anyone know of actual pool that allows this duplicate share submission?

i dont thing that there is stupid enought pools that allow you to do that, why will they allow you to do that? they will loose money if they do that man...

edited: just to quote this, was a better reply than mine Tongue

There is no public disclosure here. You are talking about client software aren't you? No pool software is stupid enough to allow you to submit duplicates and get paid for them and there is plenty of free and open pool software code (mine included) to see. The pools will just rightly reject duplicates.

IMHO #1.b of suspects, Hal Finney is/was S.N.
ThePiGuy
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
June 14, 2015, 10:43:45 PM
 #8

Does anyone know of actual pool that allows this duplicate share submission?

i dont thing that there is stupid enought pools that allow you to do that, why will they allow you to do that? they will loose money if they do that man...

edited: just to quote this, was a better reply than mine Tongue

There is no public disclosure here. You are talking about client software aren't you? No pool software is stupid enough to allow you to submit duplicates and get paid for them and there is plenty of free and open pool software code (mine included) to see. The pools will just rightly reject duplicates.

Just because it's stupid doesn't mean that there aren't people stupider than the reference client [or similar] programmers who allowed this bug to exist.  Looking at some of the big bugs in software throughout history (for example, gambling places allowing double spends, and ultimately going bankrupt because so many people double-spent their servers), it's pretty funny to see the major epic fails.
kano
Legendary
*
Offline Offline

Activity: 4620
Merit: 1851


Linux since 1997 RedHat 4


View Profile
June 19, 2015, 10:54:22 PM
 #9

... this problem is due to using high level slow languages and treating data as strings rather than what they really are ...

Pool: https://kano.is - low 0.5% fee PPLNS 3 Days - Most reliable Solo with ONLY 0.5% fee   Bitcointalk thread: Forum
Discord support invite at https://kano.is/ Majority developer of the ckpool code - k for kano
The ONLY active original developer of cgminer. Original master git: https://github.com/kanoi/cgminer
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!