cebb
|
|
March 13, 2017, 05:07:16 AM |
|
This was a bug in the code, actually it was code that was missing and allowed a vout to be created that wasnt constrained. It is closer to the billions of bitcoins bug.
I announced the block that will be rolled back to, pretty much in realtime, so it is more a stopping the chain at 235300 than rolling back. of course a few hundred blocks were generated during the time to make the fix. so yes, technically it is a rollback of a few hours, of the blocks that happened after 235300 was announced.
Let us not make a political circus out of this. It was a bug that was abused.
The attack started about 36 hours ago during the weekend. We detected it about 6 hours ago and had a fix that would go into effect at 236000. At that point the attacker would have had coins, but it would have been absorbable.
Then the attacker must have seen that things will be cutoff at 236000 and he went wild. He started a high frequency attack and started to move funds, even some z-transactions.
There were 15 blocks prior to 235300 with the illicit KMD in vout1 and the new version prevents any block with any tx that spends any of these 15 as invalid. Unfortunately, this will require a resync of the chain as the local DB has invalid blocks in it and even with the -rewind, komodod will be complaining.
If you are running native komodod, you need to update and resync. delete the usual blockchain files and komodostate in the ~/.komodo folder. Make sure to not delete your wallet.
The simplest is to leave the illicit KMD in the utxo where they are, frozen. So there wont be any dilution due to this.
+1 to the decision to roll back. Dont listen to trolls here. They may be sockpuppet of the attacker. Rolling back chain few hours is no big deal. Those not happy with the Dev's decision can move on. and stupidity and greed win again wtf Stupidity? I dont think so. Greed? Absolutely yes. Isn't that the whole point of investing in cryptos including bitcoin? Do you have some other motives? If you want a Do nothing approach you will feel better in Litecoin than KMD.
|
|
|
|
jl777 (OP)
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 13, 2017, 05:17:19 AM |
|
this is not a rollback to bail out some exchange that got hacked.
the attacker has generated another 27 blocks in the last hour and at this pace he would generate much more than 10 million KMD by the 236000 block with the original bugfix trigger.
It is a bug that was not found by a white hat, but by someone who repeatedly exploits the same bug over and over.
I did not block the first exploit of the bug, that can be considered a bounty. But beyond that, it is like handing in the same thing over and over again expecting to be paid for it.
I never said the code is the law. The miner reward has been stated to be 3 KMD per block, not 100003 KMD. It is a chain stoppage due to a critical bug. People have relied on 3 KMD per block as mining reward, so to allow 100003 KMD as a reward would violate things a lot more than stopping the chain at 235300.
I will use common sense for this. Also, in the future if there is some other critical bug that dramatically changes what everyone's understanding is, then I will likely fix it and stop the chain, etc.
|
|
|
|
gulachov
Member
Offline
Activity: 111
Merit: 10
|
|
March 13, 2017, 05:17:53 AM |
|
Makes me laugh looking at the explorer now, so much desperate moves. LOL
You should've just contact devs white-hat. I am confident most of the people here will approve what devs are doing. And as JL said, it's technically stopping entire system, not rolling it back.
|
|
|
|
boomboom
|
|
March 13, 2017, 05:22:49 AM |
|
We all know that immutability is the golden rule of blockchains, believing in that doesn't make you a troll.
Rollback once, shame on you ... Rollback twice ... there wont be one, crypto die hards wont be around ... I thought SuperNET was champion of decentralisation?
Edit, sorry to sound critical jl777, I've been a big supporter of SN since forever, just shocked at how fast rollback is invoked when better options exist.
|
|
|
|
gulachov
Member
Offline
Activity: 111
Merit: 10
|
|
March 13, 2017, 05:31:02 AM |
|
I suspect the answer, but wouldn't hurt to ask. Would it be fare to use ICO funds to buy up equal amount of KMD attacker dumped (if any)?
|
|
|
|
Sam123
|
|
March 13, 2017, 05:32:49 AM |
|
Agreed. Let's not make it political. There was a bug. Rollback is the best option.
|
|
|
|
boomboom
|
|
March 13, 2017, 05:34:37 AM |
|
this is not a rollback to bail out some exchange that got hacked.
the attacker has generated another 27 blocks in the last hour and at this pace he would generate much more than 10 million KMD by the 236000 block with the original bugfix trigger.
It is a bug that was not found by a white hat, but by someone who repeatedly exploits the same bug over and over.
I did not block the first exploit of the bug, that can be considered a bounty. But beyond that, it is like handing in the same thing over and over again expecting to be paid for it.
I never said the code is the law. The miner reward has been stated to be 3 KMD per block, not 100003 KMD. It is a chain stoppage due to a critical bug. People have relied on 3 KMD per block as mining reward, so to allow 100003 KMD as a reward would violate things a lot more than stopping the chain at 235300.
I will use common sense for this. Also, in the future if there is some other critical bug that dramatically changes what everyone's understanding is, then I will likely fix it and stop the chain, etc.
10M is a big bounty, but rollback is worse imo, but that's just my opinion. I respect your call James, just think you'll regret it later if it ends up damaging SuperNET fatally, which it easily can. Trolls will be attached like barnacles to this 'rollback' forever now. I'm not selling though
|
|
|
|
cebb
|
|
March 13, 2017, 05:37:10 AM |
|
I suspect the answer, but wouldn't hurt to ask. Would it be fare to use ICO funds to buy up equal amount of KMD attacker dumped (if any)?
2639 BTC were raised. At ICO price of 1 KMD = 0.00012909 BTC, If 10 million KMDs are generated by hacker that amounts to 1290 BTC. Of cource the above calcs are approximates but still half of the Raised BTC will be gone. Not a good option.
|
|
|
|
cebb
|
|
March 13, 2017, 05:39:47 AM |
|
On a side note, what a good day in crypto. All the alts are rising. Lets fix the bug and join the rally that has taken all good alts by storm.
|
|
|
|
jl777 (OP)
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 13, 2017, 05:42:56 AM |
|
this is not a rollback to bail out some exchange that got hacked.
the attacker has generated another 27 blocks in the last hour and at this pace he would generate much more than 10 million KMD by the 236000 block with the original bugfix trigger.
It is a bug that was not found by a white hat, but by someone who repeatedly exploits the same bug over and over.
I did not block the first exploit of the bug, that can be considered a bounty. But beyond that, it is like handing in the same thing over and over again expecting to be paid for it.
I never said the code is the law. The miner reward has been stated to be 3 KMD per block, not 100003 KMD. It is a chain stoppage due to a critical bug. People have relied on 3 KMD per block as mining reward, so to allow 100003 KMD as a reward would violate things a lot more than stopping the chain at 235300.
I will use common sense for this. Also, in the future if there is some other critical bug that dramatically changes what everyone's understanding is, then I will likely fix it and stop the chain, etc.
10M is a big bounty, but rollback is worse imo, but that's just my opinion. I respect your call James, just think you'll regret it later if it ends up damaging SuperNET fatally, which it easily can. Trolls will be attached like barnacles to this 'rollback' forever now. I'm not selling though the attacker is generating half the blocks now. that is pace of 3 million KMD per hour and would be for another 6 hours or so. So we are looking at more like 25 to 30 million KMD. and most all of this was AFTER I announce the chain would be stopped and rolled back to that point. not sure how this is different from the bug that allowed to create bitcoins. allowing such coin creation to be upheld is not any immutability, but a total violation of coin emission.
|
|
|
|
hansen.ng
|
|
March 13, 2017, 05:43:50 AM |
|
People, please use 2FA on your exchange accounts. Somebody was trying to login my account but i have 2FA, so they failed.
|
|
|
|
hansen.ng
|
|
March 13, 2017, 05:45:15 AM |
|
this is not a rollback to bail out some exchange that got hacked.
the attacker has generated another 27 blocks in the last hour and at this pace he would generate much more than 10 million KMD by the 236000 block with the original bugfix trigger.
It is a bug that was not found by a white hat, but by someone who repeatedly exploits the same bug over and over.
I did not block the first exploit of the bug, that can be considered a bounty. But beyond that, it is like handing in the same thing over and over again expecting to be paid for it.
I never said the code is the law. The miner reward has been stated to be 3 KMD per block, not 100003 KMD. It is a chain stoppage due to a critical bug. People have relied on 3 KMD per block as mining reward, so to allow 100003 KMD as a reward would violate things a lot more than stopping the chain at 235300.
I will use common sense for this. Also, in the future if there is some other critical bug that dramatically changes what everyone's understanding is, then I will likely fix it and stop the chain, etc.
10M is a big bounty, but rollback is worse imo, but that's just my opinion. I respect your call James, just think you'll regret it later if it ends up damaging SuperNET fatally, which it easily can. Trolls will be attached like barnacles to this 'rollback' forever now. I'm not selling though the attacker is generating half the blocks now. that is pace of 3 million KMD per hour and would be for another 6 hours or so. So we are looking at more like 25 to 30 million KMD. and most all of this was AFTER I announce the chain would be stopped and rolled back to that point. not sure how this is different from the bug that allowed to create bitcoins. allowing such coin creation to be upheld is not any immutability, but a total violation of coin emission. I vote rollback.
|
|
|
|
bv68bot
|
|
March 13, 2017, 05:45:37 AM |
|
I suspect the answer, but wouldn't hurt to ask. Would it be fare to use ICO funds to buy up equal amount of KMD attacker dumped (if any)?
2639 BTC were raised. At ICO price of 1 KMD = 0.00012909 BTC, If 10 million KMDs are generated by hacker that amounts to 1290 BTC. Of cource the above calcs are approximates but still half of the Raised BTC will be gone. Not a good option. Why not make a deal with hacker, he keeps 2M and returns 8M, and then no rollback. @hacker, you must be reading, you're going to get nothing with a rollback, make an offer
|
|
|
|
cebb
|
|
March 13, 2017, 05:46:48 AM |
|
Rollback is the only option. And lets not worry about KMD Classic. Because that classic chain will have billions of KMD by end of week. 99% of them owned by the attacker. Good luck joining that chain.
|
|
|
|
CoollerOne
Member
Offline
Activity: 72
Merit: 10
|
|
March 13, 2017, 05:48:14 AM |
|
I don't see what all this fuss is about. It's either you let the coin die with someone generating as much as he wants, and of cause let the devs go with all BTC's or rollback 200 blocks when everyone here knows not to move anything.
200 blocks out of 235000 is nothing, especially when it was posted real-time.
There is no alternative. Restart at 235300. Good job devs catching it as it is.
|
|
|
|
boomboom
|
|
March 13, 2017, 05:49:32 AM |
|
this is not a rollback to bail out some exchange that got hacked.
the attacker has generated another 27 blocks in the last hour and at this pace he would generate much more than 10 million KMD by the 236000 block with the original bugfix trigger.
It is a bug that was not found by a white hat, but by someone who repeatedly exploits the same bug over and over.
I did not block the first exploit of the bug, that can be considered a bounty. But beyond that, it is like handing in the same thing over and over again expecting to be paid for it.
I never said the code is the law. The miner reward has been stated to be 3 KMD per block, not 100003 KMD. It is a chain stoppage due to a critical bug. People have relied on 3 KMD per block as mining reward, so to allow 100003 KMD as a reward would violate things a lot more than stopping the chain at 235300.
I will use common sense for this. Also, in the future if there is some other critical bug that dramatically changes what everyone's understanding is, then I will likely fix it and stop the chain, etc.
10M is a big bounty, but rollback is worse imo, but that's just my opinion. I respect your call James, just think you'll regret it later if it ends up damaging SuperNET fatally, which it easily can. Trolls will be attached like barnacles to this 'rollback' forever now. I'm not selling though the attacker is generating half the blocks now. that is pace of 3 million KMD per hour and would be for another 6 hours or so. So we are looking at more like 25 to 30 million KMD. and most all of this was AFTER I announce the chain would be stopped and rolled back to that point. not sure how this is different from the bug that allowed to create bitcoins. allowing such coin creation to be upheld is not any immutability, but a total violation of coin emission. That's too much for a bounty, but rollback is too much, Time to make a deal with the attacker, otherwise everybody loses here ... Open a dialogue ...
|
|
|
|
cebb
|
|
March 13, 2017, 05:49:47 AM |
|
I suspect the answer, but wouldn't hurt to ask. Would it be fare to use ICO funds to buy up equal amount of KMD attacker dumped (if any)?
2639 BTC were raised. At ICO price of 1 KMD = 0.00012909 BTC, If 10 million KMDs are generated by hacker that amounts to 1290 BTC. Of cource the above calcs are approximates but still half of the Raised BTC will be gone. Not a good option. Why not make a deal with hacker, he keeps 2M and returns 8M, and then no rollback. @hacker, you must be reading, you're going to get nothing with a rollback, make an offer You are overestimating the impact of rollback. No one is going to talk about in a week. it is not contentious like ETH hard fork.
|
|
|
|
boomboom
|
|
March 13, 2017, 05:52:41 AM |
|
I don't see what all this fuss is about. It's either you let the coin die with someone generating as much as he wants, and of cause let the devs go with all BTC's or rollback 200 blocks when everyone here knows not to move anything.
200 blocks out of 235000 is nothing, especially when it was posted real-time.
There is no alternative. Restart at 235300. Good job devs catching it as it is.
Rollback is crypto suicide though, even one block, the precedent can never be removed. Do a deal, the hacker found a bug, he deserves a bounty, otherwise we all lose everything. Komodo will never reach potential if immutability is lost today.
|
|
|
|
jwiz168
|
|
March 13, 2017, 05:55:03 AM |
|
this is not a rollback to bail out some exchange that got hacked.
the attacker has generated another 27 blocks in the last hour and at this pace he would generate much more than 10 million KMD by the 236000 block with the original bugfix trigger.
It is a bug that was not found by a white hat, but by someone who repeatedly exploits the same bug over and over.
I did not block the first exploit of the bug, that can be considered a bounty. But beyond that, it is like handing in the same thing over and over again expecting to be paid for it.
I never said the code is the law. The miner reward has been stated to be 3 KMD per block, not 100003 KMD. It is a chain stoppage due to a critical bug. People have relied on 3 KMD per block as mining reward, so to allow 100003 KMD as a reward would violate things a lot more than stopping the chain at 235300.
I will use common sense for this. Also, in the future if there is some other critical bug that dramatically changes what everyone's understanding is, then I will likely fix it and stop the chain, etc.
10M is a big bounty, but rollback is worse imo, but that's just my opinion. I respect your call James, just think you'll regret it later if it ends up damaging SuperNET fatally, which it easily can. Trolls will be attached like barnacles to this 'rollback' forever now. I'm not selling though the attacker is generating half the blocks now. that is pace of 3 million KMD per hour and would be for another 6 hours or so. So we are looking at more like 25 to 30 million KMD. and most all of this was AFTER I announce the chain would be stopped and rolled back to that point. not sure how this is different from the bug that allowed to create bitcoins. allowing such coin creation to be upheld is not any immutability, but a total violation of coin emission. That's too much for a bounty, but rollback is too much, Time to make a deal with the attacker, otherwise everybody loses here ... Open a dialogue ... Not everybody as long as you had never transacted KMD beyond the block that started being exploited, you will be fine.
|
|
|
|
CoollerOne
Member
Offline
Activity: 72
Merit: 10
|
|
March 13, 2017, 05:56:29 AM |
|
So strange, 2 accounts are actively, I would even say desperately asking to make a deal with the attacker and 10-15 are saying naah, that's OK, let's do it.
The decision was made already. There is no need to ask how much he wants. He'll get nothing.
|
|
|
|
|