Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
April 04, 2013, 09:46:58 PM |
|
Following is a summary of the Terracoin vulnerability I communicated to Gavin and Terracoin developer. It is now fixed in the latest Terracoin release.
Summary: Possible manipulation of difficulty by a miner collusion, or a direct 51% attack, to collapse the difficulty and block generation interval to almost 0.
Impact Level: Critical.
Description: because terracoin employed a very short adjustment interval of 30 blocks, while the target spacing is 2-minute, below is what I come up with as an experimental attack scenario (not tested yet but just for illustration purposes for now). The way the attack works is that a miner collusion attempts to artificially inflates the time span of each retarget section. When the collusion gains momentum theoretically for terracoin I think the difficulty will collapse and block spacing drops close to 0. This is because terracoin 1) didn't fix the time travel vulnerability 2) used a too short retarget interval.
diff --git a/src/main.cpp b/src/main.cpp index 87b8abf..f28ea0b 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1238,6 +1238,15 @@ void CBlock::UpdateTime(const CBlockIndex* pindexPrev) { nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());
+ // If the time-travel vulnerability is present (nActualTimeSpan is + // computed between the first and last block of the retarget section) + // the following patch can gradually attract miners to join a 'collusion': + // inflate nActualTimeSpan on both ends of the retarget section + if ((pindexPrev->nHeight+1) % nInterval == 0) + nTime = max(GetBlockTime(), GetAdjustedTime()) + 105 * 60; + else if ((pindexPrev->nHeight+1) % nInterval == 1) + nTime = pindexPrev->GetMedianTimePast()+1; + // Updating time can change work required on testnet: if (fTestNet) nBits = GetNextWorkRequired(pindexPrev, this);
Acknowledgement: this class of attack was first disclosed by ArtForz in 2011 I think. It's well known among bitcoin developers and old-time altcoin developers.
|
|
|
|
tacotime
Legendary
Offline
Activity: 1484
Merit: 1005
|
|
April 04, 2013, 09:50:41 PM |
|
Edit: nm, same as time travel with original solidcoin I think.
|
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
April 04, 2013, 09:52:58 PM |
|
Thank you SunnyKing for pointing this out to the TRC dev's!
|
more or less retired.
|
|
|
Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
April 04, 2013, 09:53:07 PM |
|
No. Yours is a limited oscillation. This one would collapse it to 0.
|
|
|
|
tacotime
Legendary
Offline
Activity: 1484
Merit: 1005
|
|
April 04, 2013, 09:54:34 PM |
|
No. Yours is a limited oscillation. This one would collapse it to 0.
Yeah, I realized it now, I haven't heard about that vulnerability for a while.
|
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
|
|
|
Sunny King (OP)
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
April 04, 2013, 09:59:49 PM |
|
Thank you SunnyKing for pointing this out to the TRC dev's!
Best way to thank me is for the terracoin fans to stop trashtalking ppcoin just because we are in competition. I advocate competing fairly with positive spirit. Thanks,
|
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
April 04, 2013, 10:01:13 PM |
|
Thank you SunnyKing for pointing this out to the TRC dev's!
Best way to thank me is for the terracoin fans to stop trashtalking ppcoin just because we are in competition. I advocate competing fairly with positive spirit. Thanks, Deal.
|
more or less retired.
|
|
|
d4rkbreaker
Member
Offline
Activity: 83
Merit: 10
|
|
April 04, 2013, 10:49:06 PM |
|
I just started wallet (newest stable build, it worked earlier today) and got this error message. Is it related to bug? Uninstall, reinstall previous stable build and check for this error message. If it turns out that the previous builds work, then someone screwed up the source files and compiled.
|
Donations: 1JLDd424T2pJms12shLZ8GKYvUMcykkpJq | TRC - 16ZyoYBhWQeTB14Ld9bWLLvoj5e6FTzk23
|
|
|
d4rkbreaker
Member
Offline
Activity: 83
Merit: 10
|
|
April 05, 2013, 01:11:05 AM |
|
But it is the same wallet version I have been using for weeks now. I had it up and running before, while and after difficulty calculation change went live and it is working now without problems.
I just installed the new stable release. Why is it re-downloading all the transactions that I had already?
|
Donations: 1JLDd424T2pJms12shLZ8GKYvUMcykkpJq | TRC - 16ZyoYBhWQeTB14Ld9bWLLvoj5e6FTzk23
|
|
|
flound1129
|
|
April 05, 2013, 02:27:43 AM Last edit: April 05, 2013, 04:30:02 AM by flound1129 |
|
nevermind.
|
Multipool - Always mine the most profitable coin - Scrypt, X11 or SHA-256!
|
|
|
jar
Newbie
Offline
Activity: 48
Merit: 0
|
|
April 05, 2013, 02:31:32 AM |
|
That's not a patch to fix anything. Do not apply that. It was a potential exploit that has already patched (again, not that code). It's my understanding that that code won't get you anywhere with exploiting anything in the current branch.
|
|
|
|
Walter Rothbard
|
|
April 05, 2013, 02:39:48 AM |
|
Thank you SunnyKing for pointing this out to the TRC dev's!
Best way to thank me is for the terracoin fans to stop trashtalking ppcoin just because we are in competition. I advocate competing fairly with positive spirit. Thanks, Earnest agreement! Thank you for your contribution, and I wish you and your coin's users the best. (And even though I have coin preferences, I hope nobody ever reads what I say as trashing other coins or their users.)
|
|
|
|
Tomatocage
Legendary
Offline
Activity: 1554
Merit: 1222
brb keeping up with the Kardashians
|
|
April 05, 2013, 04:09:28 AM |
|
Terracoin has an active dev?
|
|
|
|
jubalix
Legendary
Offline
Activity: 2632
Merit: 1023
|
|
April 05, 2013, 06:14:15 AM |
|
SK you are the Best I purchased PPC and TRC both are great!!!! Following is a summary of the Terracoin vulnerability I communicated to Gavin and Terracoin developer. It is now fixed in the latest Terracoin release.
Summary: Possible manipulation of difficulty by a miner collusion, or a direct 51% attack, to collapse the difficulty and block generation interval to almost 0.
Impact Level: Critical.
Description: because terracoin employed a very short adjustment interval of 30 blocks, while the target spacing is 2-minute, below is what I come up with as an experimental attack scenario (not tested yet but just for illustration purposes for now). The way the attack works is that a miner collusion attempts to artificially inflates the time span of each retarget section. When the collusion gains momentum theoretically for terracoin I think the difficulty will collapse and block spacing drops close to 0. This is because terracoin 1) didn't fix the time travel vulnerability 2) used a too short retarget interval.
diff --git a/src/main.cpp b/src/main.cpp index 87b8abf..f28ea0b 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1238,6 +1238,15 @@ void CBlock::UpdateTime(const CBlockIndex* pindexPrev) { nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());
+ // If the time-travel vulnerability is present (nActualTimeSpan is + // computed between the first and last block of the retarget section) + // the following patch can gradually attract miners to join a 'collusion': + // inflate nActualTimeSpan on both ends of the retarget section + if ((pindexPrev->nHeight+1) % nInterval == 0) + nTime = max(GetBlockTime(), GetAdjustedTime()) + 105 * 60; + else if ((pindexPrev->nHeight+1) % nInterval == 1) + nTime = pindexPrev->GetMedianTimePast()+1; + // Updating time can change work required on testnet: if (fTestNet) nBits = GetNextWorkRequired(pindexPrev, this);
Acknowledgement: this class of attack was first disclosed by ArtForz in 2011 I think. It's well known among bitcoin developers and old-time altcoin developers.
|
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
April 05, 2013, 06:33:30 AM |
|
Terracoin has an active dev?
Yes it does. He will answer questions at the sourceforge page or the github page and lurks in the forums.
|
more or less retired.
|
|
|
luffy
|
|
April 05, 2013, 06:35:50 AM |
|
i don't consider any coin as competition to each other. every coin is different and every coin can be useful in its way. btw, SK you are great!
|
|
|
|
|
celkaris
|
|
April 11, 2013, 06:30:07 PM |
|
i guess he can do that because there are not enough miners on TRC, looking atblocks, i see he is able to mine multiple consecutive blocks at a diff between 2k and 14k If he was unable to mine multiple consecutive blocks, i'm pretty sure the averaging thing would more or less ignore those
|
|
|
|
Syke
Legendary
Offline
Activity: 3878
Merit: 1193
|
|
April 11, 2013, 06:34:27 PM |
|
Watch the time stamps. He's generating the blocks ahead of time and then dropping them all on the network at once.
|
Buy & Hold
|
|
|
celkaris
|
|
April 11, 2013, 06:38:51 PM |
|
Watch the time stamps. He's generating the blocks ahead of time and then dropping them all on the network at once.
yes, saw that. If there was enough miners ... he should not be able to mine so many consecutive blocks, that's what i was saying. If people want to protect their coins ... mining is the only option (supposing he's not the guy behind your favorite pool of course :p )
|
|
|
|
|