[TRC] [DISCLOSURE] Terracoin Difficulty Collapse Exploit

[Sunny King]

Following is a summary of the Terracoin vulnerability I communicated to Gavin and Terracoin developer. It is now fixed in the latest Terracoin release.

Summary: Possible manipulation of difficulty by a miner collusion, or a direct 51% attack, to collapse the difficulty and block generation interval to almost 0.

Impact Level: Critical.

Description: because terracoin employed a very short adjustment interval of 30 blocks, while the target spacing is 2-minute, below is what I come up with as an experimental attack scenario (not tested yet but just for illustration purposes for now). The way the attack works is that a miner collusion attempts to artificially inflates the time span of each retarget section. When the collusion gains momentum theoretically for terracoin I think the difficulty will collapse and block spacing drops close to 0. This is because terracoin 1) didn't fix the time travel vulnerability 2) used a too short retarget interval.


diff --git a/src/main.cpp b/src/main.cpp
index 87b8abf..f28ea0b 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1238,6 +1238,15 @@ void CBlock::UpdateTime(const CBlockIndex* pindexPrev)
 {
     nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());

+    // If the time-travel vulnerability is present  (nActualTimeSpan is
+    // computed between the first and last block of the retarget section)
+    // the following patch can gradually attract miners to join a 'collusion':
+    // inflate nActualTimeSpan on both ends of the retarget section
+    if ((pindexPrev->nHeight+1) % nInterval == 0)
+        nTime = max(GetBlockTime(), GetAdjustedTime()) + 105 * 60;
+    else if ((pindexPrev->nHeight+1) % nInterval == 1)
+        nTime = pindexPrev->GetMedianTimePast()+1;
+
     // Updating time can change work required on testnet:
     if (fTestNet)
         nBits = GetNextWorkRequired(pindexPrev, this);


Acknowledgement: this class of attack was first disclosed by ArtForz in 2011 I think. It's well known among bitcoin developers and old-time altcoin developers.

[tacotime]

Edit: nm, same as time travel with original solidcoin I think.

[crazy_rabbit]

Thank you SunnyKing for pointing this out to the TRC dev's!

[Sunny King]

Is this the same exploit I published on a while ago that was seen recently?

No. Yours is a limited oscillation. This one would collapse it to 0.

[tacotime]

No. Yours is a limited oscillation. This one would collapse it to 0.

Yeah, I realized it now, I haven't heard about that vulnerability for a while.

[Sunny King]

Thank you SunnyKing for pointing this out to the TRC dev's!

Best way to thank me is for the terracoin fans to stop trashtalking ppcoin just because we are in competition. I advocate competing fairly with positive spirit.

Thanks,

[crazy_rabbit]

Thank you SunnyKing for pointing this out to the TRC dev's!

Best way to thank me is for the terracoin fans to stop trashtalking ppcoin just because we are in competition. I advocate competing fairly with positive spirit.

Thanks,

Deal.

[d4rkbreaker]

I just started wallet (newest stable build, it worked earlier today) and got this error message. Is it related to bug?

Uninstall, reinstall previous stable build and check for this error message. If it turns out that the previous builds work, then someone screwed up the source files and compiled.

[d4rkbreaker]

But it is the same wallet version I have been using for weeks now. I had it up and running before, while and after difficulty calculation change went live
and it is working now without problems.

I just installed the new stable release. Why is it re-downloading all the transactions that I had already?

[flound1129]

nevermind.

[jar]

That's not a patch to fix anything.  Do not apply that.  It was a potential exploit that has already patched (again, not that code).  It's my understanding that that code won't get you anywhere with exploiting anything in the current branch.

[Walter Rothbard]

Thank you SunnyKing for pointing this out to the TRC dev's!

Best way to thank me is for the terracoin fans to stop trashtalking ppcoin just because we are in competition. I advocate competing fairly with positive spirit.

Thanks,

Earnest agreement!  Thank you for your contribution, and I wish you and your coin's users the best.

(And even though I have coin preferences, I hope nobody ever reads what I say as trashing other coins or their users.)

[Tomatocage]

Terracoin has an active dev?

[jubalix]

SK you are the Best

I purchased PPC and TRC both are great!!!!

Following is a summary of the Terracoin vulnerability I communicated to Gavin and Terracoin developer. It is now fixed in the latest Terracoin release.

Summary: Possible manipulation of difficulty by a miner collusion, or a direct 51% attack, to collapse the difficulty and block generation interval to almost 0.

Impact Level: Critical.

Description: because terracoin employed a very short adjustment interval of 30 blocks, while the target spacing is 2-minute, below is what I come up with as an experimental attack scenario (not tested yet but just for illustration purposes for now). The way the attack works is that a miner collusion attempts to artificially inflates the time span of each retarget section. When the collusion gains momentum theoretically for terracoin I think the difficulty will collapse and block spacing drops close to 0. This is because terracoin 1) didn't fix the time travel vulnerability 2) used a too short retarget interval.


diff --git a/src/main.cpp b/src/main.cpp
index 87b8abf..f28ea0b 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1238,6 +1238,15 @@ void CBlock::UpdateTime(const CBlockIndex* pindexPrev)
 {
     nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());

+    // If the time-travel vulnerability is present  (nActualTimeSpan is
+    // computed between the first and last block of the retarget section)
+    // the following patch can gradually attract miners to join a 'collusion':
+    // inflate nActualTimeSpan on both ends of the retarget section
+    if ((pindexPrev->nHeight+1) % nInterval == 0)
+        nTime = max(GetBlockTime(), GetAdjustedTime()) + 105 * 60;
+    else if ((pindexPrev->nHeight+1) % nInterval == 1)
+        nTime = pindexPrev->GetMedianTimePast()+1;
+
     // Updating time can change work required on testnet:
     if (fTestNet)
         nBits = GetNextWorkRequired(pindexPrev, this);


Acknowledgement: this class of attack was first disclosed by ArtForz in 2011 I think. It's well known among bitcoin developers and old-time altcoin developers.

[crazy_rabbit]

Terracoin has an active dev?

Yes it does. He will answer questions at the sourceforge page or the github page and lurks in the forums.

[luffy]

i don't consider any coin as competition to each other. every coin is different and every coin can be useful in its way.
btw, SK you are great!

[Syke]

Some is time-travel exploiting the new difficulty calculation right now. The generated coins are going to:

http://cryptocoinexplorer.com:3750/address/111exFkjLXP5mXmEfVqGd2r7bXQhVhux3

[celkaris]

Some is time-travel exploiting the new difficulty calculation right now. The generated coins are going to:

http://cryptocoinexplorer.com:3750/address/111exFkjLXP5mXmEfVqGd2r7bXQhVhux3

i guess he can do that because there are not enough miners on TRC, looking atblocks, i see he is able to mine multiple consecutive blocks at a diff between 2k and 14k

If he was unable to mine multiple consecutive blocks, i'm pretty sure the averaging thing would more or less ignore those

[Syke]

Watch the time stamps. He's generating the blocks ahead of time and then dropping them all on the network at once.

[celkaris]

Watch the time stamps. He's generating the blocks ahead of time and then dropping them all on the network at once.

yes, saw that.

If there was enough miners ... he should not be able to mine so many consecutive blocks, that's what i was saying.

If people want to protect their coins ... mining is the only option
(supposing he's not the guy behind your favorite pool of course :p )