Bitcoin Forum
December 10, 2016, 03:11:34 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
Author Topic: Bitcoin7 a new exchange  (Read 19639 times)
Bitcoin7.com
Newbie
*
Offline Offline

Activity: 29



View Profile WWW
June 15, 2011, 03:28:59 PM
 #21

Sukrim,

We keep all data actually in different formats to ensure security + redundancy.

How data is kept and how it is displayed is a different thing. I agree with you that seeing such thing doesn't make any sense.
We will format the numbers better. For BTC we will use max 8 decimals to show and we will keep even more exact decimals on our records.

The 2 decimal places you talk about are probably in the tables with the current offers for Buy/Sell ? We think that 2 places for the fiat currency is more than enough. If we receive more feedback on that case changes are possible too.


@ EU bank transfer:
Bulgarian banks are indeed overcharging for SEPA transfers. We are now working out banking solutions in other EU countries to ensure the lowest fee for the end user.

http://www.Bitcoin7.com (http://www.Bitcoin7.com)  - Trade Bitcoins online! Buy/Sell BTC for USD, EUR, PLN, SAR, BGN - lowest commission on the Internet!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Bitcoin7.com
Newbie
*
Offline Offline

Activity: 29



View Profile WWW
June 15, 2011, 03:37:05 PM
 #22

Tolsi,

We are experiencing some problems with the LR integration at the moment.
Funds are not lost, but a bit delayed.
I am sure they should be in your account by the time you will be reading this.

We hope next LR transactions will occur much faster.

http://www.Bitcoin7.com (http://www.Bitcoin7.com)  - Trade Bitcoins online! Buy/Sell BTC for USD, EUR, PLN, SAR, BGN - lowest commission on the Internet!
Tolsi
Full Member
***
Offline Offline

Activity: 178



View Profile WWW
June 15, 2011, 03:42:00 PM
 #23

Tolsi,

We are experiencing some problems with the LR integration at the moment.
Funds are not lost, but a bit delayed.
I am sure they should be in your account by the time you will be reading this.

We hope next LR transactions will occur much faster.
The money came, sorry, a little scared Wink Good luck in your business

Like what am I doing? 1FzSgYpLG4fpy2Q9fKXQsuLxHN81m4P3dR
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
June 15, 2011, 03:45:46 PM
 #24

we will keep even more exact decimals on our records
You do not understand the difference between float and decimal do you ?

Bitcoin7.com
Newbie
*
Offline Offline

Activity: 29



View Profile WWW
June 15, 2011, 04:06:16 PM
 #25

Davout, I think we understand it pretty good, but I will gladly hear what you mean over PM. Also if your feedback is valuable I can assure you it will
come live on the site within hours. I don't want to spam the topic about our new exchange with such information.

Just FYI, we keep the records according to the IEEE 754 decimal32 format - I am sure you are familiar with it if you are asking us about it Smiley

http://www.Bitcoin7.com (http://www.Bitcoin7.com)  - Trade Bitcoins online! Buy/Sell BTC for USD, EUR, PLN, SAR, BGN - lowest commission on the Internet!
wizzard0
Jr. Member
*
Offline Offline

Activity: 54



View Profile WWW
June 15, 2011, 04:12:45 PM
 #26

Davout, I think we understand it pretty good, but I will gladly hear what you mean over PM. Also if your feedback is valuable I can assure you it will
come live on the site within hours. I don't want to spam the topic about our new exchange with such information.

Just FYI, we keep the records according to the IEEE 754 decimal32 format - I am sure you are familiar with it if you are asking us about it Smiley

IEEE 754 decimal32 is a single-precision floating-point number occupying 32 bits. Tell me I am wrong. Because if I'm not - this is horrible.

Do you know that adding 0.00000001 BTC to 1 BTC will result in 1 BTC, and adding 0.00000021 will result in 1.00000024 BTC with this precision?
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
June 15, 2011, 04:29:39 PM
 #27

Just FYI, we keep the records according to the IEEE 754 decimal32 format - I am sure you are familiar with it if you are asking us about it Smiley
So that's what I thought, you don't have the slightest clue about how to properly handle currency amounts in professionnal applications.
Go check the source-code of bitcoin-central.net, that's how the real pros do it baby Wink

Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
June 15, 2011, 04:58:25 PM
 #28

I would strongly advise you as #1 priority to take 2 developers to independently go through the whole backend code and remove ANY floating point number that occurs there. It's nice and fine if you want to have more than 8 decimal places, but for the love of god or whatever you believe in, don't ever use floats in financial software again!

Sorry to be so harsh, but this is something nearly every programmer should learn in their first semester.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
FooDSt4mP
Full Member
***
Offline Offline

Activity: 182


View Profile
June 15, 2011, 05:21:46 PM
 #29

I would strongly advise you as #1 priority to take 2 developers to independently go through the whole backend code and remove ANY floating point number that occurs there. It's nice and fine if you want to have more than 8 decimal places, but for the love of god or whatever you believe in, don't ever use floats in financial software again!

Sorry to be so harsh, but this is something nearly every programmer should learn in their first semester.

+1

You will definitely not be seeing any of my funds until this is fixed.

As we slide down the banister of life, this is just another splinter in our ass.
Bitcoin7.com
Newbie
*
Offline Offline

Activity: 29



View Profile WWW
June 15, 2011, 06:06:46 PM
 #30

Bitcoin7 keep the records with extreme accuracy, there is really nothing to be fixed.
We are now working on something we can show the forum, hoping to close this discussion and continue to further
improvements of the site or trade options.

http://www.Bitcoin7.com (http://www.Bitcoin7.com)  - Trade Bitcoins online! Buy/Sell BTC for USD, EUR, PLN, SAR, BGN - lowest commission on the Internet!
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
June 15, 2011, 07:09:56 PM
 #31

Bitcoin7 keep the records with extreme accuracy, there is really nothing to be fixed.
you are an amateur.

We are now working on something we can show the forum,
some professionalism maybe ?

sturle
Legendary
*
Offline Offline

Activity: 1418

http://bitmynt.no


View Profile WWW
June 15, 2011, 10:47:25 PM
 #32

Bitcoin7 keep the records with extreme accuracy, there is really nothing to be fixed.
Isn't it incredible how much a simple sentence can reveal?

It is impossible to represent integers accurately in floating point, no matter what precision one use.  Any mediocre programmer will know that.  And if one doesn't know that Bitcoins are integers, one should probably not operate an exchange in the first place.  This simple sentence tells us that the exchange is written by an incompetent programmer who hasn't got much clue about Bitcoin either.

Even if it looks like it works on first sight, it is probably insecure.  I wouldn't trust it with a bitcent, or 0.009999999776482582092285156250 BTC at Bitcoin7, probably rounded in the user interface.  Would I be able to withdraw the bitcent again, or would I have insufficient funds?  I'll let someone else find out, and have fun profiting from rounding errors.

Sjå http://bitmynt.no for veksling av bitcoin mot norske kroner.  Trygt, billig, raskt og enkelt sidan 2010.
I buy with EUR and other currencies at a fair market price when you want to sell.  See http://bitmynt.no/eurprice.pl
I support the roadmap.  If a majority of miners ever try to forcefully take control of Bitcoin through a hard fork without 100% consensus, I will immediately split out and dump all my forkcoins, and buy more real Bitcoin.
shakaru
Sr. Member
****
Offline Offline

Activity: 364


View Profile WWW
June 16, 2011, 12:44:03 AM
 #33

You cant even send bitcoins. This thing either is a giant theft opt or a money laundering ring out of Sophia. My money on the later

Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
June 16, 2011, 12:46:51 AM
 #34

You cant even send bitcoins. This thing either is a giant theft opt or a money laundering ring out of Sophia. My money on the later
I haven't yet tried sending any (I just transferred some USD from MtGox to buy the cheap 18 USD Bitcoins, that were unfortunately gone until my USD got credited) - but generally you should just mouse over the bitcoin amount in the top right corner and click "Add Bitcoins"... does this not work?!

Edit:
"You have successfully withdrawn x.xxxxxxxx42 BTC to your Bitcoin wallet"
I wonder if the .42 Satoshis show up!  Roll Eyes

So far every trade went fine though and once (if...) the floats are fixed, I might even use the exchange. Sofia is a nice city anyways and I won't have to go to a bank/exchange to get BGN this way.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
cuddlefish
Full Member
***
Offline Offline

Activity: 126



View Profile
June 16, 2011, 06:06:36 AM
 #35

Bitcoin7.com...
you have a GIANT CSRF vulnerability on the Withdrawals page.

Fix it.

Bitcoin7.com
Newbie
*
Offline Offline

Activity: 29



View Profile WWW
June 16, 2011, 06:57:46 AM
 #36

@ Cuddlefish, I PMed you for more details.

http://www.Bitcoin7.com (http://www.Bitcoin7.com)  - Trade Bitcoins online! Buy/Sell BTC for USD, EUR, PLN, SAR, BGN - lowest commission on the Internet!
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
June 16, 2011, 07:53:48 AM
 #37

@ Cuddlefish, I PMed you for more details.
That's ridiculous, the CSRF exploit is trivial, someone logged into your site, visiting a malicious site can have all his funds withdrawn at a whim.

something along the lines of this :

Code:
<form id="maliciousForm" method="post" action="theWithdrawPage">
  <input name="amount" value="42" />
  <!-- other fields in your form -->
</form>

<script type="text/javascript">
  $('maliciousForm').submit();
</script>

And that's only the first thing that has been spotted.

Advice : shut down your site, get some professionnals, open it back up when it's finished and secure.

cuddlefish
Full Member
***
Offline Offline

Activity: 126



View Profile
June 16, 2011, 08:08:02 AM
 #38

In the interests of getting to to SHUT DOWN EVERYTHING... you need to.

http://pastehtml.com/!!!!view/axb1k7j2w.html

remove the !!!! if you really want to attack yourself.
Ta-da. Your coins are now in instawallet.org/w/foo.

Security is no joke.

Bitcoin7.com
Newbie
*
Offline Offline

Activity: 29



View Profile WWW
June 16, 2011, 08:22:57 AM
 #39

Security is no joke indeed, thanks for reporting.
The glitch has been fixed. We review any single transaction manually at the moment anyway.
Our commitment is to ensure maximum stability, even if we have to restore damage.

http://www.Bitcoin7.com (http://www.Bitcoin7.com)  - Trade Bitcoins online! Buy/Sell BTC for USD, EUR, PLN, SAR, BGN - lowest commission on the Internet!
cuddlefish
Full Member
***
Offline Offline

Activity: 126



View Profile
June 16, 2011, 08:48:28 AM
 #40

http://pastehtml.com/!!!!view/axb1k7j2w.html

sells 1 coin at $0.5.

At this point, I'd have to say, kill your webserver until you can get a professional auditor in. This site shouldn't be handling money.

Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!