Bitcoin Forum
November 11, 2024, 12:56:43 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Possible vulnerability in the PoW core (can offer BTC)  (Read 955 times)
v.coinz (OP)
Hero Member
*****
Offline Offline

Activity: 882
Merit: 515


View Profile
February 16, 2017, 09:59:03 PM
Last edit: February 18, 2017, 07:13:42 PM by v.coinz
 #1

It seems someone had found vulnerability in PoW code that cause hacker to generate PoS coins at will & amount they choose.
Is their any expert who can provide any suggestion?

Source code: https://github.com/vcoin-z/virtualcoin
POS Block: http://theminingpool.thruhere.net:9010/address/VPjBWFVzxECPv1vSAdA5hRAQM6LcE7mtem

Someone able to exploit code to allow PoS coins on PoW code.

Debug.log:

2017-02-17 19:25:50 AcceptToMemoryPool: 108.61.221.227:55360 /Vcoin2017:0.14.0.2/ : accepted cb7b91e6805e42917ce4ade159f775a3eafddeaf0c1ca3fb400430eaf79fd567 (poolsz 1)

Thanks
cr1776
Legendary
*
Offline Offline

Activity: 4214
Merit: 1313


View Profile
February 16, 2017, 10:05:59 PM
 #2

It seems someone had found vulnerability in PoW code that cause hacker to generate PoS coins at will & amount they choose.
Is their any expert who can provide any suggestion?

Thanks

This sounds like it is about an alt-coin, not bitcoin.

So one suggestion is to perhaps move it to the alt section from the bitcoin tech and dev section.

As far as other suggestions, without more detail you won't get much.
v.coinz (OP)
Hero Member
*****
Offline Offline

Activity: 882
Merit: 515


View Profile
February 16, 2017, 10:20:23 PM
 #3

It seems someone had found vulnerability in PoW code that cause hacker to generate PoS coins at will & amount they choose.
Is their any expert who can provide any suggestion?

Thanks

This sounds like it is about an alt-coin, not bitcoin.

So one suggestion is to perhaps move it to the alt section from the bitcoin tech and dev section.

As far as other suggestions, without more detail you won't get much.

Source code: https://github.com/vcoin-z/virtualcoin
http://theminingpool.thruhere.net:9010/address/VPjBWFVzxECPv1vSAdA5hRAQM6LcE7mtem

Someone able to exploit code to allow PoS coins on PoW code.
v.coinz (OP)
Hero Member
*****
Offline Offline

Activity: 882
Merit: 515


View Profile
February 18, 2017, 05:21:25 AM
 #4

Any help with this.
housebtc
Sr. Member
****
Offline Offline

Activity: 588
Merit: 252



View Profile
February 18, 2017, 06:14:21 AM
 #5

It seems someone had found vulnerability in PoW code that cause hacker to generate PoS coins at will & amount they choose.
Is their any expert who can provide any suggestion?

Thanks

You need to post the source of your information, I think this will be issues with Altcoins with low hashing power. I doubt coins like BTC, Ethereum, Zcash, Monero, Dash etc are going to be affected
ICOcountdown.com
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 500


View Profile WWW
February 18, 2017, 06:28:39 AM
 #6

Depends what POS algo it uses and what variant, the first basis was Sunnykings design.

kiklo
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
February 18, 2017, 07:50:04 AM
 #7

Here is the stuff from their forum:





Thanks for bringing up to our attention.
Just had a quick look at the code, I don't see why it got generated.

Let me spend some time digging through this. This is a PoW Coin.

I also looked into the logs.

Block was generated by
108.61.221.227
poolsz 1

As far as I know their is no code for PoS. It's PoW coin.

If this is anyone's IP, can you please post debug log around the hash 0a5991108945d8b20def08a75e6326867f2fe7b226feb18b4974cf094fce610a

Thanks
v.coinz (OP)
Hero Member
*****
Offline Offline

Activity: 882
Merit: 515


View Profile
February 18, 2017, 07:14:11 PM
 #8

It seems someone had found vulnerability in PoW code that cause hacker to generate PoS coins at will & amount they choose.
Is their any expert who can provide any suggestion?

Source code: https://github.com/vcoin-z/virtualcoin
POS Block: http://theminingpool.thruhere.net:9010/address/VPjBWFVzxECPv1vSAdA5hRAQM6LcE7mtem

Someone able to exploit code to allow PoS coins on PoW code.

Debug.log:

2017-02-17 19:25:50 AcceptToMemoryPool: 108.61.221.227:55360 /Vcoin2017:0.14.0.2/ : accepted cb7b91e6805e42917ce4ade159f775a3eafddeaf0c1ca3fb400430eaf79fd567 (poolsz 1)

Thanks
v.coinz (OP)
Hero Member
*****
Offline Offline

Activity: 882
Merit: 515


View Profile
February 18, 2017, 07:19:47 PM
 #9

Hacker's Address:
http://theminingpool.thruhere.net:9010/address/VLgnpZGamZTxqZJLYU5zpcMJD4hHAhr64P

pereira4
Legendary
*
Offline Offline

Activity: 1610
Merit: 1183


View Profile
February 18, 2017, 07:52:30 PM
 #10

You should make a bounty with a good BTC offer in the services subforum and im sure that in no time you will have someone wanting to help you. Stuff like this is complicated and takes time to find bugs, debugging is a job so I doubt people will do it for free. So start an offer and you will get someone to fix it.
cryptospreader_temp
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile WWW
February 19, 2017, 07:12:07 AM
Last edit: February 19, 2017, 07:36:14 AM by cryptospreader_temp
 #11

I think the bug is related to picking up wallet address while sending coins to another address. Try sending some coins to external address from your wallet without fee. And check it with block explorer. If it says POS, then the error lies there. May be a display bug. I don't think any hack, but never say.

The error must be revolving around AddToWallet() function that initiates the send function.

Where can I get the source code for the latest version?
elbandi
Hero Member
*****
Offline Offline

Activity: 525
Merit: 531


View Profile
February 22, 2017, 12:52:00 AM
 #12

It seems someone had found vulnerability in PoW code that cause hacker to generate PoS coins at will & amount they choose.
Is their any expert who can provide any suggestion?

Source code: https://github.com/vcoin-z/virtualcoin
POS Block: http://theminingpool.thruhere.net:9010/address/VPjBWFVzxECPv1vSAdA5hRAQM6LcE7mtem

Someone able to exploit code to allow PoS coins on PoW code.

Debug.log:

2017-02-17 19:25:50 AcceptToMemoryPool: 108.61.221.227:55360 /Vcoin2017:0.14.0.2/ : accepted cb7b91e6805e42917ce4ade159f775a3eafddeaf0c1ca3fb400430eaf79fd567 (poolsz 1)

Thanks
block explorer is buggy:
that transaction looks good: http://theminingpool.thruhere.net:9010/api/getrawtransaction?txid=bdfb35ebf720c56aee26e7d5b082f517753876f826e2a7dfff226036396a5e92&decrypt=1

Elbandi
v.coinz (OP)
Hero Member
*****
Offline Offline

Activity: 882
Merit: 515


View Profile
February 24, 2017, 04:29:46 AM
 #13

Thanks,
here is another one.

http://theminingpool.thruhere.net:9010/api/getblock?hash=000000000566ca804d201f0b62c5a23fb67cc4943faa8e618f733d192f94d482

TX ID: e93dfa64c04e4be0cf3acf45cbe6b926b29432823d07226573020a10e0357a0f

just hope users investing do not get cheated.
v.coinz (OP)
Hero Member
*****
Offline Offline

Activity: 882
Merit: 515


View Profile
February 24, 2017, 05:18:46 AM
 #14

It seems someone had found vulnerability in PoW code that cause hacker to generate PoS coins at will & amount they choose.
Is their any expert who can provide any suggestion?

Source code: https://github.com/vcoin-z/virtualcoin
POS Block: http://theminingpool.thruhere.net:9010/address/VPjBWFVzxECPv1vSAdA5hRAQM6LcE7mtem

Someone able to exploit code to allow PoS coins on PoW code.

Debug.log:

2017-02-17 19:25:50 AcceptToMemoryPool: 108.61.221.227:55360 /Vcoin2017:0.14.0.2/ : accepted cb7b91e6805e42917ce4ade159f775a3eafddeaf0c1ca3fb400430eaf79fd567 (poolsz 1)

Thanks
block explorer is buggy:
that transaction looks good: http://theminingpool.thruhere.net:9010/api/getrawtransaction?txid=bdfb35ebf720c56aee26e7d5b082f517753876f826e2a7dfff226036396a5e92&decrypt=1

Elbandi

How about it here....
http://theminingpool.thruhere.net:9010/api/getrawtransaction?txid=cb7b91e6805e42917ce4ade159f775a3eafddeaf0c1ca3fb400430eaf79fd567&decrypt=1


{
  "hex": "010000000a901ad0f0a501636b9a92a6a0e558048739d5762b63c405c83106a2b01401885d00000 0006c493046022100d15968fc1531627778f5185f35ae867dcbf0fb0fbfdb0443d5af5620056e11 b3022100819a784c4424fb102c04b7e8a852914444d16cdd0aefd7552bf10eaa1ef9c524012102c 625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259ffffffff395ca7f0 c9fb78412c3576beb4fceb9f67e0f5e8e21ecad4f260ed6b6a6d99fe000000006a473044022072a 89efe82bc2d4e83eafaa4de837a202a7f2f30e58e37749016033a116345f60220730437b6890c0b c102a8a63016bbbea03d653c54e8679f32f7028ca180d721a0012102c625c7cc9e372b11ab55f5f 4c3705007fd56c6fb21c2a001320be62deebfb259ffffffffc8803e9baba203390e34a363c5b958 f4c85970d4ef95357332a347d1bd524c65000000006a473044022019d560352a72a70276c09b3ed 9a6c67bd6f5c0373035a8e5e5d48896b45a969b02201627dc258d94192772a520df273beba06828 22a0e857d71ba873ba0b6366df9e012102c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a 001320be62deebfb259ffffffff4f0e138cb9e9b99d024e2d49bcc2effdd81a3ecbed174d43663d a2e8657e3daf000000006b48304502206750d50f76fdfd7247b4e57466fcd6bc9aa13092791d23c b3406f055ff15199d022100cce7bd81d8570c0db958e5f5c0901df7d9025fe7a8f49b3e815c1e30 9e9e2be7012102c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259f fffffff97f60c6fe89faa8fc4ce6bd46fabae25c6603894ba5ee63b3722539fb742b34400000000 6b483045022068656948c140c3d3c805326e0524f441bc4b2eee7d9b2b0d80aa0a4fb7ac3c36022 1009bb77c03cd0cbd3ab6fc05ca4aeeafa86c7b690a0edb63e453eb1d3cb8953f4b012102c625c7 cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259ffffffffc7f25249a1dfa b22bdbf7427117615868560b2b655806298ccb80555e676bf5e000000006a47304402205888a9bc a434ebbc1b67e1fc78bb3e6029eba3ae5b8123193bc69ea870132b0f02207b4c44a5e36cf92d902 83a37fc3581d1a9ff2aae64252c2a77af46604b388959012102c625c7cc9e372b11ab55f5f4c370 5007fd56c6fb21c2a001320be62deebfb259ffffffff08a195e78075900a6370224ae14bb87e387 03714bd2a430c0eccf34a5cdcdc52000000006a473044022049a360245b4649b1eae9b2baaccb3e 4586e18f54088450ac43e72b4b47eaee6c0220538619c90bd92e092adea82b7150d5b1b15eaa077 36437cb5923832bad7bd613012102c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a00132 0be62deebfb259ffffffff7f352078e0f08ddc59d351ab276a8b9be0f1b6bed601b085834c4cbc5 75efc85000000006b48304502203958dc20a5ba0a4e683d0bbac5c698d2de11e44dac5163a5c9aa a1ee05bb7937022100e4d8b7c65ec99a880a5e04e35ba708448920c79b15808b8b96cfe8e041a7a 75b012102c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259ffffff ffe3f4299bcb72070cdcffa680e21e3f45e38b5e8e8d0a688301bd90b09e26d5db000000006b483 045022014a0e143360f2532be185f0f8c39df6f4f75413c0b90c2789bb11180f2a3d2e0022100e2 e1787a6d0316c54cb1ccc77be9d6e0f915de29220446f8c51a3d32760dd02b012102c625c7cc9e3 72b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259ffffffffabec17d151866ccdbf a81e8a5d1664221ffdc1beae7cecfd417dd78dbcac148d000000006c493046022100cc25dd97b3f df7633d923e296bfe25749d93e7754e86158f448d849d3e249c3b022100bea057d37920ac3c86b0 6327519d93a5a5c976a603fa6468c4fda85d895fc6ad012102c625c7cc9e372b11ab55f5f4c3705 007fd56c6fb21c2a001320be62deebfb259ffffffff0100743ba40b0000001976a9146dfd22419e affc4726939d30e2e21da875ab4bc488ac00000000",
  "txid": "cb7b91e6805e42917ce4ade159f775a3eafddeaf0c1ca3fb400430eaf79fd567",
  "version": 1,
  "locktime": 0,
  "vin": [
    {
      "txid": "5d880114b0a20631c805c4632b76d539870458e5a0a6929a6b6301a5f0d01a90",
      "vout": 0,
      "scriptSig": {
        "asm": "3046022100d15968fc1531627778f5185f35ae867dcbf0fb0fbfdb0443d5af5620056e11b302210 0819a784c4424fb102c04b7e8a852914444d16cdd0aefd7552bf10eaa1ef9c52401 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "493046022100d15968fc1531627778f5185f35ae867dcbf0fb0fbfdb0443d5af5620056e11b3022 100819a784c4424fb102c04b7e8a852914444d16cdd0aefd7552bf10eaa1ef9c524012102c625c7 cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "fe996d6a6bed60f2d4ca1ee2e8f5e0679febfcb4be76352c4178fbc9f0a75c39",
      "vout": 0,
      "scriptSig": {
        "asm": "3044022072a89efe82bc2d4e83eafaa4de837a202a7f2f30e58e37749016033a116345f60220730 437b6890c0bc102a8a63016bbbea03d653c54e8679f32f7028ca180d721a001 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "473044022072a89efe82bc2d4e83eafaa4de837a202a7f2f30e58e37749016033a116345f602207 30437b6890c0bc102a8a63016bbbea03d653c54e8679f32f7028ca180d721a0012102c625c7cc9e 372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "654c52bdd147a332733595efd47059c8f458b9c563a3340e3903a2ab9b3e80c8",
      "vout": 0,
      "scriptSig": {
        "asm": "3044022019d560352a72a70276c09b3ed9a6c67bd6f5c0373035a8e5e5d48896b45a969b0220162 7dc258d94192772a520df273beba0682822a0e857d71ba873ba0b6366df9e01 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "473044022019d560352a72a70276c09b3ed9a6c67bd6f5c0373035a8e5e5d48896b45a969b02201 627dc258d94192772a520df273beba0682822a0e857d71ba873ba0b6366df9e012102c625c7cc9e 372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "af3d7e65e8a23d66434d17edcb3e1ad8fdefc2bc492d4e029db9e9b98c130e4f",
      "vout": 0,
      "scriptSig": {
        "asm": "304502206750d50f76fdfd7247b4e57466fcd6bc9aa13092791d23cb3406f055ff15199d022100c ce7bd81d8570c0db958e5f5c0901df7d9025fe7a8f49b3e815c1e309e9e2be701 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "48304502206750d50f76fdfd7247b4e57466fcd6bc9aa13092791d23cb3406f055ff15199d02210 0cce7bd81d8570c0db958e5f5c0901df7d9025fe7a8f49b3e815c1e309e9e2be7012102c625c7cc 9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "44b342b79f5322373be65eba943860c625aeab6fd46bcec48faa9fe86f0cf697",
      "vout": 0,
      "scriptSig": {
        "asm": "3045022068656948c140c3d3c805326e0524f441bc4b2eee7d9b2b0d80aa0a4fb7ac3c360221009 bb77c03cd0cbd3ab6fc05ca4aeeafa86c7b690a0edb63e453eb1d3cb8953f4b01 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "483045022068656948c140c3d3c805326e0524f441bc4b2eee7d9b2b0d80aa0a4fb7ac3c3602210 09bb77c03cd0cbd3ab6fc05ca4aeeafa86c7b690a0edb63e453eb1d3cb8953f4b012102c625c7cc 9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "5ebf76e65505b8cc98628055b6b26085861576112774bfbd22abdfa14952f2c7",
      "vout": 0,
      "scriptSig": {
        "asm": "304402205888a9bca434ebbc1b67e1fc78bb3e6029eba3ae5b8123193bc69ea870132b0f02207b4 c44a5e36cf92d90283a37fc3581d1a9ff2aae64252c2a77af46604b38895901 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "47304402205888a9bca434ebbc1b67e1fc78bb3e6029eba3ae5b8123193bc69ea870132b0f02207 b4c44a5e36cf92d90283a37fc3581d1a9ff2aae64252c2a77af46604b388959012102c625c7cc9e 372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "52dcdc5c4af3cc0e0c432abd143770387eb84be14a2270630a907580e795a108",
      "vout": 0,
      "scriptSig": {
        "asm": "3044022049a360245b4649b1eae9b2baaccb3e4586e18f54088450ac43e72b4b47eaee6c0220538 619c90bd92e092adea82b7150d5b1b15eaa07736437cb5923832bad7bd61301 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "473044022049a360245b4649b1eae9b2baaccb3e4586e18f54088450ac43e72b4b47eaee6c02205 38619c90bd92e092adea82b7150d5b1b15eaa07736437cb5923832bad7bd613012102c625c7cc9e 372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "85fc5e57bc4c4c8385b001d6beb6f1e09b8b6a27ab51d359dc8df0e07820357f",
      "vout": 0,
      "scriptSig": {
        "asm": "304502203958dc20a5ba0a4e683d0bbac5c698d2de11e44dac5163a5c9aaa1ee05bb7937022100e 4d8b7c65ec99a880a5e04e35ba708448920c79b15808b8b96cfe8e041a7a75b01 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "48304502203958dc20a5ba0a4e683d0bbac5c698d2de11e44dac5163a5c9aaa1ee05bb793702210 0e4d8b7c65ec99a880a5e04e35ba708448920c79b15808b8b96cfe8e041a7a75b012102c625c7cc 9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "dbd5269eb090bd0183680a8d8e5e8be3453f1ee280a6ffdc0c0772cb9b29f4e3",
      "vout": 0,
      "scriptSig": {
        "asm": "3045022014a0e143360f2532be185f0f8c39df6f4f75413c0b90c2789bb11180f2a3d2e0022100e 2e1787a6d0316c54cb1ccc77be9d6e0f915de29220446f8c51a3d32760dd02b01 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "483045022014a0e143360f2532be185f0f8c39df6f4f75413c0b90c2789bb11180f2a3d2e002210 0e2e1787a6d0316c54cb1ccc77be9d6e0f915de29220446f8c51a3d32760dd02b012102c625c7cc 9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    },
    {
      "txid": "8d14acbc8dd77d41fdec7caebec1fd1f2264165d8a1ea8bfcd6c8651d117ecab",
      "vout": 0,
      "scriptSig": {
        "asm": "3046022100cc25dd97b3fdf7633d923e296bfe25749d93e7754e86158f448d849d3e249c3b02210 0bea057d37920ac3c86b06327519d93a5a5c976a603fa6468c4fda85d895fc6ad01 02c625c7cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259",
        "hex": "493046022100cc25dd97b3fdf7633d923e296bfe25749d93e7754e86158f448d849d3e249c3b022 100bea057d37920ac3c86b06327519d93a5a5c976a603fa6468c4fda85d895fc6ad012102c625c7 cc9e372b11ab55f5f4c3705007fd56c6fb21c2a001320be62deebfb259"
      },
      "sequence": 4294967295
    }
  ],
  "vout": [
    {
      "value": 500,
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 6dfd22419eaffc4726939d30e2e21da875ab4bc4 OP_EQUALVERIFY OP_CHECKSIG",
        "hex": "76a9146dfd22419eaffc4726939d30e2e21da875ab4bc488ac",
        "reqSigs": 1,
        "type": "pubkeyhash",
        "addresses": [
          "VLgnpZGamZTxqZJLYU5zpcMJD4hHAhr64P"
        ]
      }
    }
  ],
  "blockhash": "000000000188be2b07e6cffaca4406ec35119770170b8e022834becac0576e60",
  "confirmations": 1708,
  "time": 1487359698,
  "blocktime": 1487359698
}




Also send a test coins using 0 TX fees, still do not see any POS, any hint from the Raw TX above?

Thanks
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!