|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
JosNekoKopa
|
|
February 18, 2017, 12:03:38 PM |
|
What is strange here? This Is probably inside job, small bug to be discovered by some stranger and exploited in this way, this is only dream of every hackers, and those who created this code didn't notice this at debug ..? I really want to be believe.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 18, 2017, 01:18:51 PM |
|
What is strange here? This Is probably inside job, small bug to be discovered by some stranger and exploited in this way, this is only dream of every hackers, and those who created this code didn't notice this at debug ..? I really want to be believe.
Maybe warnings were off during the compilation and that case didn't appear in "probable bugs" section?
|
|
|
|
jeremy grol
|
|
February 18, 2017, 01:20:23 PM |
|
it was an inside jobs. wake up.
|
|
|
|
hcbfs
Newbie
Offline
Activity: 39
Merit: 0
|
|
February 18, 2017, 01:29:30 PM |
|
I agree with you. this event involves a question of trust, at least, i can't believe it again
|
|
|
|
Febo
Legendary
Offline
Activity: 2730
Merit: 1288
|
|
February 18, 2017, 01:33:47 PM |
|
I agree with you. this event involves a question of trust, at least, i can't believe it again Trust the math and no one else. It is so simple. There are and will be new experiments. It is totally normal and only way to progress. But there need to be some basic minimum requirements.
|
|
|
|
pereira4
Legendary
Offline
Activity: 1610
Merit: 1183
|
|
February 18, 2017, 05:00:30 PM |
|
What is strange here? This Is probably inside job, small bug to be discovered by some stranger and exploited in this way, this is only dream of every hackers, and those who created this code didn't notice this at debug ..? I really want to be believe.
The real big mindfuck is the following one: Since this coin depends on you haven trusted that the developers destroyed the masterkey files (which would give access to the total supply in a total impossible to prove way) some dev could have the key and could access the supply, fuck shit up, then claim its a bug... nobody would know. The whole concept of this coin seemed so stupid to me since the beginning.
|
|
|
|
simonbtc
Newbie
Offline
Activity: 16
Merit: 0
|
|
February 18, 2017, 07:05:35 PM Last edit: February 18, 2017, 07:39:16 PM by simonbtc |
|
Link: https://makebitcoingreatagain.wordpress.com/2017/02/18/is-the-zcoin-bug-in-checktransaction/Summary: The fix posted (so far) to Github is insufficient - does not stop the attacker from continuing to create fake Zcoin Spend transactions - prevents regular users who are holding private funds from moving them to a public address - does not explain fix the issue of fraudulent Zcoin Spend transactions passing validation checks
|
|
|
|
JosNekoKopa
|
|
February 19, 2017, 02:32:17 PM |
|
Best solution for this, is that this teach, if really working and this code can be fixed, is to be reused in another project. This coin is finished. This team is not to be trusted anymore. Bagholders will try to recover but only to find good exit point. Sad but true!
|
|
|
|
Loganota
|
|
February 19, 2017, 04:11:22 PM |
|
This is something that ends up killing the coin, we saw the same happen with DAO and now with Zerocoin. This is what differentiates a good project from a bad one, I feel sorry for those who invested and end up losing money on this one.
|
|
|
|
PovertyByte
|
|
February 19, 2017, 04:28:47 PM |
|
This is something that ends up killing the coin, we saw the same happen with DAO and now with Zerocoin. This is what differentiates a good project from a bad one, I feel sorry for those who invested and end up losing money on this one.
The DAO had peoples coins actually stolen from them. This is completely different. For the timeframe that extra ZCoins were being dumped the price was actually going up and it only went down after this became known, and even at that it got fixed in a fair amount of time. Nobody who bough these extra coins are losing anything
|
|
|
|
Ayers
Legendary
Offline
Activity: 2618
Merit: 1023
Seabet.io | Crypto-Casino
|
|
February 19, 2017, 06:03:51 PM |
|
What is strange here? This Is probably inside job, small bug to be discovered by some stranger and exploited in this way, this is only dream of every hackers, and those who created this code didn't notice this at debug ..? I really want to be believe.
The real big mindfuck is the following one: Since this coin depends on you haven trusted that the developers destroyed the masterkey files (which would give access to the total supply in a total impossible to prove way) some dev could have the key and could access the supply, fuck shit up, then claim its a bug... nobody would know. The whole concept of this coin seemed so stupid to me since the beginning. how can this be possible? isn't zcoin like all the other coin completely and fully open source? if someone want can expect the code and check exploit/bug/whatever, on a side note, this bug explain why the price tanked by 25% in few days
|
|
|
|
vlom
Legendary
Offline
Activity: 1498
Merit: 1117
|
|
February 19, 2017, 06:10:16 PM |
|
so it is time to buy some ZEC. i have placed an other. they will solve the problem and the price will go up again.
|
|
|
|
PovertyByte
|
|
February 19, 2017, 06:41:48 PM |
|
so it is time to buy some ZEC. i have placed an other. they will solve the problem and the price will go up again.
You mean XZC because ZEC has no context to what you just said
|
|
|
|
SONG GEET
|
|
February 19, 2017, 06:43:14 PM |
|
it was an inside jobs. wake up.
Better to say one of the developer left a back door to exploit this bug later on and get away without being noticed.
|
|
|
|
PovertyByte
|
|
February 19, 2017, 07:55:31 PM |
|
it was an inside jobs. wake up.
Better to say one of the developer left a back door to exploit this bug later on and get away without being noticed. This has a 20% dev fee for the first 4 years like ZEC. It's in the devs best interest to keep the coin valuable rather than run an exploit like this early on and dump the coins long before the tokens ever hit their potential in value. Now the dev fee is going to be burned away for awhile until the double spent coins are leveled. Does not look like an inside job
|
|
|
|
pereira4
Legendary
Offline
Activity: 1610
Merit: 1183
|
|
February 20, 2017, 01:04:37 AM |
|
You could say that the same happened in bitcoin in the early days (that one bug that needed a hard fork to get rid of generated coins). The difference is, it was the early days of bitcoin, and nobody gave a fuck since it was worthless back then.
Mistakes like this in 2017 could be fatal for a crypto. Another strong point of bitcoin is this will not happen again, and new technologies are at risk of such a thing occurring, the difference is, nowadays it would be a disaster.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
February 20, 2017, 03:09:41 PM |
|
Some of the code in recent zcoin commits looks to be wandering into undefined behaviour territory... https://github.com/zcoinofficial/zcoin/commit/ca0bb3cabe300c204749731e3a7c3e7fa1f24c71- if (pubcoinId < 1 && pubcoinId == INT_MAX) { // IT BEGINS WITH 1 + if (pubcoinId < 1 || pubcoinId >= INT_MAX) { // IT BEGINS WITH 1pubcoinId is an int, so it's impossible for it to contain a number greater than INT_MAX. If you add 1 to INT_MAX, you overflow. One of those things that will probably "work fine" in practice (I guess the compiler would internally change >= INT_MAX to == INT_MAX) but it's still a coding error. The original code looks quite odd too. How could a signed int contain INT_MAX and also be less than 1? Any modern compiler would probably consider this dead code - the condition can never be satisfied - and ignore the whole code block.
|
|
|
|
pereira4
Legendary
Offline
Activity: 1610
Merit: 1183
|
|
February 20, 2017, 03:32:54 PM |
|
Zerocoin is just a collapsing coin at least price wise. Look at the damn all time history. We have a coin with a price on constant downtrend, while ironically the marketcap goes up.
The conclusion is clear: The coin distribution is a mess. The more the marketcap grows, the more the price goes down.
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3808
Merit: 4898
Doomed to see the future and unable to prevent it
|
|
February 20, 2017, 04:18:54 PM |
|
This is something that ends up killing the coin, we saw the same happen with DAO and now with Zerocoin. This is what differentiates a good project from a bad one, I feel sorry for those who invested and end up losing money on this one.
I don't they are idiots, I and others have been warning all along that the cornerstone of crypto is a trustless setup. PERIOD, there is no way around it. So you fools that didn't listen pay the price as your the same ones that do it again and again and keep these thieves going. Stop supporting poor tech and scam ICO just so you can make a quick buck and this massive fleecing will taper off.
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
John Titor
|
|
February 20, 2017, 04:40:26 PM |
|
https://news.ycombinator.com/item?id=13673214 I came across this post on Hacker News. ZCash Devs basically claiming that Poramin Ipsom basically just copy/pasted code from the original bitcoin code, and that lazy code work allowed for a double spend. If true, it's kind of surprising that this kind of bug wasn't caught sooner; along with Poramin being the only dev for ZCoin, and the drama with co-founder Gary Lee, I'd say it might be time to jump ship. I bought in around 30-70k sats range, and I am very thankful that the price hasn't tanked yet and I was able to liquidate 80% of what I purchased, and get out with a solid profit. Provided that no new information comes in from Poramin giving a reasonable explanation/defense for this, I'd have to recommend others do the same.
|
|
|
|
jeremy grol
|
|
February 20, 2017, 06:10:55 PM |
|
Poramin and gary: both scammers.
|
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
February 21, 2017, 12:38:07 AM |
|
zccoinSpend.denomination == libzerocoin::ZQ_LOVELACE;Ouch. Another bit of dead code that would have been completely ignored by the compiler. I wonder if it emits a warning that the code doesn't actually do anything?
|
|
|
|
JosNekoKopa
|
|
February 21, 2017, 12:00:28 PM |
|
All this has been for expecting, and who know how all this is going to be ended. I don't understand only how Bittrex did not found those code mistakes, they also can be endangered this way. I thought, they checks code before adding it.
|
|
|
|
Mallyx
|
|
February 21, 2017, 02:16:11 PM |
|
All this has been for expecting, and who know how all this is going to be ended. I don't understand only how Bittrex did not found those code mistakes, they also can be endangered this way. I thought, they checks code before adding it.
They are checking codes only to find malicious, it's not a full review.
|
|
|
|
JosNekoKopa
|
|
February 25, 2017, 07:49:01 PM |
|
They are checking codes only to find malicious, it's not a full review.
What is worse of this, i mean someone created coins from the nothing, and dumped at Bittrex users. In case of malicious code he won't damage only users, he could still and from house, and what we got? House who doesn't care about its users.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
February 26, 2017, 02:50:36 AM |
|
They are checking codes only to find malicious, it's not a full review.
What is worse of this, i mean someone created coins from the nothing, and dumped at Bittrex users. In case of malicious code he won't damage only users, he could still and from house, and what we got? House who doesn't care about its users. Manual code review is labour intensive, and prone to errors. The more the source code deviates from a known reference, the more work it is to review. A cloned shitcoin may only have a small number of changes, but it looks like zcoin has quite a bit of unique code. There are some programs that can analyze code and help point to potential problems, like undefined behaviour, but they won't catch silly mistakes like using the wrong constant.
|
|
|
|
JosNekoKopa
|
|
February 26, 2017, 09:55:43 AM |
|
#almightyruler You are right this is very hard work and mistakes can happen, but for coins that actually promoting something abstract like zero knowledge or anonymous transactions code must be perfect.
|
|
|
|
Hueristic
Legendary
Offline
Activity: 3808
Merit: 4898
Doomed to see the future and unable to prevent it
|
|
February 27, 2017, 05:24:48 PM |
|
It's an inherent bug intentionally put there then exploited to dump on those stupid enough to buy in. Just a scam like all the rest. Really no-one has seen this pattern from this dev? In that case you all deserve to lose from sheer idiocy.
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
playingpoodles
Member
Offline
Activity: 107
Merit: 10
|
|
April 03, 2017, 03:18:48 PM |
|
Very likely an inside job. Which is more likely: (a) a random outsider on the internet targets obscure cryptocurrency worth less than $10 million instead of much more valuable currencies, pores over their code, finds and exploits a bug that escaped developers, and developers do not notice the mismatch between mint and spend until over 20% of total supply has been maliciously created? (b) developers (or some of them) of Zcoin notice a bug or deliberately create one in the first instance, when Zcoin doesn't take off quickly enough to make them millionaires off of their 20% shared founders reward, they exploit the bug. After they maliciously create over 20% of total supply they decide that is sufficient to help their present financial needs and any more will spook the market. Then they stage-manage a bug announcement stressing that as almost all the 370,000 maliciously created coins are already sold on the market and won't be dumped the market shouldn't worry? See my Reddit post for more detail https://www.reddit.com/r/CryptoCurrency/comments/6379u9/zcoin_bug_a_deliberate_inside_job/
|
|
|
|
|
|