Bitcoin Forum
August 21, 2018, 10:15:23 AM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Zerocoin implementation bug  (Read 1778 times)
John Titor
Full Member
***
Offline Offline

Activity: 128
Merit: 100


View Profile
February 20, 2017, 04:40:26 PM
 #21

https://news.ycombinator.com/item?id=13673214 I came across this post on Hacker News.  ZCash Devs basically claiming that Poramin Ipsom basically just copy/pasted code from the original bitcoin code, and that lazy code work allowed for a double spend.  If true, it's kind of surprising that this kind of bug wasn't caught sooner; along with Poramin being the only dev for ZCoin, and the drama with co-founder Gary Lee, I'd say it might be time to jump ship.

I bought in around 30-70k sats range, and I am very thankful that the price hasn't tanked yet and I was able to liquidate 80% of what I purchased, and get out with a solid profit.  Provided that no new information comes in from Poramin giving a reasonable explanation/defense for this, I'd have to recommend others do the same.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534846523
Hero Member
*
Offline Offline

Posts: 1534846523

View Profile Personal Message (Offline)

Ignore
1534846523
Reply with quote  #2

1534846523
Report to moderator
jeremy grol
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
February 20, 2017, 06:10:55 PM
 #22

Poramin and gary: both scammers.

simonbtc
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
February 20, 2017, 11:16:18 PM
 #23

There's also an equality vs assignment bug which impacts how the wallet tracks (or doesn't correctly track?) serial numbers of spent private coins:

https://makebitcoingreatagain.wordpress.com/2017/02/18/is-the-zcoin-bug-in-checktransaction/#update4
almightyruler
Legendary
*
Offline Offline

Activity: 1680
Merit: 1000


View Profile
February 21, 2017, 12:38:07 AM
 #24

There's also an equality vs assignment bug which impacts how the wallet tracks (or doesn't correctly track?) serial numbers of spent private coins:

https://makebitcoingreatagain.wordpress.com/2017/02/18/is-the-zcoin-bug-in-checktransaction/#update4


zccoinSpend.denomination == libzerocoin::ZQ_LOVELACE;

Ouch. Another bit of dead code that would have been completely ignored by the compiler. I wonder if it emits a warning that the code doesn't actually do anything?
JosNekoKopa
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
February 21, 2017, 12:00:28 PM
 #25

All this has been for expecting, and who know how all this is going to be ended. I don't understand only how Bittrex did not found those code mistakes, they also can be endangered this way. I thought, they checks code before adding it.
Mallyx
Hero Member
*****
Online Online

Activity: 700
Merit: 503


View Profile
February 21, 2017, 02:16:11 PM
 #26

All this has been for expecting, and who know how all this is going to be ended. I don't understand only how Bittrex did not found those code mistakes, they also can be endangered this way. I thought, they checks code before adding it.

They are checking codes only to find malicious, it's not a full review.

JosNekoKopa
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
February 25, 2017, 07:49:01 PM
 #27

They are checking codes only to find malicious, it's not a full review.
What is worse of this, i mean someone created coins from the nothing, and dumped at Bittrex users. In case of malicious code he won't damage only users, he could still and from house, and what we got? House who doesn't care about its users.
almightyruler
Legendary
*
Offline Offline

Activity: 1680
Merit: 1000


View Profile
February 26, 2017, 02:50:36 AM
 #28

They are checking codes only to find malicious, it's not a full review.
What is worse of this, i mean someone created coins from the nothing, and dumped at Bittrex users. In case of malicious code he won't damage only users, he could still and from house, and what we got? House who doesn't care about its users.

Manual code review is labour intensive, and prone to errors. The more the source code deviates from a known reference, the more work it is to review. A cloned shitcoin may only have a small number of changes, but it looks like zcoin has quite a bit of unique code.

There are some programs that can analyze code and help point to potential problems, like undefined behaviour, but they won't catch silly mistakes like using the wrong constant.
JosNekoKopa
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
February 26, 2017, 09:55:43 AM
 #29

#almightyruler
You are right this is very hard work and mistakes can happen, but for coins that actually promoting
 something abstract like zero knowledge or anonymous transactions code must be perfect.
Hueristic
Legendary
*
Offline Offline

Activity: 1722
Merit: 1050


Doomed to see the future and unable to prevent it


View Profile
February 27, 2017, 05:24:48 PM
 #30

It's an inherent bug intentionally put there then exploited to dump on those stupid enough to buy in. Just a scam like all the rest. Really no-one has seen this pattern from this dev? In that case you all deserve to lose from sheer idiocy.

BITSLER                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
playingpoodles
Member
**
Offline Offline

Activity: 108
Merit: 10


View Profile
April 03, 2017, 03:18:48 PM
 #31

Very likely an inside job.

Which is more likely:

(a) a random outsider on the internet targets obscure cryptocurrency worth less than $10 million instead of much more valuable currencies, pores over their code, finds and exploits a bug that escaped developers, and developers do not notice the mismatch between mint and spend until over 20% of total supply has been maliciously created?

(b) developers (or some of them) of Zcoin notice a bug or deliberately create one in the first instance, when Zcoin doesn't take off quickly enough to make them millionaires off of their 20% shared founders reward, they exploit the bug. After they maliciously create over 20% of total supply they decide that is sufficient to help their present financial needs and any more will spook the market. Then they stage-manage a bug announcement stressing that as almost all the 370,000 maliciously created coins are already sold on the market and won't be dumped the market shouldn't worry?

See my Reddit post for more detail https://www.reddit.com/r/CryptoCurrency/comments/6379u9/zcoin_bug_a_deliberate_inside_job/
CorePrime95
Full Member
***
Offline Offline

Activity: 187
Merit: 101


View Profile
April 03, 2017, 06:06:31 PM
 #32

Zoin also had this bug (as it is a Zerocoin fork) but is now fixed: https://bitcointalk.org/index.php?topic=1671060.0
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!