Bitcoin Forum
April 18, 2014, 09:14:26 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7  All
  Print  
Author Topic: Namecoin was stillborn, I had to switch off life-support  (Read 22018 times)
libcoin
Newbie
*
Offline Offline

Activity: 22



View Profile WWW

Ignore
October 15, 2013, 10:44:53 AM
 #1

This is the postmortems and obituary over namecoin. In fact it never really existed, but by block: 139872 it became clear. However, if you haven' t noticed yet read on...

Edit 131016 : A nice fix is currently being tested, so it seems like namecoin will be back in business. Cudos to the "snailbrain" and "phelix" for cooking it together and acting fast. So current status is - don't buy a domain from someone, and don't trust any important key-value pair in namecoin  before the fix has been rolled out! - Will update once it is there, but could take days to deploy at miners.

Namecoin has always been my favorite alt-coin - it had a clear purpose, different from Bitcoin, offering a nice way to keep a de-central registry of key-value pairs. About a month ago I had a closer look at namecoin, to integrate it into libcoin on the Kraken exchange. Libcoin is a complete other story, it is a library supporting bitcoin as well as several of the alt coins, enabling easy construction of anything from light weight wallets to full server wallet solutions for exchanges and merchant sites. However, back to namecoin...

I have integrated several alt coins, and I know the machinery pretty well by now. The engine of any bitcoin based crypto currency is the ConnectBlock / ConnectInputs methods in main.cpp. They keep the rules of when to accept a block and when to reject a block, and it is there you make patches to enable anything from alternative hashing algorithms (litecoin) to merged mining (namecoin and others) as well as add new features and rules. Namecoin keep a reasonable separation through the definitions of hooks, implementing the actual rules in a separate file, namecoin.cpp.

So the real interesting stuff in namecoin is happening in namecoin.cpp in the ConnectInputs method. This one is called from ConnectInputs in main.cpp and hence have the ability to change and add rules.

All namecoin rules are kept hidden from the bitcoin script rule engine through OP_DROP opcodes, i.e. some special opcodes and data is entered, followed by a matching chain of OP_DROP commands, so the normal script rule engine will simply ignore anything namecoin'ish. The special op codes of namecoin are:
Code:
OP_NAME_NEW
OP_NAME_FIRSTUPDATE
OP_NAME_UPDATE
The reason for the
Code:
OP_NAME_NEW/OP_NAME_FIRSTUPDATE
setup is to avoid domain opportunists listening for new domain reservations and issuing competing reservations to later sell the domain back. So first you issue a:
Code:
OP_NAME_NEW << hash << OP_2DROP
Where the hash is composed of a random number and the domain, hashed. You are not allowed to issue a first-update, finally registering the domain, before after 12 blocks, ensuring no block reorganizations can enable a domain opportunists to steal your domain. In the name_new/name_firstupdate RPC calls this rule is nicely enforced, however, when you look in the ConnectInputs method you find rules enforcing a fee, rules enforcing the 12 blocks, but NO RULES ENFORCING THE HASH! [namecoin.cpp line 1874-1907] ]. So any name_new can be used as input for ANY name. This means that the domain reservation is not enforced at all leaving namecoin completely open for domain opportunists.

Clearly the patient is bleeding and in urgent need for help, but brace yourselves, this is not affecting already registered domains so it is fixable by a proper patch, and a recommendation to not reserve any new domains before the patch is in effect. Relieved that there was a cure I continued with the standard examination, to check if the rest was ok.

The key lines in namecoin.cpp are probably 1930 to 1949, this is the very core of namecoin. This is the enforcing of a name_update - a name update is the script:
Code:
OP_NAME_UPDATE << vchName << vchValue << OP_2DROP << OP_DROP
So, take an already registered name and update that with a new value. Now you would expect some code enforcing that only an input of that name can be update to another value - but NO! Again there is no enforcing of the core ruleset. So you can in fact update the value of any name in namecoin by any other input name. And after that you own it, or well, as much as you can actually own a name who anyone can update.

The final test was to try it out - (sorry) - I might had overlooked something, so, I changed the name_update algorithm to enable such takeovers, and did a:
Code:
./namecoind name_fakeupdate d/postmortem d/bitcoin "Namecoin died October the 15th 2013, coinslayer"

Try name_history on d/bitcoin and see for yourselves - there is no enforced integrity of the key value pairs in namecoin. So namecoin looses its entire purpose. The problem is that there is no fix to this - it is similar to being able to randomly take ownership of other peoples money, all the value is gone. I tried, initially, a silent fix contacting namecoin developers and key users more than a month ago, but I never got any answers back. Perhaps, the best future for namecoin now is a rebirth with a new genesis, or just a cancel of all the name reservations starting from some future block ?

I should also note that up until block 139872, no one have exploited the bugs. The libcoin code actually enforced the above rules, and I was able to download and verify the entire chain, now I have added a flag, ignore_rules, to get pass block 139872.

Coinslayer aka Michael, Chief Operation Officer, Payward Inc. kraken.com
    mBitCASINOWIN BITCOINS IN OUR
24/7 LIVE DEALER CASINO

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397855666
Hero Member
*
Offline Offline

Posts: 1397855666

View Profile Personal Message (Offline)

Ignore
1397855666
Reply with quote  #2

1397855666
Report to moderator
1397855666
Hero Member
*
Offline Offline

Posts: 1397855666

View Profile Personal Message (Offline)

Ignore
1397855666
Reply with quote  #2

1397855666
Report to moderator
BitOrca
Member
**
Offline Offline

Activity: 80


Buy and Sell Templates and Themes with Bitcoin.


View Profile WWW

Ignore
October 15, 2013, 11:24:08 AM
 #2

How they going to fix this?


    Admin @ BitOrca | Contact: admin@bitorca.com | Twitter |  Sell/Buy Bitcoin code! @ BitOrca | OrcaBlog | Best Bitcoin Tool Competiton!
   
libcoin
Newbie
*
Offline Offline

Activity: 22



View Profile WWW

Ignore
October 15, 2013, 11:28:59 AM
 #3

How they going to fix this?

I suggest: "or just a cancel of all the name reservations starting from some future block" - so enforce a reset of all name reservations, say from block 141000, and following that enforce the rules. This means that all domains reserved are worthless, but that is also the case today due to the bug. However, this approach might cap the NMC rate decline.
Boxman90
Sr. Member
****
Offline Offline

Activity: 294


View Profile

Ignore
October 15, 2013, 11:35:23 AM
 #4

Is it impossible for the devs to hard-fork NMC with the bugfix, and keep all/most of the current domain registrations?

LTC: LKKy4eDWyVtSrQAJy7Qmmz61RaFY91D9yC   BTC: 18fzdnCkuUNthCD8hM36UBGopFa9ij78gG
Duetschpire
Sr. Member
****
Offline Offline

Activity: 308


cryptothrift - BTC LTC XPM FTC Auction Site


View Profile WWW

Ignore
October 15, 2013, 11:36:42 AM
 #5

So all the brains and noise in crypto and open source projects over looked such a disaster?
I'm not sure whether to congratulate you or offer my condolences to the dev team and the big players.

This is rather interesting, not only for crypto, but also for all open source projects; having a project "open source" and calling the myth of "open source is more secure" doesn't make the code more secure.. Having developers like yourself actually looking into the code and testing the hell out of every possibility  is what makes it secure.

Nice work, hope a fix, patch, rebirth or whatever you want to call it will be pushed out soon as such noise is in no way good to any cryptos including but not limited to Bitcoin  

ripper234
Hero Member
*****
Offline Offline

Activity: 1092


Ron Gross


View Profile WWW

Ignore
October 15, 2013, 11:53:52 AM
 #6

It's great that you're reviewing the code, and sad indeed that the developers ignored you.
Still, how does this imply "Namecoin is dead"?

It's just a hardfork that needs to be done in order to enforce the rules, no?

Please do not pm me, use ron@mastercoin.org instead
Mastercoin Executive Director
Co-founder of the Israeli Bitcoin Association
libcoin
Newbie
*
Offline Offline

Activity: 22



View Profile WWW

Ignore
October 15, 2013, 11:58:19 AM
 #7

It's just a hardfork that needs to be done in order to enforce the rules, no?

Well, it will be awfully hard to administer such a hardfork - either you reorganize all the way back to block 139872, from when you have the patch ready, or you need to backtrack false takeovers and reverse them. I'd say that it is more fair to cancel all reservations, after all, they never really were enforced anyway... Further, it would be healthy to clean up the list of domains.
shooter_mcgavin
Member
**
Offline Offline

Activity: 76



View Profile

Ignore
October 15, 2013, 12:04:00 PM
 #8

RIP

If you think I've been helpful, toss me a few bitcoin -  1J2bbukPKFrwEfk4iHueKfLfFBXLSNGnTi
pmconrad
Full Member
***
Offline Offline

Activity: 136


View Profile WWW

Ignore
October 15, 2013, 12:08:39 PM
 #9

@Coinslayer: Nice find... in a way. Congrats! :-)

This is rather interesting, not only for crypto, but also for all open source projects; having a project "open source" and calling the myth of "open source is more secure" doesn't make the code more secure.. Having developers like yourself actually looking into the code and testing the hell out of every possibility  is what makes it secure.

Having many people examine the code is only possible with open source. So in general that makes open source software more secure and less bug-ridden than closed source software. This is well-known.

Obviously, making a piece of software open source doesn't automatically make it more secure. While the discovery of the OP is quite desastruous for NMC, think about how much bigger the desaster would have been if the bug had been discovered by some black hat in a year or two because (?) the project was closed source.

Now the devs (assuming there are some left, but there seems to be *some* activity over at dot-bit.org) have a chance to fix the issue and bring the project back to where it's useful. I think the ideas behind NMC are quite cool, especially because this way namecoins and the NMC blockchain do have an intrinsic value, in contrast to all the other alts.

Mooshire
Sr. Member
****
Offline Offline

Activity: 308



View Profile

Ignore
October 15, 2013, 12:15:43 PM
 #10

This is sad, Namecoin was a big innovation.

crendore
Sr. Member
****
Offline Offline

Activity: 273


View Profile

Ignore
October 15, 2013, 12:16:41 PM
 #11

Looks like NMC is dead. Gox will never add it after this.
libcoin
Newbie
*
Offline Offline

Activity: 22



View Profile WWW

Ignore
October 15, 2013, 12:25:45 PM
 #12

Looks like NMC is dead. Gox will never add it after this.

Ironically, it was while adding it to Kraken, that I discovered this - how could we possibly, as an exchange sit with this knowledge and start trading NMC? Now, it is different, and we might take it up again, but we need to fix the namecoin key-value database integrity first, or at least see it being fixed soon.
sardokan
Sr. Member
****
Online Online

Activity: 322


View Profile

Ignore
October 15, 2013, 12:25:53 PM
 #13

Maybbe it's time to clean everything, and change prices in order to don't have all domains squatted

It's great you found this

What a pitty, I really loved Namecoin idea  Cry

BitCoinNutJob
Sr. Member
****
Offline Offline

Activity: 392


View Profile

Ignore
October 15, 2013, 12:26:16 PM
 #14

 Sad Sad Sad
smoothie
Hero Member
*****
Offline Offline

Activity: 882


Lealana Physical Bitcoins and Litecoins


View Profile

Ignore
October 15, 2013, 12:27:52 PM
 #15

So who is going to create the new name coin chain?

btcdrak
Sr. Member
****
Offline Offline

Activity: 297


View Profile

Ignore
October 15, 2013, 12:34:18 PM
 #16

So all the brains and noise in crypto and open source projects over looked such a disaster?
I'm not sure whether to congratulate you or offer my condolences to the dev team and the big players.

This is rather interesting, not only for crypto, but also for all open source projects; having a project "open source" and calling the myth of "open source is more secure" doesn't make the code more secure.. Having developers like yourself actually looking into the code and testing the hell out of every possibility  is what makes it secure.

Nice work, hope a fix, patch, rebirth or whatever you want to call it will be pushed out soon as such noise is in no way good to any cryptos including but not limited to Bitcoin  

Open source is more secure exactly because it can get wider peer review. Programmers make mistakes, but with closed source issues can go un-notices for years - even on purpose while other exploit the 0day. The NSA have been doing this for example.
btcdrak
Sr. Member
****
Offline Offline

Activity: 297


View Profile

Ignore
October 15, 2013, 12:37:35 PM
 #17

So who is going to create the new name coin chain?

Is there even a dev team?
Duetschpire
Sr. Member
****
Offline Offline

Activity: 308


cryptothrift - BTC LTC XPM FTC Auction Site


View Profile WWW

Ignore
October 15, 2013, 12:59:53 PM
 #18

So all the brains and noise in crypto and open source projects over looked such a disaster?
I'm not sure whether to congratulate you or offer my condolences to the dev team and the big players.

This is rather interesting, not only for crypto, but also for all open source projects; having a project "open source" and calling the myth of "open source is more secure" doesn't make the code more secure.. Having developers like yourself actually looking into the code and testing the hell out of every possibility  is what makes it secure.

Nice work, hope a fix, patch, rebirth or whatever you want to call it will be pushed out soon as such noise is in no way good to any cryptos including but not limited to Bitcoin 

Open source is more secure exactly because it can get wider peer review. Programmers make mistakes, but with closed source issues can go un-notices for years - even on purpose while other exploit the 0day. The NSA have been doing this for example.

Exactly, I'm not saying it isn't, I'm trying to say that if a software is open source, it shouldn't be taken for granted. I'm not a dev myself, I wish I were, but I think devs in the crypto community should make some sort of organization to do nothing but test for such bugs and us the users can donate to them, or they should be paid from TX fees, ads etc... This community is getting wider and bigger, being decentralized doesn't mean we can't have a well known organization to look after the technical side of things for all crypto related software

libcoin
Newbie
*
Offline Offline

Activity: 22



View Profile WWW

Ignore
October 15, 2013, 01:09:24 PM
 #19

So all the brains and noise in crypto and open source projects over looked such a disaster?
I'm not sure whether to congratulate you or offer my condolences to the dev team and the big players.

This is rather interesting, not only for crypto, but also for all open source projects; having a project "open source" and calling the myth of "open source is more secure" doesn't make the code more secure.. Having developers like yourself actually looking into the code and testing the hell out of every possibility  is what makes it secure.

Nice work, hope a fix, patch, rebirth or whatever you want to call it will be pushed out soon as such noise is in no way good to any cryptos including but not limited to Bitcoin 

Open source is more secure exactly because it can get wider peer review. Programmers make mistakes, but with closed source issues can go un-notices for years - even on purpose while other exploit the 0day. The NSA have been doing this for example.

Exactly, I'm not saying it isn't, I'm trying to say that if a software is open source, it shouldn't be taken for granted. I'm not a dev myself, I wish I were, but I think devs in the crypto community should make some sort of organization to do nothing but test for such bugs and us the users can donate to them, or they should be paid from TX fees, ads etc... This community is getting wider and bigger, being decentralized doesn't mean we can't have a well known organization to look after the technical side of things for all crypto related software

Well, I disagree, I see it as the duty of the exchanges and wallet services to perform this kind of scrutiny / review before adding a new alt-coin to their assets. I know that this has not been the practice so far, while everything has been wild west gold digger mentality, but things are getting legit, and you should do your best to secure your customers values. Anyway, it was actually in this process I found the above bugs, and I have seen other bugs in other alt-currencies, but never any alarming ones until now.
killerstorm
Hero Member
*****
Offline Offline

Activity: 742



View Profile

Ignore
October 15, 2013, 01:16:19 PM
 #20

This is sad, Namecoin was a big innovation.

It was a good proof-of-concept, but implementation is incredibly amateurish.

A bunch of undergrad CS students could produce a better one. (I'm not joking.)

colored coins proof-of-concept: private currencies, stock/bond p2p exchange

Tips and donations: 16v13Fa9cPmfFzpm9mmbWwAkXY4gyY6uh4
Pages: [1] 2 3 4 5 6 7  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!