NXT :: descendant of Bitcoin - Updated Information

[fmiboy]

How?

Nxt transaction sigs only care about the account id's (not say something like the "genesis block id") so a "clone" (such a test net) in which account #'s that *match* main net (most likely due to using the same password) means that you can *steal* NXT by just broadcasting a test net tx on main net.

(this issue will also apply to "parallel chains" if and when implemented)

edit: did anyone tested this?

[1715059654]

1715059654

[NxtMinnow]

So if *more* NXT can be created by "broadcasting a test net tx on main net" then that is a security hole.

How?

Nxt transaction sigs only care about the account id's (not say something like the "genesis block id") so a "clone" (such a test net) in which account #'s that *match* main net (most likely due to using the same password) means that you can *steal* NXT by just broadcasting a test net tx on main net.

(this issue will also apply to "parallel chains" if and when implemented)

well, isn't testnet one kind ?!

[Daedelus]

Result: U sold 50k NXT for 0.01 BTC.

Crazy!         ...thnx brother...

Hey, just don't send NAS when he sends u 0.01 BTC. 

Call me State-The-Obvious-Stan if you want but.... I just want to check


You would need 50,000NXT in your Nxt account for this to go through, right?



But I suppose they could look in your Nxt account, see you have 1500Nxt and say "hey, I'll buy 1500NAS for 0.01 BTC", right?

[evanxxx]

I could post yours! ;-)

you don't know mine  

It's not a problem as long as you don't do an outgoing transaction in the clone blockchain.

then you cannot sell the Nxt clone for Nxt, what's the benefit?

[opticalcarrier]

Okay Nxt Community here is a quantum riddle;

My real NXT account number (Public Key) is 14730376987822377578 on NXT Mainnet. I have never used my real NXT passphrase on NXT testnet. However,   14730376987822377578 exists on NXT Testnet.

Yesterday, after I asked for TestNXT on this thread; 18232225178877143084 sent me a 1,000,000 + 1 TestNXT.

While testing this morning, I sent 1,000,000 + 1,000  TestNXT to 14730376987822377578 which showed as a valid public key and appeared to have transaction success.

Upon looking at the history of 14730376987822377578 from NxtTestnet, I see "This account has a balance of 1'063'416 NXT" ; 1,000,000 being the TestNXT transferred this morning and 63,416 an old real NXT balance of real NXT account 14730376987822377578.

And even more bizarre, looking down into the transaction history I find dozens of Asset transfers between 3/11/2014 and 3/14/2014 all to the same account number 18232225178877143084. WHICH is the SAME TestNXT account that sent me 1,000,000 TestNXT on 3/19/2014.

Maybe I need another cup of coffee.

did you take a ride with the ambien walrus?

[wesleyh]

How?

getTransactionBytes in Nas + broadcastTransaction in Nxt.

I guess after 1440 blocks it's no longer possible to do broadcastTransaction? (too old)?

[Come-from-Beyond]

Call me State-The-Obvious-Stan if you want but.... I just want to check


You would need 50,000NXT in your Nxt account for this to go through, right?



But I suppose they could look in your Nxt account, see you have 1500Nxt and say "hey, I'll buy 1500NAS for 0.01 BTC", right?

Right

[wesleyh]

How?

Nxt transaction sigs only care about the account id's (not say something like the "genesis block id") so a "clone" (such a test net) in which account #'s that *match* main net (most likely due to using the same password) means that you can *steal* NXT by just broadcasting a test net tx on main net.

(this issue will also apply to "parallel chains" if and when implemented)

Should not if you add some kind of field to transaction that signifies the chain it is on.

[wesleyh]

So if *more* NXT can be created by "broadcasting a test net tx on main net" then that is a security hole.

How?

Nxt transaction sigs only care about the account id's (not say something like the "genesis block id") so a "clone" (such a test net) in which account #'s that *match* main net (most likely due to using the same password) means that you can *steal* NXT by just broadcasting a test net tx on main net.

(this issue will also apply to "parallel chains" if and when implemented)

well, isn't testnet one kind ?!

You can't create new nxt, it has to be in the withdrawal account.

[Come-from-Beyond]

How?

getTransactionBytes in Nas + broadcastTransaction in Nxt.

I guess after 1440 blocks it's no longer possible to do broadcastTransaction? (too old)?

Depends on deadline. Default 24h is long enough to do the attack successfully in 99.9%.

[NxtMinnow]

That's not funny opticalcarrier   and no I did not as a matter of fact. Now I am starting to question whether we are in a simulation.
and What is up with all the Asset Transfers? And I couldn't send testNXT last night or this morning from a newly created account, getting the "Unknown Account" error.

Okay Nxt Community here is a quantum riddle;

My real NXT account number (Public Key) is 14730376987822377578 on NXT Mainnet. I have never used my real NXT passphrase on NXT testnet. However,   14730376987822377578 exists on NXT Testnet.

Yesterday, after I asked for TestNXT on this thread; 18232225178877143084 sent me a 1,000,000 + 1 TestNXT.

While testing this morning, I sent 1,000,000 + 1,000  TestNXT to 14730376987822377578 which showed as a valid public key and appeared to have transaction success.

Upon looking at the history of 14730376987822377578 from NxtTestnet, I see "This account has a balance of 1'063'416 NXT" ; 1,000,000 being the TestNXT transferred this morning and 63,416 an old real NXT balance of real NXT account 14730376987822377578.

And even more bizarre, looking down into the transaction history I find dozens of Asset transfers between 3/11/2014 and 3/14/2014 all to the same account number 18232225178877143084. WHICH is the SAME TestNXT account that sent me 1,000,000 TestNXT on 3/19/2014.

Maybe I need another cup of coffee.

did you take a ride with the ambien walrus?

[wesleyh]

How?

getTransactionBytes in Nas + broadcastTransaction in Nxt.

I guess after 1440 blocks it's no longer possible to do broadcastTransaction? (too old)?

Depends on deadline. Default 24h is long enough to do the attack successfully in 99.9%.

how come this type of thing doesn't work on bitcoin clones, what's different there? (Or does it?)

[bidji29]

How?

getTransactionBytes in Nas + broadcastTransaction in Nxt.

I guess after 1440 blocks it's no longer possible to do broadcastTransaction? (too old)?

Depends on deadline. Default 24h is long enough to do the attack successfully in 99.9%.

how come this type of thing doesn't work on bitcoin clones, what's different there? (Or does it?)

Because there is no brainwallet, so all addresses are different.

Btw, any advancment on the wallet system?

[wesleyh]

That's not funny opticalcarrier   and no I did not as a matter of fact. Now I am starting to question whether we are in a simulation.
and What is up with all the Asset Transfers? And I couldn't send testNXT last night or this morning from a newly created account, getting the "Unknown Account" error.

Okay Nxt Community here is a quantum riddle;

My real NXT account number (Public Key) is 14730376987822377578 on NXT Mainnet. I have never used my real NXT passphrase on NXT testnet. However,   14730376987822377578 exists on NXT Testnet.

Yesterday, after I asked for TestNXT on this thread; 18232225178877143084 sent me a 1,000,000 + 1 TestNXT.

While testing this morning, I sent 1,000,000 + 1,000  TestNXT to 14730376987822377578 which showed as a valid public key and appeared to have transaction success.

Upon looking at the history of 14730376987822377578 from NxtTestnet, I see "This account has a balance of 1'063'416 NXT" ; 1,000,000 being the TestNXT transferred this morning and 63,416 an old real NXT balance of real NXT account 14730376987822377578.

And even more bizarre, looking down into the transaction history I find dozens of Asset transfers between 3/11/2014 and 3/14/2014 all to the same account number 18232225178877143084. WHICH is the SAME TestNXT account that sent me 1,000,000 TestNXT on 3/19/2014.

Maybe I need another cup of coffee.

did you take a ride with the ambien walrus?

The newly created account error was just a bug in my code I will upload new version later today that fixes it.

[wesleyh]

How?

getTransactionBytes in Nas + broadcastTransaction in Nxt.

I guess after 1440 blocks it's no longer possible to do broadcastTransaction? (too old)?

Depends on deadline. Default 24h is long enough to do the attack successfully in 99.9%.

how come this type of thing doesn't work on bitcoin clones, what's different there? (Or does it?)

Because there is no brainwallet, so all address are different

That's what I thought. Though collisions are always possible

[Come-from-Beyond]

how come this type of thing doesn't work on bitcoin clones, what's different there? (Or does it?)

Bitcoin signs each input. Nxt doesn't have inputs.

[wesleyh]

how come this type of thing doesn't work on bitcoin clones, what's different there? (Or does it?)

Bitcoin signs each input. Nxt doesn't have inputs.

What do you mean by input?

[Come-from-Beyond]

What do you mean by input?

https://en.bitcoin.it/wiki/Transactions#Input

[L5Society]

So I was brainstorming the decentralized sports betting idea with my friend yesterday, and I've got some new ideas. Can smarter people than me give me some feedback? These ideas might be really dumb, because I'm not a programmer and I don't fully understand how everything works.

1) A parallel blockchain that contains the history of scores generated by a crawler that pulls data from ESPN, Yahoo Sports, Google, etc and crosschecks the data against the sources. Users of the betting service must somehow reference the correct score history when placing bids for a new bet. After a certain number of confirmations (ie when the future bettors come to a consensus on the correct score history), the old bets are paid out.

2) A parallel blockchain that contains the history of scores generated by a crawler that pulls data from ESPN, Yahoo Sports, Google, etc and crosschecks the data against the sources. Users of the betting service must submit corrections to the blockchain, to be verified by "miners" which are rewarded for the verification (somehow, to be determined). If you submit a false claim for correction, you get penalized in a big way.

These two ideas are trying to decentralize the score reporting portion, so that payouts can be automated without trusting a 3rd party to correctly report the scores.

[CIYAM]

These two ideas are trying to decentralize the score reporting portion, so that payouts can be automated without trusting a 3rd party to correctly report the scores.

The main problem is "how do you trust" the chains reporting?

Basically "block chain tech" can only accurately report on "other block chains".