Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 12:26:48 PM Last edit: March 22, 2014, 05:44:45 PM by Come-from-Beyond |
|
Nxt source code has been released - https://bitcointalk.org/index.php?topic=345619.msg4287127#msg4287127The code contains 3 flaws - serious, critical and fatal. The 1st person who reports these flaws will get 1'000, 10'000 or 100'000 NXT reward accordingly. Each flaw has a small description. Here r SHA256 hashes of these descriptions: bd34c891e9e3df9ea8b8eafc4dc3edc129f81365d42bf204ea58271e320f3ce5 - 1K reward888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530 - 10K rewardf5236644f4306699bb0fa90a905afe2454683c0aad6995e4433d712e2fdb257c - 100K rewardThe flaws must be reported before the 3rd of April, after that date they can be revealed at any moment. If u think that u found a flaw, post here its description. Mathematical proof is not necessary, common sense should be enough. If ur guess is correct u may * get the reward, if u find a non-injected flaw then u'll be asked for more formal proof (u may get a reward too). NB: Some guys mentioned that they would just decompile 0.4.7e binaries and compare the source codes to find the flaws. As a countermeasure against such the trick u still must explain why there is a flaw. ------------- * - BCNext reserves the right to refuse to pay a reward without any explanation. This is an anti-troll countermeasure.
|
|
|
|
|
ImmortAlex
|
|
January 03, 2014, 12:31:09 PM |
|
Do you accept any suggestions here, or flaws only? What if I found some potentially bad code?
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 03, 2014, 12:32:48 PM |
|
Ok, digging the code right now. 3rd April is too long to wait for.
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 12:38:03 PM |
|
Do you accept any suggestions here, or flaws only? What if I found some potentially bad code?
Only flaws, feel free to create another thread for suggestions and post link here.
|
|
|
|
salsacz
|
|
January 03, 2014, 12:38:47 PM |
|
@Override public int compareTo(BidOrder o) { if (price > o.price) { return -1; } else if (price < o.price) { return 1; there should be replaced <> to:@Override public int compareTo(BidOrder o) { if (price < o.price) { return -1; } else if (price > o.price) { return 1;
|
|
|
|
Boxxl
|
|
January 03, 2014, 12:41:56 PM Last edit: January 03, 2014, 02:48:53 PM by Boxxl |
|
The http:// is not a real secure address: -------------------------------------------------------- new URL("http://" + address); -------------------------------------------------------- new URL("http://" + announcedAddress); -------------------------------------------------------- URL url = new URL("http://" + announcedAddress + ((new URL("http://" + announcedAddress)).getPort() < 0 ? ":7874" : "") + "/nxt"); -------------------------------------------------------- This should be https:// in the future.. My address: 17665579946762640918
|
No Signature right now...
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 12:44:30 PM |
|
@Override public int compareTo(BidOrder o) { if (price > o.price) { return -1; } else if (price < o.price) { return 1; there should be replaced <> to:@Override public int compareTo(BidOrder o) { if (price < o.price) { return -1; } else if (price > o.price) { return 1; Why?
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 12:44:59 PM |
|
The http:// is not a real secure address: -------------------------------------------------------- new URL("http://" + address); -------------------------------------------------------- new URL("http://" + announcedAddress); -------------------------------------------------------- URL url = new URL("http://" + announcedAddress + ((new URL("http://" + announcedAddress)).getPort() < 0 ? ":7874" : "") + "/nxt"); -------------------------------------------------------- This should be https:// in the future.. My address: 17665579946762640918 It is secure.
|
|
|
|
luckygenough56
Legendary
Offline
Activity: 1526
Merit: 1012
|
|
January 03, 2014, 12:45:51 PM |
|
another polemic to bring the prices down ?
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 12:46:14 PM |
|
@Override public int compareTo(BidOrder o) { if (price > o.price) { return -1; } else if (price < o.price) { return 1; there should be replaced <> to:@Override public int compareTo(BidOrder o) { if (price < o.price) { return -1; } else if (price > o.price) { return 1; Why? It's part of Asset Exchange. Looks like BCNext forgot to remove this code. Don't pay attention.
|
|
|
|
EmoneyRu
|
|
January 03, 2014, 12:51:35 PM |
|
(amount + fee) * 100L > account.unconfirmedBalance That bug with overflow when (amount + fee) * 100L > int_max?
|
|
|
|
lonesoul
|
|
January 03, 2014, 12:55:57 PM |
|
another polemic to bring the prices down ? how do you mean? the code was released with the flaws so that people can see what they are working with, the flaws were added by the developer. the flaws are in place to stop people immediately cloning the code and releasing their own version. people will need to wait to see if all the flaws have been found before confirmation that the source is in fact in its fully working condition again. When i first read about the code release i was a little dubious but I personally think its a great way to get the source out there for review, also gain extra interest from people because of the rewards but also the subtle way they now have multiple coders looking over their code and getting to understand it. im assuming they aren't expecting clones to appear over night but im sure the developer realises if his code is a cut above the current code behind most of the other coins, that it will eventually take off and more "NXTLiteCoin" versions will emerge. all in all i think its a cracking play on NXT's side and will actually help the prices rather than hurt them. At least thats how i saw it ;-) I could have completely the wrong end of the stick - I just wish i had even the smallest understanding of the code itself so i could take part lol.
|
Please click this link-> https://mcxnow.com/?r=Stuartnorth (The link is a referral link, it costs you nothing, but provides a little bonus for me if you click through to the site. Please help feed my baby. Thanks :-) )
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 12:58:09 PM |
|
(amount + fee) * 100L > account.unconfirmedBalance That bug with overflow when (amount + fee) * 100L > int_max? No, 100 L tells that the result will be a 64-bit number.
|
|
|
|
nastybit
Newbie
Offline
Activity: 42
Merit: 0
|
|
January 03, 2014, 12:59:07 PM |
|
another polemic to bring the prices down ? how do you mean? the code was released with the flaws so that people can see what they are working with, the flaws were added by the developer. the flaws are in place to stop people immediately cloning the code and releasing their own version. people will need to wait to see if all the flaws have been found before confirmation that the source is in fact in its fully working condition again. When i first read about the code release i was a little dubious but I personally think its a great way to get the source out there for review, also gain extra interest from people because of the rewards but also the subtle way they now have multiple coders looking over their code and getting to understand it. im assuming they aren't expecting clones to appear over night but im sure the developer realises if his code is a cut above the current code behind most of the other coins, that it will eventually take off and more "NXTLiteCoin" versions will emerge. all in all i think its a cracking play on NXT's side and will actually help the prices rather than hurt them. At least thats how i saw it ;-) I could have completely the wrong end of the stick - I just wish i had even the smallest understanding of the code itself so i could take part lol. The problem with releasing a fake is that you can find something really wrong and they can say "good, we already fix this / we already changed it" etc. it cannot be verified as it's not the real complete source code, kinda useless tbh
|
|
|
|
ImmortAlex
|
|
January 03, 2014, 01:03:29 PM |
|
Do you accept any suggestions here, or flaws only? What if I found some potentially bad code?
Only flaws, feel free to create another thread for suggestions and post link here. Source code analysis (QA). Feel free everyone to post you suggestions there.
|
|
|
|
bitcoinpaul
|
|
January 03, 2014, 01:04:48 PM |
|
another polemic to bring the prices down ? how do you mean? the code was released with the flaws so that people can see what they are working with, the flaws were added by the developer. the flaws are in place to stop people immediately cloning the code and releasing their own version. people will need to wait to see if all the flaws have been found before confirmation that the source is in fact in its fully working condition again. When i first read about the code release i was a little dubious but I personally think its a great way to get the source out there for review, also gain extra interest from people because of the rewards but also the subtle way they now have multiple coders looking over their code and getting to understand it. im assuming they aren't expecting clones to appear over night but im sure the developer realises if his code is a cut above the current code behind most of the other coins, that it will eventually take off and more "NXTLiteCoin" versions will emerge. all in all i think its a cracking play on NXT's side and will actually help the prices rather than hurt them. At least thats how i saw it ;-) I could have completely the wrong end of the stick - I just wish i had even the smallest understanding of the code itself so i could take part lol. The problem with releasing a fake is that you can find something really wrong and they can say "good, we already fix this / we already changed it" etc. it cannot be verified as it's not the real complete source code, kinda useless tbh Wrong, they have finished written statements - their hashes are posted in the first post.
|
|
|
|
hostmaster
|
|
January 03, 2014, 01:04:54 PM |
|
The http:// is not a real secure address: -------------------------------------------------------- new URL("http://" + address); -------------------------------------------------------- new URL("http://" + announcedAddress); -------------------------------------------------------- URL url = new URL("http://" + announcedAddress + ((new URL("http://" + announcedAddress)).getPort() < 0 ? ":7874" : "") + "/nxt"); -------------------------------------------------------- This should be https:// in the future.. My address: 17665579946762640918 It is secure. https provides secured communications, otherwise it can be listened on network level and can be sniffed.
|
|
|
|
EmoneyRu
|
|
January 03, 2014, 01:08:01 PM |
|
(amount + fee) * 100L > account.unconfirmedBalance That bug with overflow when (amount + fee) * 100L > int_max? No, 100 L tells that the result will be a 64-bit number. Really? http://ideone.com/5zWQ0C
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 01:08:55 PM |
|
https provides secured communications, otherwise it can be listened on network level and can be sniffed.
No problem with that, all data must be public anyway.
|
|
|
|
|