Nxt source code flaw reports

[theKnownUnknown]

Perhaps someone would find the flaws if this code would be maintainable (e.g. JavaDoc and modularization) .

[Come-from-Beyond]

Can you please explain why the code below returns false (only if we are also allowed to ask questions):

boolean verifyBlockSignature() throws Exception {
         
         Account account = accounts.get(Account.getId(generatorPublicKey));
         if (account == null) {
            
            return false;

This piece of code doesn't allow to forge blocks with an empty account.

[xibeijan]

NXT is just some code that some junior programmer is trying to cook up one the fly.  

Take it from an expert in these coding matters.

Don't believe me,  well good luck with your NXT investments.

So... how come you 're not spitting out ALL THREE FLAWS then?

Is this not plain and simple B.S.?



"Each flaw has a small description. Here r SHA256 hashes of these descriptions:

bd34c891e9e3df9ea8b8eafc4dc3edc129f81365d42bf204ea58271e320f3ce5 - 1K reward
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530 - 10K reward
f5236644f4306699bb0fa90a905afe2454683c0aad6995e4433d712e2fdb257c - 100K reward
"


If he knews of the flaws,  then why is he asking this forum?

How do you create a hash of something you don't know exists?

Besides,  what the heck are you even hashing?  Some text that describes the flaw?


The B.S. is unbelievable and you folks are just too ignorant to see it.

I normally don't call people trolls, but:

1) It is clear you have not been following anything related to NXT. Injected flaws (in an otherwise working base code) with bounty payouts is meant to encourage people to take a very hard look a the code. Also, read the 1st post again, c-f-b explained this.
2) Bashing how "clean" the code looks. Really? If you're so good at this, why didn't you come up with a better NXT first? It's probably because you can't (hence you have to fork NXT's code... how ironic).

+1

He needs to chill.  His questions will be answered, but not really for this thread.

And, the devs really need to get a whitepaper together.

[klee]

Don't worry FreaktionLess I have hired some of the best developers (who happen to be my friends too) to make this brilliant innovative algorithm into a real software project (along of course with Jean-Luc who is the leader dev atm).

See you around I hope to review their code too

[jl777]

Frictionless

Did you even read the code?
The proof of stake is hard coded in with the founder's acct numbers and the number of NXT they started with. The genesis block is created from scratch and the blockchain starts from there.

By starting with 100% of the NXT issued to the founders in the hardcoded block, as long as every transfer of NXT is accounted for properly the proof of stake is maintained.

James

[Come-from-Beyond]

Well, we derailed the thread. FrictionlessCoin, let's move to other thread to discuss consensus algo. Create it and post here the link, plz.

[FrictionlessCoin]

Forging is a distributed consensus system that is used to confirm waiting transactions by including them in the block chain. It enforces a chronological order in the block chain, protects the neutrality of the network, and allows different computers to agree on the state of the system. To be confirmed, transactions must be packed in a block that fits very strict cryptographic rules that will be verified by the network. These rules prevent previous blocks from being modified because doing so would invalidate all following blocks. Forging also creates the equivalent of a competitive lottery that prevents any individual from easily adding new blocks consecutively in the block chain. This way, no individuals can control what is included in the block chain or replace parts of the block chain to roll back their own spends.

I can't explain details in a couple of sentences.

(1) How do you ensure "chronological order in the block chain".
(2) What are these "strict cryptographic rules"
(3) What is the mechanism of this "lottery".

From what you described,  there are too many important details that you are glossing over.  

If you can't answer the 3 question I asked, then you truly don't know what you are writing.   You are the author of the code, right?

[xibeijan]

I normally don't call people trolls, but:

1) It is clear you have not been following anything related to NXT. Injected flaws (in an otherwise working base code) with bounty payouts is meant to encourage people to take a very hard look a the code. Also, read the 1st post again, c-f-b explained this.
2) Bashing how "clean" the code looks. Really? If you're so good at this, why didn't you come up with a better NXT first? It's probably because you can't (hence you have to fork NXT's code... how ironic).

So your are admiting that this indeed is not the 'real source code' but some variant of it that doesn't really work.

I thought the purpose of releasing source code is to have other people to review if it is correct.

Well... I may just create a much better NXT.   Something that

(1) Has a very clear specification of the distributed consensus algorithm that people can review for flaws.
(2) Follow best practice Java coding standards.
(3) Gone through extensive static code analysis.
(4) Have a battery of unit tests to exhaustive test out the code.
(5) Ensure that tests perform 100% test coverage.

but unfortunately none of that exists for NXT.   It is just a high school project that some folks invested 21 BTC to get a stake on it.

Yes.  Please go do that.

P.S. I would ask you to PM me when you have 100% test coverage, but I've not even found this in the bitcoin source code...

[pandaisftw]

I normally don't call people trolls, but:

1) It is clear you have not been following anything related to NXT. Injected flaws (in an otherwise working base code) with bounty payouts is meant to encourage people to take a very hard look a the code. Also, read the 1st post again, c-f-b explained this.
2) Bashing how "clean" the code looks. Really? If you're so good at this, why didn't you come up with a better NXT first? It's probably because you can't (hence you have to fork NXT's code... how ironic).

So your are admiting that this indeed is not the 'real source code' but some variant of it that doesn't really work.

I thought the purpose of releasing source code is to have other people to review if it is correct.

Well... I may just create a much better NXT.   Something that

(1) Has a very clear specification of the distributed consensus algorithm that people can review for flaws.
(2) Follow best practice Java coding standards.
(3) Gone through extensive static code analysis.
(4) Have a battery of unit tests to exhaustive test out the code.
(5) Ensure that tests perform 100% test coverage.

but unfortunately none of that exists for NXT.   It is just a high school project that some folks invested 21 BTC to get a stake on it.

Who claimed this was the 'real source code'? If you find the 3 flaws, correct them (or post here to collect bounty), you will have a 100% working base-code that runs 0.4.7e.

But let's get back on topic and look for the flaws, please.

[tk808]

Frictionless

Did you even read the code?
The proof of stake is hard coded in with the founder's acct numbers and the number of NXT they started with. The genesis block is created from scratch and the blockchain starts from there.

By starting with 100% of the NXT issued to the founders in the hardcoded block, as long as every transfer of NXT is accounted for properly the proof of stake is maintained.

James

Isn't it obvious to you all now?

All he knows is the 10 cookbook recipes he's been learning in college for the past 4 years.

Frictionless is one of those dudes who thinks he's a genius because of what he knows. This is the real-world dude, not an algorithm found in a textbook

[xibeijan]

Don't worry FreaktionLess I have hired some of the best developers (who happen to be my friends too) to make this brilliant innovative algorithm into a real software project (along of course with Jean-Luc who is the leader dev atm).

See you around I hope to review their code too

+1

[jl777]

frictionless,

Unfortunately (for us), the answers to your questions are indeed in the source code as released and the live version uses the identical or bug fixed version.

CfB is not the author, he was one of the founders who BCNext convinced to deal with the forum while he kept coding

Conceptual framework for the algorithm is in the original BCNext thread (https://bitcointalk.org/index.php?topic=303898.160), you just have to read through it or the source code or wait for the white paper

James

[Vega]

And, the devs really need to get a whitepaper together.

Among other things. As someone who has a nice amount of money invested in Nxt, I'm not that happy this days about how many thing going with Nxt.
But screaming at the devs without offering anything constructive, is less than pointless, unless he have an agenda.
And if I remember correctly, it's not even the first time he seen the code, he posted last week on btt and on reddit already about it, after he decompiled it.
So this is pretty much rehearsed bashing.

[klee]

And, the devs really need to get a whitepaper together.

Among other things. As someone who has a nice amount of money invested in Nxt, I'm not that happy this days about how many thing going with Nxt.
But screaming at the devs without offering anything constructive, is less than pointless, unless he have an agenda.
And if I remember correctly, it's not even the first time he seen the code, he posted last week on btt and on reddit already about it, after he decompiled it.
So this is pretty much rehearsed bashing.

Secret agenda - who are you FREAKtionless? What is your motives?
Serving the 'truth'?? lol

Go back to your worthless dinosaur soon to extinct (PoW) investment...

[mcjavar]

Don't worry FreaktionLess I have hired some of the best developers (who happen to be my friends too) to make this brilliant innovative algorithm into a real software project (along of course with Jean-Luc who is the leader dev atm).

See you around I hope to review their code too

Glad to read that! When do they get on board and who is paying for them?

[gsan1]

Guess its time to shutdown the computer after a 5 hour code research marathon. No flaws found up to now..

[klee]

Don't worry FreaktionLess I have hired some of the best developers (who happen to be my friends too) to make this brilliant innovative algorithm into a real software project (along of course with Jean-Luc who is the leader dev atm).

See you around I hope to review their code too

Glad to read that! When do they get on board and who is paying for them?

They are almost a week on board (2 devs + 1 IT + maybe 1 more dev) and I pay for them...

[Come-from-Beyond]

Guess its time to shutdown the computer after a 5 hour code research marathon. No flaws found up to now..

U have to understand logic of the code to find these flaws.

[inkadnb]

Am I too late to the game? Have any been found yet?

[gsan1]

Guess its time to shutdown the computer after a 5 hour code research marathon. No flaws found up to now..

U have to understand logic of the code to find these flaws.

Sure I have to   Stuck at the Peer Class. I haven't looked at the Curve25519 algorithmus. Maybe I search further tomorrow. But enough for today - guess I am dreaming of brakets and semicolons.  

PS: Am I the only one that often receivs a 502 Bad Gateway while navigating in this forum?