Nxt source code flaw reports

[salsacz]

Jean-Luc writes english with french syntax, like many french speaking native people (I am). I'm confident that his mother tongue is probably french with very high probability. It is not the case with CfB. I do not see french syntax in CfB writing. That is my analysis. Maybe I'm wrong, but...

And what about BCNext's style?

Relative to BCNExt, I don't know. I believe he is not english native, Im pretty sure of that. I did not see any clear french syntax in his writing like in Jean-Luc post. Note that I know Jean-Luc refer to Star Trek, but I still believe he might be french native, but maybe other latin base language have similar syntax to french, so my interpretation might be wrong. I know that english is not latin based. Here are some latin based language: Portuguese, Spanish, French, Italian and Romanian. There are others.

By the way, keep up the good work, what you all are doing is amazing. Really!

BCNext lives in European time:
https://bitcointalk.org/index.php?action=profile;u=152600;sa=statPanel

Once he also mentioned someting about Beyonce, that he has got some Russian holidays

[1714318498]

1714318498

[1714318498]

1714318498

[1714318498]

1714318498

[1714318498]

1714318498

[minusbalancer]

The whole "futureBlocks" branch of code doesn't work because of the bug.

We should update the commonBlockId once we successfully push the block.
If we will have the "futureBlocks" it will roll out all of the newly added blocks (if any) because of non updated currentBlockId.
Then it will try to add the "futureBlocks" and will fail again. So at the end the whole block chain will be rolled back and peer banned.

It's at line 4570 and further.

Thx, I'll look at that.

I disagree. I don't think it's wrong. I think these situations are simply exclusive. That is, there can't be both: new blocks added and futureBlocks added.
(I was claiming this here: https://bitcointalk.org/index.php?topic=397183.msg4406466#msg4406466)

Imagine you do have the following sequences of blocks returned: b1, b2, b4, b3

All of the blocks are valid and aren't damaged. Existing code won't process this sequence. However adding just 1 line (updating currentBlockId) will make the code work like it was planned.

[Jaguar0625]

I've also been looking closely at the thread that synchs blocks across peers.

Let me use this format to identify blocks (previous block id, current block id, difficulty). And, in each case, let's assume that 2 NXT nodes are active. Here's what I think is happening

--- SCENARIO 1 ---
A: { (0, 1, 1), (1, 2, 2), (2, 3, 3) }
B: { (0, 1, 1), (1, 2, 2), (2, 3, 3), (3, 3, 4), (4, 4, 5) }

In this case the syncing is straightforward (assuming that the blocks are ordered), because B(3, 3, 4), B(4, 4, 5) will connect to A(2, 2, 3).

--- SCENARIO 2 ---
A: { (0, 1, 1), (1, 2, 2), (2, 3, 3) }
B: { (0, 1, 1), (1, 2, 2), (2, 4, 4), (4, 4, 5), (5, 5, 6) }

In this case, the syncing is a little tricker but still ok. B(2, 4, 4), B(4, 4, 5), B(5, 5, 6) are all added to future blocks. Eventually they are chained to A(1, 2, 2) and A(2, 3, 3) is dropped because the final block in the B chain has a greater difficulty than the final block in the B chain.

--- SCENARIO 3 ---
A: { (0, 1, 1), (1, 2, 2), (2, 3, 3) }
B: { (0, 1, 1), (1, 2, 2), (2, 3, 3), (1, 2, 10) }

In this case, let's say B is malicious and wants to replace A(1, 2, 2) with a different block. In this case, B(1, 2, 10) does not chain to the last block in A so it is put in as a future block. The two possible chains for A are:
A.1: { (0, 1, 1), (1, 2, 2), (2, 3, 3) }
A.2: { (0, 1, 1), (1, 2, 10) }

Since A.2 has a higher difficulty, it will be chosen. As far as I can tell, I don't see anything preventing a malicious attacker from manipulating cumulative difficulty scores in order to get blocks dropped.

This would also work if B was manipulated to have both new chaining blocks and future blocks, e.g.
B: { (0, 1, 1), (1, 2, 2), (2, 3, 3), (3, 4, 4), (1, 2, 10) }

In effect, this would keep transactions (B(3, 4, 4) in the example completely hidden from A.

Or am I missing something?

[Jaguar0625]

I think we could have better/faster implementation of Curve25519, but it's something that shoulbe further researched

Btw, we have 100'000 NXT bounty for fast JS-implementation. Look at https://bitcointalk.org/index.php?topic=345619.msg4345122#msg4345122 plz.

I also created a separate thread on this in case any one wanted to collaborate, but so far no takers :/.

[gimre]

Imagine you do have the following sequences of blocks returned: b1, b2, b4, b3

All of the blocks are valid and aren't damaged. Existing code won't process this sequence. However adding just 1 line (updating currentBlockId) will make the code work like it was planned.

returned from WHERE?

I assume you were reffering to commonBlockId not currentBlockId

They will either be added after commonBlockId or, if there was a split, proper block will be removed and they will be added AFTER popped blocks.

So I still don't see a problem

[gimre]

In this case, let's say B is malicious and wants to replace A(1, 2, 2) with a different block. In this case, B(1, 2, 10) does not chain to the last block in A so it is put in as a future block. The two possible chains for A are:
A.1: { (0, 1, 1), (1, 2, 2), (2, 3, 3) }
A.2: { (0, 1, 1), (1, 2, 10) }

Since A.2 has a higher difficulty, it will be chosen. As far as I can tell, I don't see anything preventing a malicious attacker from manipulating cumulative difficulty scores in order to get blocks dropped.

Maybe I haven't slept enough, but I think you're right, but...

This would imply two things:

• He would have to be generator of (1,2,10) - ok he can predict that
• but he would also have to be generator of (1,2,2) (coz verify generation signature would't pass)

so basically he would invalidate his own block...

This would also work if B was manipulated to have both new chaining blocks and future blocks, e.g.
B: { (0, 1, 1), (1, 2, 2), (2, 3, 3), (3, 4, 4), (1, 2, 10) }

In effect, this would keep transactions (B(3, 4, 4) in the example completely hidden from A.

Or am I missing something?

I think this is good example, that those situations (adding to end of chain AND invalidating tail of chain) are (or rather should, as they are not now)
mutually exclusive cases...

[bithic]

Hello, I just came to this thread today. I'm a Java developer, but quite new to crypto and haven't had time to delve into source code yet. This is a good opportunity to start educating myself on the nuts and bolts, so I'm going to dive in. You probably won't hear from me unless I unearth something that might be useful, but I just want to say hi and congratulate you all on the great work that's happening here.

[Come-from-Beyond]

Agree.
Then we do have the other bug - outgoing transactions are not deducted from the "genesis" created accounts while calculating the effective balance.

Edit: incoming

It's by design.

[Jaguar0625]

I am on it but I think it will a lot slower than you want

We'll choose the fastest and will pay part of the bounty then.

I'm also working on it . I just got the signing part working pretty well today, but now i need to move on the verify part this weekend, which i can see will be a lot trickier.

[Meizirkki]

Code:

					int curTime = getEpochTime(System.currentTimeMillis());

This occurs three times in the code. Isn't it impossible for int to carry such high value?

According to Orace int max value is:
2^31-1 = 2147483647

Current time in milliseconds is past 1389336607592 atm.

[Come-from-Beyond]

Code:

					int curTime = getEpochTime(System.currentTimeMillis());

This occurs three times in the code. Isn't it impossible for int to carry such high value?

According to Orace int max value is:
2^31-1 = 2147483647

Current time in milliseconds is past 1389336607592 atm.

It's measured in seconds and shifted.

[Meizirkki]

Code:

					int curTime = getEpochTime(System.currentTimeMillis());

This occurs three times in the code. Isn't it impossible for int to carry such high value?

According to Orace int max value is:
2^31-1 = 2147483647

Current time in milliseconds is past 1389336607592 atm.

It's measured in seconds and shifted.

Dammit it's time for me to get some more coffee

[minusbalancer]

Imagine you do have the following sequences of blocks returned: b1, b2, b4, b3

All of the blocks are valid and aren't damaged. Existing code won't process this sequence. However adding just 1 line (updating currentBlockId) will make the code work like it was planned.

returned from WHERE?

I assume you were reffering to commonBlockId not currentBlockId

They will either be added after commonBlockId or, if there was a split, proper block will be removed and they will be added AFTER popped blocks.

So I still don't see a problem

You are correct. I was referring the commonBlockId. It will take too long too explain.
I am not referring the scenario with 2 nodes. Imagine we do have just 1 node and the sequence is wrong in JSON.

Still it's not 1 of the injected flaws so doesn't matter.

[gimre]

I am on it but I think it will a lot slower than you want

We'll choose the fastest and will pay part of the bounty then.

I'm also working on it . I just got the signing part working pretty well today, but now i need to move on the verify part this weekend, which i can see will be a lot trickier.

So am I (but I don't even have signing yet :>)

[ricot]

Agree.
Then we do have the other bug - outgoing transactions are not deducted from the "genesis" created accounts while calculating the effective balance.

Edit: incoming

It's by design.

?!?!?!

So by design the founders have the ability to increase their forging chances 73-fold???
Then this currency is dead

[gimre]

You are correct. I was referring the commonBlockId. It will take too long too explain.
I am not referring the scenario with 2 nodes. Imagine we do have just 1 node and the sequence is wrong in JSON.

I'll take a look at it again

[Come-from-Beyond]

So by design the founders have the ability to increase their forging chances 73-fold???
Then this currency is dead

They don't have this ability. Use math and u'll see why.

[ZeroTheGreat]

Jean-Luc writes english with french syntax, like many french speaking native people (I am). I'm confident that his mother tongue is probably french with very high probability. It is not the case with CfB. I do not see french syntax in CfB writing. That is my analysis. Maybe I'm wrong, but...

And what about BCNext's style?

Come on... we all know the truth.  BCNext, Jean-Luc, CnB, Fuseleer, RealSolid, Coinhunter, Gavin, satoshi, BitcoineXpress AND rlh are all the same, very-schizo multi-personality.

Sorry... I couldn't resist.

Your forgot tvv 

[gimre]

With the published code no one will be able to generate any block ever.

In getEffectiveBalance() we do have the check for the account age of 1440 (blocks).

Since at the beginning of the functioning the system all of the accounts had 0 age, none of them will be able to generate the block.
No blocks generated => no age increase.

Accounts listed in genesis block can generate blocks, their age is not analyzed.

@minusbalancer: ok, now I get what you've meant, but I think that it's how it SHOULD BE.

I repeat what I've told already few times, in my opinion these two situations are exclusive

• adding new blocks at the end
• droppin elements starting at commonBlockId, and adding "new chain" from futureBlocks

So IMHO it's perfectly OK that commonBlockId is NOT updated. (otherwise, you would FSCK up all the "fork fixing")

You were mentioning blocks coming not in order, if something like this happens - IT'S BAD.
It means it's non conformant client, so most probably "previous" version of blockchain will be properly restored,
and that "non-conformant" client will be added to blacklist.

[ImmortAlex]

I repeat what I've told already few times, in my opinion these two situations are exclusive

• adding new blocks at the end
• droppin elements starting at commonBlockId, and adding "new chain" from futureBlocks

So IMHO it's perfectly OK that commonBlockId is NOT updated. (otherwise, you would FSCK up all the "fork fixing")

+1
I dreamed on this a lot, and consider this code branches are exclusive. It is not very clean when looking for first ot second time, the logic is not simple if-else statement.