Come-from-Beyond (OP)
Legendary
 Offline
Activity: 2142
Merit: 1010
Newbie
|
 |
February 24, 2014, 04:28:35 PM |
|
Could you please elaborate on how its a feature and not a flaw.
I prefer to wait until someone explains why it's a flaw. |
|
|
|
|
goingDeaf
Newbie
Offline
Activity: 26
Merit: 0
|
|
February 27, 2014, 10:37:18 PM |
|
Building on previous posts.
The previous block is always read from the lastBlock ala getBaseTarget.
If a malicious person were to re-write the client at pushBlock so that previous block was offset by 1 at generation time so then verifyGenerationSignature would honour this previous block and skip the actual previous block, meaning that there would be a block with missing transactions making double spending possible.
|
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
March 02, 2014, 08:15:04 PM |
|
Building on previous posts.
The previous block is always read from the lastBlock ala getBaseTarget.
If a malicious person were to re-write the client at pushBlock so that previous block was offset by 1 at generation time so then verifyGenerationSignature would honour this previous block and skip the actual previous block, meaning that there would be a block with missing transactions making double spending possible.
And what makes you think, any other peer in network would accept such block... |
|
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 08, 2014, 02:44:11 PM |
|
U still have time to find it and get 100K reward. |
|
|
|
|
|
jkoil
|
|
March 08, 2014, 03:33:15 PM |
|
U still have time to find it and get 100K reward. absolutely great. In that case I start focusing on that flaw, coz I just got my first java code working  and therefore I'm qualified java dev now - I shall have a date with that flaw : We shall meet in the place where there is no darkness  |
|
|
|
|
Evil-Knievel
Legendary
Offline
Activity: 1260
Merit: 1168
|
|
March 12, 2014, 07:26:20 PM
Last edit: April 17, 2016, 10:45:20 PM by Evil-Knievel |
|
This message was too old and has been purged
|
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 12, 2014, 08:00:33 PM |
|
Could you make this clearer?
Only after 3rd of April. |
|
|
|
|
|
jkoil
|
|
March 14, 2014, 08:52:13 PM |
|
Is this "getLastBlock().height > 303" a flaw? for (i = 0; i < block.numberOfTransactions; i++) {
Transaction transaction = blockTransactions.get(block.transactions[i]);
if (
transaction.timestamp > curTime + 15 ||
transaction.deadline < 1 ||
(transaction.timestamp + transaction.deadline * 60 < blockTimestamp &&
getLastBlock().height > 303)
||
transaction.fee <= 0 ||
!transaction.validateAttachment() || Nxt.transactions.get(block.transactions[i]) != null ||
(transaction.referencedTransaction != 0 &&
Nxt.transactions.get(transaction.referencedTransaction) == null &&
blockTransactions.get(transaction.referencedTransaction) == null) ||
(unconfirmedTransactions.get(block.transactions[i]) == null && !transaction.verify())
)
{
break;
}
condition with "303" : when block height is 1 - 302, transactions' timestamp can be > blockTimestamp. |
|
|
|
|
|
opticalcarrier
|
|
March 14, 2014, 09:08:52 PM |
|
Is this "getLastBlock().height > 303" a flaw? for (i = 0; i < block.numberOfTransactions; i++) {
Transaction transaction = blockTransactions.get(block.transactions[i]);
if (
transaction.timestamp > curTime + 15 ||
transaction.deadline < 1 ||
(transaction.timestamp + transaction.deadline * 60 < blockTimestamp &&
getLastBlock().height > 303)
||
transaction.fee <= 0 ||
!transaction.validateAttachment() || Nxt.transactions.get(block.transactions[i]) != null ||
(transaction.referencedTransaction != 0 &&
Nxt.transactions.get(transaction.referencedTransaction) == null &&
blockTransactions.get(transaction.referencedTransaction) == null) ||
(unconfirmedTransactions.get(block.transactions[i]) == null && !transaction.verify())
)
{
break;
}
condition with "303" : when block height is 1 - 302, transactions' timestamp can be > blockTimestamp. hmmm 302 blocks is less than 1 day |
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 14, 2014, 09:18:53 PM |
|
Is this "getLastBlock().height > 303" a flaw? for (i = 0; i < block.numberOfTransactions; i++) {
Transaction transaction = blockTransactions.get(block.transactions[i]);
if (
transaction.timestamp > curTime + 15 ||
transaction.deadline < 1 ||
(transaction.timestamp + transaction.deadline * 60 < blockTimestamp &&
getLastBlock().height > 303)
||
transaction.fee <= 0 ||
!transaction.validateAttachment() || Nxt.transactions.get(block.transactions[i]) != null ||
(transaction.referencedTransaction != 0 &&
Nxt.transactions.get(transaction.referencedTransaction) == null &&
blockTransactions.get(transaction.referencedTransaction) == null) ||
(unconfirmedTransactions.get(block.transactions[i]) == null && !transaction.verify())
)
{
break;
}
condition with "303" : when block height is 1 - 302, transactions' timestamp can be > blockTimestamp. It's not the flaw. The block contains a transaction that expired before the block timestamp. The corresponding check was added later. |
|
|
|
|
|
jkoil
|
|
March 14, 2014, 10:07:34 PM |
|
Is this "getLastBlock().height > 303" a flaw?
/code]
condition with "303" : when block height is 1 - 302, transactions' timestamp can be > blockTimestamp.
It's not the flaw. The block contains a transaction that expired before the block timestamp. The corresponding check was added later. If NXT-copycoin starts from its genesis block, that condition is not causing any problem or risk? |
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 14, 2014, 10:08:26 PM |
|
If NXT-copycoin starts from its genesis block, that condition is not causing any problem or risk?
No, don't worry. |
|
|
|
|
|
jkoil
|
|
March 14, 2014, 10:19:22 PM |
|
If NXT-copycoin starts from its genesis block, that condition is not causing any problem or risk?
No, don't worry. ok *sigh ... the flaw-candidates are running out. Interesting to see the revelation of 3rd of April ... |
|
|
|
|
|
Eadeqa
|
|
March 19, 2014, 05:31:59 PM |
|
Could you make this clearer?
Only after 3rd of April. Don't reveal the flaw on 3rd of April, please Let someone find it. |
|
|
|
|
Lohoris
|
|
March 19, 2014, 06:29:01 PM |
|
Don't reveal the flaw on 3rd of April, please
Let someone find it.
Are you seriously suggesting to break a promise? |
|
|
|
|
Eadeqa
|
|
March 19, 2014, 06:37:59 PM |
|
Don't reveal the flaw on 3rd of April, please
Let someone find it.
Are you seriously suggesting to break a promise? Where is the promise that the flaw will be revealed on the 3rd? All I see is the promise of reward before that date. |
|
|
|
etlase3
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 19, 2014, 07:43:45 PM |
|
Don't reveal the flaw on 3rd of April, please
Let someone find it.
Are you seriously suggesting to break a promise? Like releasing the full source on Jan 3rd? |
|
|
|
|
Come-from-Beyond (OP)
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
March 19, 2014, 08:44:19 PM |
|
Like releasing the full source on Jan 3rd?
It was never promised to release full source on Jan 3rd. Why r u still there, all ur posts r troll posts. |
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
March 20, 2014, 07:00:27 AM |
|
Like releasing the full source on Jan 3rd?
It was never promised to release full source on Jan 3rd. Why r u still there, all ur posts r troll posts. +1, there was never such promise. actually I thought source code will be published in April, so it's way ahead of that |
|
|
|
|
