DFiLeR
|
|
April 16, 2014, 05:36:28 AM |
|
Yes charities not accepting any crypto would be better. If we could get an International one to exclusively accept SOC as only form of crypto donations then we are on the map (that would be hard tho hehe).
We need to have a press release template so we can send them off to news sites when new charities join. Most of it can probably be the same talking about SOC, just need to change the charities name and have a part for info on them. Who is good with words that can write something up.
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
|
allcrypt
|
|
April 16, 2014, 03:55:09 PM |
|
Um, devs... whats going on? I woke up this morning to a TON of error messages. The socialcoin wallet, when making new addresses for new users, was giving out addresses that ALREADY BELONGED TO OTHER USERS!
How is this possible? Why is the wallet giving out duplicate addresses.
And by this I mean on April 11th user 1234 generated an address and the wallet said here you go, and gave him the address S12345. This address was saved in the database and linked to user 1234.
This morning, user 4321 signed up and wanted to deposit some socialcoin, and clicked the 'get me an address' button. The socialcoin wallet said "Ok, here you go!" and TRIED to give him S12345!! Thankfully, the database saw the collision and didn't allow it. However, now internal wallet accounting is off because user 1234 no longer owns the S12345 address! What the heck? How can the wallet possibly generate the same address twice? What kind of RNG are you guys using?
And it didnt happen once. It happened SIX times this morning!
How dangerous is this wallet? How many others wallets are generating addresses that other people have?
|
|
|
|
DFiLeR
|
|
April 16, 2014, 11:30:12 PM |
|
hopefully socialcoin (the user) will be on soon and will have some answers
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
DFiLeR
|
|
April 16, 2014, 11:53:36 PM |
|
Just confirmed with Poloniex that new addresses aren't duplicates and they have no duplicate addresses in their database at present
allcrypt can you check your database and make sure it isn't something weird at your end
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
allcrypt
|
|
April 17, 2014, 02:01:48 AM |
|
Just confirmed with Poloniex that new addresses aren't duplicates and they have no duplicate addresses in their database at present
allcrypt can you check your database and make sure it isn't something weird at your end
Its not the database. The database is preventing it from screwing a user. I have a user that HAS a Socialcoin address. I have another user that generated an address. The address it generated was one the wallet already handed out. It happened six times overnight. On March 30th at 7:43am eastern time, on AllCrypt.com, user ID # 2371 generated the address SbPzVED[removed]cgKkBq1Y. Today at 10:32am eastern time, I received an error alert that user ID # 4521 tried to generate a SOC address and it conflicted with an existing address. The address it generated? SbPzVED[removed]cgKkBq1Y Thats not a database error. That should NOT be possible.
|
|
|
|
minerX1979
Newbie
Offline
Activity: 51
Merit: 0
|
|
April 17, 2014, 05:31:41 AM |
|
allcrypt, I'm not the original developer but I did the last update and looked through the code (changes from original). So let me try to assist you until SocialCoin replies.
The wallet isn't doing anything different when it comes to generating addresses except from starting with a capital 'S'.
Can you try to generate a new address with a rpc call from the command line and see if that address is already in your database? This way we can determine if the error is in the wallet or your code. Which command you use to generate a new address?
I don't know the code of your site, but are you using any caching mechanisms like xcache, apc, memcache? It sounds like your application is caching the addresses somewhere and reuses them.
I will go through the code again now and see if something weird is happening but I advise you to look in to your code as well because the error is probably caused in there.
|
|
|
|
allcrypt
|
|
April 17, 2014, 03:37:34 PM |
|
allcrypt, I'm not the original developer but I did the last update and looked through the code (changes from original). So let me try to assist you until SocialCoin replies.
The wallet isn't doing anything different when it comes to generating addresses except from starting with a capital 'S'.
Can you try to generate a new address with a rpc call from the command line and see if that address is already in your database? This way we can determine if the error is in the wallet or your code. Which command you use to generate a new address?
I don't know the code of your site, but are you using any caching mechanisms like xcache, apc, memcache? It sounds like your application is caching the addresses somewhere and reuses them.
I will go through the code again now and see if something weird is happening but I advise you to look in to your code as well because the error is probably caused in there.
I did yesterday (actually wrote some code to generate 100 new addresses) and there were no conflicts. It happened a lot overnight but we havent seen it since then. To be clear - the address is generated with a getnewaddress RPC call with a user identifier attached (getnewaddress("User identifier")) and then the result saved to the database and linked to the user. If that address is already IN the database it throws an error - which is what happened. We're not using any caching - not a good idea with a live moving exchange. And even if we were - it shouldnt be caching something from a week prior. Thing is - we have over 140 coins now. They ALL use the same code to work with the coins, as all coins use the same RPC structure. SocialCoin is the only coin this has ever happened with.
|
|
|
|
minerX1979
Newbie
Offline
Activity: 51
Merit: 0
|
|
April 17, 2014, 05:36:44 PM |
|
I did yesterday (actually wrote some code to generate 100 new addresses) and there were no conflicts. It happened a lot overnight but we havent seen it since then.
To be clear - the address is generated with a getnewaddress RPC call with a user identifier attached (getnewaddress("User identifier")) and then the result saved to the database and linked to the user. If that address is already IN the database it throws an error - which is what happened.
We're not using any caching - not a good idea with a live moving exchange. And even if we were - it shouldnt be caching something from a week prior.
Thing is - we have over 140 coins now. They ALL use the same code to work with the coins, as all coins use the same RPC structure. SocialCoin is the only coin this has ever happened with.
Are you sure it happened to legit users? Since generating new addresses gives no conflicts and it stopped happening, your site may have been under attack. Maybe someone tried to overtake someone else's wallet or some other attack. Poloniex was recently hacked by sending the same order multiple times at the same moment. Did you find anything out of the ordinary in the coind or webserver log files? You should be able to track the http request and match it to the rpc call. If the call isn't showing in the coin's debug.log you have caching enabled or there was an attack.
|
|
|
|
allcrypt
|
|
April 17, 2014, 06:21:35 PM |
|
It wasnt an attack. No one attacks a site by generating a single wallet address. They also don't then send you a pissed off support ticket that they cannot make a deposit address.
And caching, which I already said we do not use, would not randomly give me back a very specific RPC call response from a week ago, while both before, and after that, ignoring the cache.
It's obvious you are absolutely convinced that there is no possible way in hell that it could be your wallet, so, nevermind.
|
|
|
|
DFiLeR
|
|
April 17, 2014, 11:09:53 PM |
|
Allcrypt, we are just making suggestions while also looking at the wallet code, like how you can't see it would be something on your site, we can't see it would be something in our code. Just let us know if it actually happens again, we will let you know if we find anything.
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
DFiLeR
|
|
April 17, 2014, 11:11:39 PM |
|
How fun is SOC blackjack, I had a hot streak last night, then lost it all again ; / lol http://www.cryptogamble.eu/
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
minerX1979
Newbie
Offline
Activity: 51
Merit: 0
|
|
April 18, 2014, 06:47:45 AM |
|
It wasnt an attack. No one attacks a site by generating a single wallet address. They also don't then send you a pissed off support ticket that they cannot make a deposit address.
And caching, which I already said we do not use, would not randomly give me back a very specific RPC call response from a week ago, while both before, and after that, ignoring the cache.
It's obvious you are absolutely convinced that there is no possible way in hell that it could be your wallet, so, nevermind.
allcrypt, I understand the stress you're in right now with the responsibilities for people's money. We're trying to help you out. My personal method is to rule out all the possibilities to find the problem. I can only look in to the SocialCoin code, not yours so I have to ask you all these questions in order to move forward. I am not suggesting there's anything wrong with your code, I am simply trying to find and fix the problem as fast as possible. Caching seemed like a possible culprit if expiry is left to 0. If things work normally, then don't and then work normal again, it's safe to assume there was some form of attack. Maybe against the wallet, maybe sql injection to hijack other users accounts/wallets. I would like to see this problem getting fixed. Crypto doesn't need another exchange getting in trouble and if it's caused by the wallet, the problem may be spread across every bitcoin/litecoin derivative. If you want we can get in touch on irc and work on the problem more directly. PM me if you want.
|
|
|
|
DFiLeR
|
|
April 18, 2014, 03:55:54 PM |
|
Looks like we will be on https://www.coin-horse.com/ very soon! Waiting on a couple more gaming sites to take it to 4, will leave it at that for now.
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
SocialCoin (OP)
|
|
April 19, 2014, 04:57:55 AM |
|
Um, devs... whats going on? I woke up this morning to a TON of error messages. The socialcoin wallet, when making new addresses for new users, was giving out addresses that ALREADY BELONGED TO OTHER USERS!
How is this possible? Why is the wallet giving out duplicate addresses.
And by this I mean on April 11th user 1234 generated an address and the wallet said here you go, and gave him the address S12345. This address was saved in the database and linked to user 1234.
This morning, user 4321 signed up and wanted to deposit some socialcoin, and clicked the 'get me an address' button. The socialcoin wallet said "Ok, here you go!" and TRIED to give him S12345!! Thankfully, the database saw the collision and didn't allow it. However, now internal wallet accounting is off because user 1234 no longer owns the S12345 address! What the heck? How can the wallet possibly generate the same address twice? What kind of RNG are you guys using?
And it didnt happen once. It happened SIX times this morning!
How dangerous is this wallet? How many others wallets are generating addresses that other people have?
Hi there, AllCrypt. I'm afraid there's a very slim chance this will happen and I really believe this is something in your code / site. I remember seeing a message you guys wrote regarding another coin with the exact same issue so my assumption is there's some kind of bug in your system. As MinerX said - The code we use to generate addresses is identical to the code used in Litecoin (other than the version) and there's absolutely no reason for this to happen. Also, Poloniex does not have this error and he's live for quite a while (around 2 months) and generated an address automatically for every new user in the system. So again, I'm sorry to say this but it sounds like a problem on your end. Thanks for your support of the coin and good luck in solving this. We're here to help with anything you might need.
|
|
|
|
DFiLeR
|
|
April 19, 2014, 10:52:59 PM |
|
Soccoin.com Website back up. Hopefully downtime will be minimal from now.
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
paulus51
|
|
April 21, 2014, 08:19:06 AM |
|
hello , i have just updated the wallet with the new one on page 1 , but it wount get sycned, no connections, please tel me what to do
best regards Paulus 51
|
|
|
|
DFiLeR
|
|
April 21, 2014, 11:55:16 AM |
|
In the SocialCoin wallet, try going into Help > Debug Window > Console
then type..
addnode 209.126.71.166 add addnode 65.30.27.82:8915 add
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
DFiLeR
|
|
April 21, 2014, 11:11:14 PM |
|
Paulus51, I see you have save the greyhounds in your sig. Would it be possible for SOC to add this organisation to its monthly donation vote?
|
VRC VKAE3VC3iPf2FFJsrzirzk4SX6mSrzSUka XPM AeX9teC4y9YMRNVb7726i8u3RTCcMksFG3 BTC 15P73FANUu5rgNcCr4kYVUNiD3tdmgqEuP HYPER HL2iRAWRThvAR9kt5NDdEPBhin57tD98hB
|
|
|
paulus51
|
|
April 22, 2014, 07:38:17 AM |
|
Paulus51, I see you have save the greyhounds in your sig. Would it be possible for SOC to add this organisation to its monthly donation vote?
hi , well we are already in look at the vote on page one ;-) , we have had a massive computer crash , lost alot wallets , see our website for more information about it , thanks for asking ;-)
|
|
|
|
|