PIVX and possibly 200 other blockchains vulnerable to bug

[qwizzie]

Source picture : Cointelegraph article itself

Read more here : https://cointelegraph.com/news/pivx-possibly-other-pos-chains-vulnerable-to-bug-attackers-profit

Note : PIVX is a fork of Dash (forked from Dash v0.12.0.x) and is using a custom proof of stake (PoS) model.
Both PIVX and over 200 other PoS blockchains appear to be vulnerable to disproportionately high staking rewards.
Dash on the other hand does not have this vulnerability, because Dash has a proof of work (PoW) model.

Bitgreen (a PoS altcoin running on PIVX) stated it will start planning a migration from PIVX to Dash.

As a final solution, the BitGreen project plans to migrate from the still-vulnerable PIVX network to DASH on its next update

Link : https://beincrypto.com/pivx-response-to-network-vulnerability-casts-doubt-on-project/


Update : https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

[qwizzie]

https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past.  However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side 

[Khaos77]

https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past.  However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side  

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age

Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications  

So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.

[qwizzie]

https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past.  However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side  

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age

Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications  

So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.

Interesting information, thank you.

[Khaos77]

https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past.  However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side  

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age

Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications  

So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.

Interesting information, thank you.

Pivx Team released a response to the article.
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

There are some discrepancies with that Mr. Yoon seems to be basing his conclusions on.
There is more than 87 coins in this wallet. It’s over 11k.
    Main Address DHagKZ4ByFgxXe3txYysxqG5x6PvcSmwQS
    Owner Unknown
    Balance 11,625.05234493 PIVX
    Addresses 100
    with non zero-balance 100
 

Hmm,
Discrepancy
According to https://chainz.cryptoid.info/pivx/address.dws?DCLsuSttqkWABZkNvVHNbRFxWtTTHXYRMS.htm
Balance appears to be

Balance   90.12076074 PIVX

not the amount claimed by the Pivx devs, 

[qwizzie]

Pivx Team released a response to the article.
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

There are some discrepancies with that Mr. Yoon seems to be basing his conclusions on.
There is more than 87 coins in this wallet. It’s over 11k.
    Main Address DHagKZ4ByFgxXe3txYysxqG5x6PvcSmwQS
    Owner Unknown
    Balance 11,625.05234493 PIVX
    Addresses 100
    with non zero-balance 100


Hmm,
Discrepancy
According to https://chainz.cryptoid.info/pivx/address.dws?DCLsuSttqkWABZkNvVHNbRFxWtTTHXYRMS.htm
Balance appears to be

Balance   90.12076074 PIVX

not the amount claimed by the Pivx devs,  

Yeah, i was wondering about that myself (i did not check the addresses though).
Below seems to summarize the main problem by the way :



Link : https://www.reddit.com/r/pivx/comments/cpy3ea/a_response_to_the_article_pivx_and_200_pos_chains/

[bathrobehero]

Yeah, i was wondering about that myself (i did not check the addresses though).
Below seems to summarize the main problem by the way :

https://i.imgur.com/EjdXS0v.jpg

Link : https://www.reddit.com/r/pivx/comments/cpy3ea/a_response_to_the_article_pivx_and_200_pos_chains/

Whoa, did not expect to see myself quoted from reddit.

I'm very curious how long the fix will take and if they decide to punish the offenders in any way.