Bitcoin Forum
December 11, 2016, 10:04:32 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: SolidCoin Exploited.  (Read 3156 times)
SAC
Sr. Member
****
Offline Offline

Activity: 322


View Profile
December 01, 2011, 08:15:50 AM
 #1

...
1481450672
Hero Member
*
Offline Offline

Posts: 1481450672

View Profile Personal Message (Offline)

Ignore
1481450672
Reply with quote  #2

1481450672
Report to moderator
1481450672
Hero Member
*
Offline Offline

Posts: 1481450672

View Profile Personal Message (Offline)

Ignore
1481450672
Reply with quote  #2

1481450672
Report to moderator
1481450672
Hero Member
*
Offline Offline

Posts: 1481450672

View Profile Personal Message (Offline)

Ignore
1481450672
Reply with quote  #2

1481450672
Report to moderator
There are several different types of Bitcoin clients. Header-only clients like MultiBit trust that the majority of mining power is honest for the purposes of enforcing network rules such as the 21 million BTC limit. Full clients do not trust miners in this way.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481450672
Hero Member
*
Offline Offline

Posts: 1481450672

View Profile Personal Message (Offline)

Ignore
1481450672
Reply with quote  #2

1481450672
Report to moderator
FlipPro
Legendary
*
Offline Offline

Activity: 1386



View Profile WWW
December 01, 2011, 08:28:51 AM
 #2

Well started a thread on this page I found about mining the trusted blocks on SolidCoin and one of the SC trolls had this to post in the thread apparently the page was correct and someone has exploited the "unbreakable code of the master programmer" RS.



Response from RealSolid

Quote
Posted Today, 06:01 AM
Yeah there was an exploit which currently takes some of the CPF payment away from the CPF in the trust blocks and instead gives it to an address supplied by the attacker. It's mostly been limited though with code given to the trust nodes, exchanges and larger pools. There currently isn't much SC going to the CPF each day, so the amount they got was quite small. The trust node system has allowed us to pretty much nullify any serious attack vector that was possible (as unlikely as they were it did highlight some more things we needed to tie down).

There will be a new version out soon which signs the trust blocks themselves so that they cannot be altered and "reused" at all.

What I find weird on that page though is the fact it's revenge for Litecoin, they think we had something to do with their spam or something? Quite weird when we already know one person who has admitted to spamming in the past and thinks it's a valid "testing tool" , ie artforz. The guy who is also likely behind this exploit.


SAC

I am no more of a SC troll than you are a LTC troll.

Tweet For Coins http://uptweet.com
kjlimo
Legendary
*
Offline Offline

Activity: 1498


View Profile WWW
December 01, 2011, 10:08:30 AM
 #3

Well started a thread on this page I found about mining the trusted blocks on SolidCoin and one of the SC trolls had this to post in the thread apparently the page was correct and someone has exploited the "unbreakable code of the master programmer" RS.



Response from RealSolid

Quote
Posted Today, 06:01 AM
Yeah there was an exploit which currently takes some of the CPF payment away from the CPF in the trust blocks and instead gives it to an address supplied by the attacker. It's mostly been limited though with code given to the trust nodes, exchanges and larger pools. There currently isn't much SC going to the CPF each day, so the amount they got was quite small. The trust node system has allowed us to pretty much nullify any serious attack vector that was possible (as unlikely as they were it did highlight some more things we needed to tie down).

There will be a new version out soon which signs the trust blocks themselves so that they cannot be altered and "reused" at all.

What I find weird on that page though is the fact it's revenge for Litecoin, they think we had something to do with their spam or something? Quite weird when we already know one person who has admitted to spamming in the past and thinks it's a valid "testing tool" , ie artforz. The guy who is also likely behind this exploit.


SAC

I am no more of a SC troll than you are a LTC troll.

gotta love the troll on troll action!

alternative cryptocurrency volatility FTW!  Day-trading anyone?

CampBX for buying BTCs, Coinbase for selling BTCs or Vircurex or Cryptsy for trading alternate cryptocurrencies like DOGEs

PM me with any questions on these sites!  Happy to help!

Bitcoin Poker at Seals                  Strike Sapphire Casino  Free games every hour & day!
  Get Free Bitcoins here.

Spondoolies-Tech or KnC Miner for the fastest mining hardware available!

Bitpay to help your business accept bitcoin payments!
makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
December 01, 2011, 11:05:21 AM
 #4

Quote
The trust node system has allowed us to pretty much nullify any serious attack vector that was possible (as unlikely as they were it did highlight some more things we needed to tie down).
I don't think this is actually true. The thing I didn't entirely grasp when first reading the patch is that unlike Bitcoin, which prefers the first block it saw if it receives two that are equally good, Solidcoin uses the most recent block:
Code:
    // New best
    if (pindexNew->bnChainWork > g_bnBlockBestChainWork || pindexNew->bnChainWork == g_bnBlockBestChainWork)
    {
        if (!SetBestChain(txdb, pindexNew)) return false;
    }
So in theory not even using the trust nodes to completely shut down Solidcoin would be enough to stop someone from exploiting this to rewrite history. They should give RealSolid some power to influence which side of a double spend wins if he catches it soon enough and has enough hashpower, though.

That's a thought actually. If the new version breaks backwards compatibility and some nodes don't upgrade on time it'd require a lot less hashpower to attack those nodes than it normally would.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
k9quaint
Legendary
*
Offline Offline

Activity: 1190



View Profile
December 01, 2011, 05:50:03 PM
 #5

This exploit (and others like it) is why it was so important to release the code the control nodes run.
Before the coin launches, not after.

Bitcoin is backed by the full faith and credit of YouTube comments.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
December 01, 2011, 10:49:09 PM
 #6

This exploit (and others like it) is why it was so important to release the code the control nodes run.
Before the coin launches, not after.

Peer review for the win.

WPA vs WEP
Bitcoin vs ScamCoin
AES vs DES
tacotime
Legendary
*
Offline Offline

Activity: 1484



View Profile
December 01, 2011, 11:52:38 PM
 #7

Looks like SC was dropped from allchains

this is the end my friends

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
Schwede65
Sr. Member
****
Offline Offline

Activity: 309


View Profile
December 02, 2011, 12:02:29 AM
 #8

Looks like SC was dropped from allchains

this is the end my friends

chart 1: SC is present

chart 2 + 3: very long time no updated data/SC and now its dropped
naypalm
Legendary
*
Offline Offline

Activity: 1212


AFK :/


View Profile WWW
December 02, 2011, 01:38:28 AM
 #9

SC's still around!?

kjlimo
Legendary
*
Offline Offline

Activity: 1498


View Profile WWW
December 02, 2011, 06:09:12 AM
 #10

Looks like SC was dropped from allchains

this is the end my friends

chart 1: SC is present

chart 2 + 3: very long time no updated data/SC and now its dropped

agreed, charts 2 & 3 were incredibly hard to compare and didn't necessiarly make sense when comparing.  It seems these CPU chains are apples & oranges....

CampBX for buying BTCs, Coinbase for selling BTCs or Vircurex or Cryptsy for trading alternate cryptocurrencies like DOGEs

PM me with any questions on these sites!  Happy to help!

Bitcoin Poker at Seals                  Strike Sapphire Casino  Free games every hour & day!
  Get Free Bitcoins here.

Spondoolies-Tech or KnC Miner for the fastest mining hardware available!

Bitpay to help your business accept bitcoin payments!
makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
December 02, 2011, 09:55:09 AM
 #11

Well, RealSolid has released an update that claims to fix all the issues and given users a whole hour to upgrade before their clients get stuck. Notice that I said "claims to" here; the source code for it hasn't been released so I have no idea whether he actually did what he's claiming to have done.

Quote from: RealSolid
SolidCoin v2.02 has been released. This is a mandatory release, you will be unable to move past block 91500 without it.

It is advised you redownload the chain so that it prunes away all the orphans from the recent "spam", you do this by going to the solidcoin2 data directory and deleting blk0001.dat and blkindex.dat . Then you start SolidCoin and it will download the chain again. The chain size (blk0001.dat) should be under 50MB.

New features include :-

*) Trust blocks now signed completely so they cannot be altered by anyone except trust block creator
*) Trust blocks now have tighter checks, such as only one out on generates.
*) Startup speed improvements
*) Block stalling improved, especially during initial download
*) Reorg limits put in place, no client will accept a reorg greater than 5 now
*) Block acceptance limits put in place to reduce orphans adding to blockchain size
*) Check on maximum payments to CPF
*) Maximum block size reduced to 200KB from 1000KB

Also, remember what I said in my previous post?
So in theory not even using the trust nodes to completely shut down Solidcoin would be enough to stop someone from exploiting this to rewrite history. ...

That's a thought actually. If the new version breaks backwards compatibility and some nodes don't upgrade on time it'd require a lot less hashpower to attack those nodes than it normally would.
Apparently it did with not very much time for people to upgrade. If any nodes are still running 2.01 as released an attacker has until they upgrade to build a deep enough history rewrite and double-spend their coins. If they're running RealSolid's non-public upgrade to 2.01 the same may be true depending on what exactly he changed in the upgrade and what happens at 2.02.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
wannaBhacker
Member
**
Offline Offline

Activity: 96


View Profile
December 02, 2011, 04:00:29 PM
 #12

SC's still around!?

ha ha ha

Don't know how but it is. Oh king, what shall your users do now? I thought you made a coin more secure than bitcoin. Ooops, guess not.
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
December 02, 2011, 05:40:30 PM
 #13

lol scamcoin
coblee
Donator
Legendary
*
Offline Offline

Activity: 1078


firstbits.com/1ce5j


View Profile WWW
December 02, 2011, 11:10:23 PM
 #14

Quote from: RealSolid
SolidCoin v2.02 has been released. This is a mandatory release, you will be unable to move past block 91500 without it.

This is the central control that doomed SC 2.0 the moment it was launched.

One hour notice for a mandatory binary-only update. Really?!?

RealSolid constantly attacks Bitcoin saying that businesses will never accept them because of a possible 51% attack. Does he really think businesses will accept solidcoins when he keeps pulling this kind of crap? They would have to upgrade with an hour notice to a binary that could contain trojans. And there's no recourse. No source code to check and compile themselves. If they don't upgrade, they can no longer transact in solidcoins. Awesome.


Ahimoth
Member
**
Offline Offline

Activity: 69


View Profile
December 02, 2011, 11:46:35 PM
 #15

Actually source was posted to github within a couple hours of binary release. Admittedly, it was short notice. However, in this situation I think it was prudent to issue a mandatory release as soon as possible.
CoinHunter
Sr. Member
****
Offline Offline

Activity: 252



View Profile
December 02, 2011, 11:50:56 PM
 #16

One hour notice for a mandatory binary-only update. Really?!?

RealSolid constantly attacks Bitcoin saying that businesses will never accept them because of a possible 51% attack. Does he really think businesses will accept solidcoins when he keeps pulling this kind of crap? They would have to upgrade with an hour notice to a binary that could contain trojans. And there's no recourse. No source code to check and compile themselves. If they don't upgrade, they can no longer transact in solidcoins. Awesome.

Coblee I think the difference is people expect SolidCoin to be secure so we work to always achieve that. If the network is slow for a few hours so be it, better that than being attacked. When you have a new code base, new solutions to problems, there are going to be issues that need working out, SolidCoin is still young and we don't have that many businesses yet which are affected by these things. Something like this if we were the size of bitcoin would be unacceptable I would agree with that.

As usual though you're ignorant about many things SolidCoin, source was released not long after the binaries. Unlike perhaps Litecoin, people don't need to worry about Trojans with SolidCoin, only one person makes the binaries and we have done so for nearly 6 months without any issues, we have a history of being safe.

Try SolidCoin or talk with other SolidCoin supporters here SolidCoin Forums
coblee
Donator
Legendary
*
Offline Offline

Activity: 1078


firstbits.com/1ce5j


View Profile WWW
December 03, 2011, 12:06:43 AM
 #17

As usual though you're ignorant about many things SolidCoin, source was released not long after the binaries. Unlike perhaps Litecoin, people don't need to worry about Trojans with SolidCoin, only one person makes the binaries and we have done so for nearly 6 months without any issues, we have a history of being safe.

LOL. You sound like Bernard Madoff.

Starlightbreaker
Legendary
*
Offline Offline

Activity: 1204


★Nitrogensports.eu★


View Profile
December 03, 2011, 12:15:10 AM
 #18



Coblee I think the difference is people expect SolidCoin to be secure so we work to always achieve that.
always remember one thing.

"assumptions is the mother of fuck-ups"


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
CoinHunter
Sr. Member
****
Offline Offline

Activity: 252



View Profile
December 03, 2011, 12:20:00 AM
 #19

Six months, wow your time keeper is off so let me refresh your memory.

SC1 launched on August 21st died on September 10th
SC2 launched October 10th died the instant it was released.

SC1 lived 29 days, SC2 isn't two months old yet.

Where do you get six months?

Thanks, we should promote you to SolidCoin PR, you want that role? You know so much about us Smiley

There were private betas before SC1 was launched and of course during our downtime. It's not quite 6 months but nearing on it.

Try SolidCoin or talk with other SolidCoin supporters here SolidCoin Forums
coblee
Donator
Legendary
*
Offline Offline

Activity: 1078


firstbits.com/1ce5j


View Profile WWW
December 03, 2011, 12:26:17 AM
 #20

As usual though you're ignorant about many things SolidCoin

Such condescending attitude. Seems like you are also ignorant about many things SolidCoin.

Btw, Litecoin has a track record of 2 years of trojan free releases. Take that! We were in private beta for almost 2 years.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!