SAC (OP)
|
|
December 01, 2011, 08:15:50 AM Last edit: January 16, 2012, 07:07:34 PM by SAC |
|
...
|
|
|
|
FlipPro
Legendary
Offline
Activity: 1764
Merit: 1015
|
|
December 01, 2011, 08:28:51 AM Last edit: December 01, 2011, 08:46:24 AM by FlipPro |
|
Well started a thread on this page I found about mining the trusted blocks on SolidCoin and one of the SC trolls had this to post in the thread apparently the page was correct and someone has exploited the "unbreakable code of the master programmer" RS. Response from RealSolid Posted Today, 06:01 AM Yeah there was an exploit which currently takes some of the CPF payment away from the CPF in the trust blocks and instead gives it to an address supplied by the attacker. It's mostly been limited though with code given to the trust nodes, exchanges and larger pools. There currently isn't much SC going to the CPF each day, so the amount they got was quite small. The trust node system has allowed us to pretty much nullify any serious attack vector that was possible (as unlikely as they were it did highlight some more things we needed to tie down).
There will be a new version out soon which signs the trust blocks themselves so that they cannot be altered and "reused" at all.
What I find weird on that page though is the fact it's revenge for Litecoin, they think we had something to do with their spam or something? Quite weird when we already know one person who has admitted to spamming in the past and thinks it's a valid "testing tool" , ie artforz. The guy who is also likely behind this exploit. SAC I am no more of a SC troll than you are a LTC troll.
|
|
|
|
kjlimo
Legendary
Offline
Activity: 2114
Merit: 1031
|
|
December 01, 2011, 10:08:30 AM |
|
Well started a thread on this page I found about mining the trusted blocks on SolidCoin and one of the SC trolls had this to post in the thread apparently the page was correct and someone has exploited the "unbreakable code of the master programmer" RS. Response from RealSolid Posted Today, 06:01 AM Yeah there was an exploit which currently takes some of the CPF payment away from the CPF in the trust blocks and instead gives it to an address supplied by the attacker. It's mostly been limited though with code given to the trust nodes, exchanges and larger pools. There currently isn't much SC going to the CPF each day, so the amount they got was quite small. The trust node system has allowed us to pretty much nullify any serious attack vector that was possible (as unlikely as they were it did highlight some more things we needed to tie down).
There will be a new version out soon which signs the trust blocks themselves so that they cannot be altered and "reused" at all.
What I find weird on that page though is the fact it's revenge for Litecoin, they think we had something to do with their spam or something? Quite weird when we already know one person who has admitted to spamming in the past and thinks it's a valid "testing tool" , ie artforz. The guy who is also likely behind this exploit. SAC I am no more of a SC troll than you are a LTC troll. gotta love the troll on troll action! alternative cryptocurrency volatility FTW! Day-trading anyone?
|
|
|
|
makomk
|
|
December 01, 2011, 11:05:21 AM |
|
The trust node system has allowed us to pretty much nullify any serious attack vector that was possible (as unlikely as they were it did highlight some more things we needed to tie down). I don't think this is actually true. The thing I didn't entirely grasp when first reading the patch is that unlike Bitcoin, which prefers the first block it saw if it receives two that are equally good, Solidcoin uses the most recent block: // New best if (pindexNew->bnChainWork > g_bnBlockBestChainWork || pindexNew->bnChainWork == g_bnBlockBestChainWork) { if (!SetBestChain(txdb, pindexNew)) return false; } So in theory not even using the trust nodes to completely shut down Solidcoin would be enough to stop someone from exploiting this to rewrite history. They should give RealSolid some power to influence which side of a double spend wins if he catches it soon enough and has enough hashpower, though. That's a thought actually. If the new version breaks backwards compatibility and some nodes don't upgrade on time it'd require a lot less hashpower to attack those nodes than it normally would.
|
Quad XC6SLX150 Board: 860 MHash/s or so. SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
|
|
|
k9quaint
Legendary
Offline
Activity: 1190
Merit: 1000
|
|
December 01, 2011, 05:50:03 PM |
|
This exploit (and others like it) is why it was so important to release the code the control nodes run. Before the coin launches, not after.
|
Bitcoin is backed by the full faith and credit of YouTube comments.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
December 01, 2011, 10:49:09 PM |
|
This exploit (and others like it) is why it was so important to release the code the control nodes run. Before the coin launches, not after.
Peer review for the win. WPA vs WEP Bitcoin vs ScamCoin AES vs DES
|
|
|
|
tacotime
Legendary
Offline
Activity: 1484
Merit: 1005
|
|
December 01, 2011, 11:52:38 PM |
|
Looks like SC was dropped from allchains
this is the end my friends
|
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
|
|
|
Schwede65
|
|
December 02, 2011, 12:02:29 AM Last edit: December 02, 2011, 12:13:33 AM by Schwede65 |
|
Looks like SC was dropped from allchains
this is the end my friends
chart 1: SC is present chart 2 + 3: very long time no updated data/SC and now its dropped
|
|
|
|
naypalm
Legendary
Offline
Activity: 1272
Merit: 1012
howdy
|
|
December 02, 2011, 01:38:28 AM |
|
SC's still around!?
|
|
|
|
kjlimo
Legendary
Offline
Activity: 2114
Merit: 1031
|
|
December 02, 2011, 06:09:12 AM |
|
Looks like SC was dropped from allchains
this is the end my friends
chart 1: SC is present chart 2 + 3: very long time no updated data/SC and now its dropped agreed, charts 2 & 3 were incredibly hard to compare and didn't necessiarly make sense when comparing. It seems these CPU chains are apples & oranges....
|
|
|
|
makomk
|
|
December 02, 2011, 09:55:09 AM |
|
Well, RealSolid has released an update that claims to fix all the issues and given users a whole hour to upgrade before their clients get stuck. Notice that I said "claims to" here; the source code for it hasn't been released so I have no idea whether he actually did what he's claiming to have done. SolidCoin v2.02 has been released. This is a mandatory release, you will be unable to move past block 91500 without it.
It is advised you redownload the chain so that it prunes away all the orphans from the recent "spam", you do this by going to the solidcoin2 data directory and deleting blk0001.dat and blkindex.dat . Then you start SolidCoin and it will download the chain again. The chain size (blk0001.dat) should be under 50MB.
New features include :-
*) Trust blocks now signed completely so they cannot be altered by anyone except trust block creator *) Trust blocks now have tighter checks, such as only one out on generates. *) Startup speed improvements *) Block stalling improved, especially during initial download *) Reorg limits put in place, no client will accept a reorg greater than 5 now *) Block acceptance limits put in place to reduce orphans adding to blockchain size *) Check on maximum payments to CPF *) Maximum block size reduced to 200KB from 1000KB Also, remember what I said in my previous post? So in theory not even using the trust nodes to completely shut down Solidcoin would be enough to stop someone from exploiting this to rewrite history. ...
That's a thought actually. If the new version breaks backwards compatibility and some nodes don't upgrade on time it'd require a lot less hashpower to attack those nodes than it normally would.
Apparently it did with not very much time for people to upgrade. If any nodes are still running 2.01 as released an attacker has until they upgrade to build a deep enough history rewrite and double-spend their coins. If they're running RealSolid's non-public upgrade to 2.01 the same may be true depending on what exactly he changed in the upgrade and what happens at 2.02.
|
Quad XC6SLX150 Board: 860 MHash/s or so. SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
|
|
|
wannaBhacker
Member
Offline
Activity: 96
Merit: 10
|
|
December 02, 2011, 04:00:29 PM |
|
SC's still around!?
ha ha ha Don't know how but it is. Oh king, what shall your users do now? I thought you made a coin more secure than bitcoin. Ooops, guess not.
|
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
December 02, 2011, 05:40:30 PM |
|
lol scamcoin
|
|
|
|
coblee
Donator
Legendary
Offline
Activity: 1654
Merit: 1350
Creator of Litecoin. Cryptocurrency enthusiast.
|
|
December 02, 2011, 11:10:23 PM |
|
SolidCoin v2.02 has been released. This is a mandatory release, you will be unable to move past block 91500 without it.
This is the central control that doomed SC 2.0 the moment it was launched. One hour notice for a mandatory binary-only update. Really?!? RealSolid constantly attacks Bitcoin saying that businesses will never accept them because of a possible 51% attack. Does he really think businesses will accept solidcoins when he keeps pulling this kind of crap? They would have to upgrade with an hour notice to a binary that could contain trojans. And there's no recourse. No source code to check and compile themselves. If they don't upgrade, they can no longer transact in solidcoins. Awesome.
|
|
|
|
Ahimoth
|
|
December 02, 2011, 11:46:35 PM |
|
Actually source was posted to github within a couple hours of binary release. Admittedly, it was short notice. However, in this situation I think it was prudent to issue a mandatory release as soon as possible.
|
|
|
|
CoinHunter
|
|
December 02, 2011, 11:50:56 PM |
|
One hour notice for a mandatory binary-only update. Really?!?
RealSolid constantly attacks Bitcoin saying that businesses will never accept them because of a possible 51% attack. Does he really think businesses will accept solidcoins when he keeps pulling this kind of crap? They would have to upgrade with an hour notice to a binary that could contain trojans. And there's no recourse. No source code to check and compile themselves. If they don't upgrade, they can no longer transact in solidcoins. Awesome. Coblee I think the difference is people expect SolidCoin to be secure so we work to always achieve that. If the network is slow for a few hours so be it, better that than being attacked. When you have a new code base, new solutions to problems, there are going to be issues that need working out, SolidCoin is still young and we don't have that many businesses yet which are affected by these things. Something like this if we were the size of bitcoin would be unacceptable I would agree with that. As usual though you're ignorant about many things SolidCoin, source was released not long after the binaries. Unlike perhaps Litecoin, people don't need to worry about Trojans with SolidCoin, only one person makes the binaries and we have done so for nearly 6 months without any issues, we have a history of being safe.
|
|
|
|
coblee
Donator
Legendary
Offline
Activity: 1654
Merit: 1350
Creator of Litecoin. Cryptocurrency enthusiast.
|
|
December 03, 2011, 12:06:43 AM |
|
As usual though you're ignorant about many things SolidCoin, source was released not long after the binaries. Unlike perhaps Litecoin, people don't need to worry about Trojans with SolidCoin, only one person makes the binaries and we have done so for nearly 6 months without any issues, we have a history of being safe.
LOL. You sound like Bernard Madoff.
|
|
|
|
Starlightbreaker
Legendary
Offline
Activity: 1764
Merit: 1006
|
|
December 03, 2011, 12:15:10 AM |
|
Coblee I think the difference is people expect SolidCoin to be secure so we work to always achieve that.
always remember one thing. "assumptions is the mother of fuck-ups"
|
|
|
|
CoinHunter
|
|
December 03, 2011, 12:20:00 AM |
|
Six months, wow your time keeper is off so let me refresh your memory.
SC1 launched on August 21st died on September 10th SC2 launched October 10th died the instant it was released.
SC1 lived 29 days, SC2 isn't two months old yet.
Where do you get six months?
Thanks, we should promote you to SolidCoin PR, you want that role? You know so much about us There were private betas before SC1 was launched and of course during our downtime. It's not quite 6 months but nearing on it.
|
|
|
|
coblee
Donator
Legendary
Offline
Activity: 1654
Merit: 1350
Creator of Litecoin. Cryptocurrency enthusiast.
|
|
December 03, 2011, 12:26:17 AM |
|
As usual though you're ignorant about many things SolidCoin
Such condescending attitude. Seems like you are also ignorant about many things SolidCoin. Btw, Litecoin has a track record of 2 years of trojan free releases. Take that! We were in private beta for almost 2 years.
|
|
|
|
|