[XMR] Monero - A secure, private, untraceable cryptocurrency

[Labteck]

which are the cryptonote coins doomed?

[drawingthesun]

Fair enough, however there was at one point a goto in bitcoin code, https://github.com/bitcoin/bitcoin/pull/2733/files

That's a proposed pull-req - it was never merged into the Bitcoin Core codebase. (in part because of the goto)

Ah thanks for the correction, I remember this coming up in a "bitcoin code is bad" discussion last year or something and thought the goto was in the code.

Thanks Peter.

[smooth]

Yes, create a new wallet, preferably on an offline computer, write down the seed words it gives you, and write down the public address it gives you. That is your paper wallet. Send to the wallet using the public address. Use the seed words to access the coins from it by creating a new online wallet with the '--restore-deterministic' option.

Wow, great explanation! Though I knew about the deterministic option, I somehow thought that XMR has no such thing as paper wallet.
Now... let's push my luck.. and is there any way to actually know how much is on a paper wallet without restoring it and going online? (my guess is "no", but I already guessed wrong once).

There will be using the view key, but not implemented yet.

[Peter Todd]

Ah thanks for the correction, I remember this coming up in a "bitcoin code is bad" discussion last year or something and thought the goto was in the code.

Thanks Peter.

I just checked, and there is one "goto err" used in EC_KEY_regenerate_key() in the current codebase. But regardless, the Cryptonote codebase is far worse. For one thing, writing it in C with pointer arithmetic is just nuts.

[klee]

Ah thanks for the correction, I remember this coming up in a "bitcoin code is bad" discussion last year or something and thought the goto was in the code.

Thanks Peter.

I just checked, and there is one "goto err" used in EC_KEY_regenerate_key() in the current codebase. But regardless, the Cryptonote codebase is far worse. For one thing, writing it in C with pointer arithmetic is just nuts.

Can you check BBR too? I know your time is super precious but...

[bitcoinpaul]

Ah thanks for the correction, I remember this coming up in a "bitcoin code is bad" discussion last year or something and thought the goto was in the code.

Thanks Peter.

I just checked, and there is one "goto err" used in EC_KEY_regenerate_key() in the current codebase. But regardless, the Cryptonote codebase is far worse. For one thing, writing it in C with pointer arithmetic is just nuts.

Can you check BBR too? I know your time is super precious but...

Now this will get interesting.

[Peter Todd]

I just checked, and there is one "goto err" used in EC_KEY_regenerate_key() in the current codebase. But regardless, the Cryptonote codebase is far worse. For one thing, writing it in C with pointer arithmetic is just nuts.

Can you check BBR too? I know your time is super precious but...

BBR is Cryptonote, which uses gotos for error handling in a bunch of places. Pretty standard technique on C. Dangerous of course, but using C is dangerous in a whole lot of ways. (in most cases)

[rpietila]

It looks like Mintpal and HitBTC are both still actively trading as well as withdraws and deposits are open.

Trading I can't do anything about. We've tried to contact those exchanges but haven't been able to.

However, I strongly recommend that you do not attempt to do deposits or withdraws

The block chain is a mess right now and there is no way to know what would happen to your coins.

Do not engage in any transactions at this time

I got in touch with freeworm and he says he froze XMR at bter
Let me know when it is all clear to resume

James

Signed:
James, the concerned, helpful helper!

I got also in touch with HitBtc, urging them to stop withdrawals and trading. Further, I offered my time to help the Monero devs. I also decided to keep the options markets open so you can still hedge (although I am afk for the next 6 hours mostly).

This thread and poloniex trollbox are very full of otherwise not so prominent or active people that are now speaking doom concerning XMR. If they don't short it themselves (difficult), they either get paid for the FUD, or want the price to tank to buy back lower. Otherwise it does not make sense.

It has even been mentioned that BBR should increase in price as a result from an attack towards XMR code (which BBR itself also uses). This proposal is ridiculous, because either it has the same vulnerability and the attack was just directed to the more prominent coin, or BBR will suffer the same attack soon or be already suffering it without even noticing, OR that BBR insider(s) are behind the attack.

Note to newcomers: BBR is the only (non-XMR) cryptonote coin that is not conclusively proven to be lead by the original CN scamteam

Any way I got in touch with XMR devs, result:
- no rollback necessary
- everything is asked to be halted because a non-standard block got to the blockchain and reason needs to be figured out
- When I asked "what exactly makes this a problem from a client side?", he said "because it appears to have caused a fork thereafter - we're busy investigating"

[mmortal03]

which are the cryptonote coins doomed?

Not known yet, but my understanding is that they all derive from the original Bytecoin codebase. (If there has been a completely independent implementation of the CryptoNote technology, please enlighten me.)

I just checked, and Poloniex has Monero trading frozen right now, but Boolberry, Ducknote, Bytecoin, Aeon, and Moneta Verde are all still trading there, I assume since they haven't been attacked (yet).

[klee]

I just checked, and there is one "goto err" used in EC_KEY_regenerate_key() in the current codebase. But regardless, the Cryptonote codebase is far worse. For one thing, writing it in C with pointer arithmetic is just nuts.

Can you check BBR too? I know your time is super precious but...

BBR is Cryptonote, which uses gotos for error handling in a bunch of places. Pretty standard technique on C. Dangerous of course, but using C is dangerous in a whole lot of ways. (in most cases)

Thanks! (Damn Gotos @2014  )

[Mineotaur]

So am I screwed then? I sent 100 XMR before seeing this thread this morning, now they haven't shown up at their destination. The transaction shows up on chainradar.com.

[klee]

It looks like Mintpal and HitBTC are both still actively trading as well as withdraws and deposits are open.

Trading I can't do anything about. We've tried to contact those exchanges but haven't been able to.

However, I strongly recommend that you do not attempt to do deposits or withdraws

The block chain is a mess right now and there is no way to know what would happen to your coins.

Do not engage in any transactions at this time

I got in touch with freeworm and he says he froze XMR at bter
Let me know when it is all clear to resume

James

Signed:
James, the concerned, helpful helper!

I got also in touch with HitBtc, urging them to stop withdrawals and trading. Further, I offered my time to help the Monero devs. I also decided to keep the options markets open so you can still hedge (although I am afk for the next 6 hours mostly).

This thread and poloniex trollbox are very full of otherwise not so prominent or active people that are now speaking doom concerning XMR. If they don't short it themselves (difficult), they either get paid for the FUD, or want the price to tank to buy back lower. Otherwise it does not make sense.

It has even been mentioned that BBR should increase in price as a result from an attack towards XMR code (which BBR itself also uses). This proposal is ridiculous, because either it has the same vulnerability and the attack was just directed to the more prominent coin, or BBR will suffer the same attack soon or be already suffering it without even noticing, OR that BBR insider(s) are behind the attack.

Note to newcomers: BBR is the only (non-XMR) cryptonote coin that is not conclusively proven to be lead by the original CN scamteam

Any way I got in touch with XMR devs, result:
- no rollback necessary
- everything is asked to be halted because a non-standard block got to the blockchain and reason needs to be figured out
- When I asked "what exactly makes this a problem from a client side?", he said "because it appears to have caused a fork thereafter - we're busy investigating"

Are you a programmer now? Did you see the code?

Better let the experts (like Todd or Anonymint) have an opinion on this..

[drawingthesun]

which are the cryptonote coins doomed?

Not known yet, but my understanding is that they all derive from the original Bytecoin codebase. (If there has been a completely independent implementation of the CryptoNote technology, please enlighten me.)

I just checked, and Poloniex has Monero trading frozen right now, but Boolberry, Ducknote, Bytecoin, Aeon, and Moneta Verde are all still trading there, I assume since they haven't been attacked (yet).

They probably will not be attacked, this attack was planned several days in advance, you'd be able to tell if someone was already setting up a similar attack in the other coins.

[jeezy]

I got also in touch with HitBtc, urging them to stop withdrawals and trading. Further, I offered my time to help the Monero devs. I also decided to keep the options markets open so you can still hedge (although I am afk for the next 6 hours mostly).

Calm down everyone! rpietila is here to save the day! Thank our savior!

[Peter Todd]

Are you a programmer now? Did you see the code?

Better let the experts (like Todd or Anonymint) have an opinion on this..

No need to take my word for it! These two fragments of code do similar things:

Code:

void tree_hash(const char (*hashes)[HASH_SIZE], size_t count, char *root_hash) {
  assert(count > 0);
  if (count == 1) {
    memcpy(root_hash, hashes, HASH_SIZE);
  } else if (count == 2) {
    cn_fast_hash(hashes, 2 * HASH_SIZE, root_hash);
  } else {
    size_t i, j;
    size_t cnt = count - 1;
    char (*ints)[HASH_SIZE];
    for (i = 1; i < sizeof(size_t); i <<= 1) {
      cnt |= cnt >> i;
    }
    cnt &= ~(cnt >> 1);
    ints = alloca(cnt * HASH_SIZE);
    memcpy(ints, hashes, (2 * cnt - count) * HASH_SIZE);
    for (i = 2 * cnt - count, j = 2 * cnt - count; j < cnt; i += 2, ++j) {
      cn_fast_hash(hashes[i], 64, ints[j]);
    }
    assert(i == count);
    while (cnt > 2) {
      cnt >>= 1;
      for (i = 0, j = 0; j < cnt; i += 2, ++j) {
        cn_fast_hash(ints[i], 64, ints[j]);
      }
    }
    cn_fast_hash(ints[0], 64, root_hash);
  }
}

Code:

uint256 CBlock::BuildMerkleTree() const
{
    vMerkleTree.clear();
    BOOST_FOREACH(const CTransaction& tx, vtx)
        vMerkleTree.push_back(tx.GetHash());
    int j = 0;
    for (int nSize = vtx.size(); nSize > 1; nSize = (nSize + 1) / 2)
    {   
        for (int i = 0; i < nSize; i += 2)
        {   
            int i2 = std::min(i+1, nSize-1);
            vMerkleTree.push_back(Hash(BEGIN(vMerkleTree[j+i]),  END(vMerkleTree[j+i]),
                                       BEGIN(vMerkleTree[j+i2]), END(vMerkleTree[j+i2])));
        }   
        j += nSize;
    }   
    return (vMerkleTree.empty() ? 0 : vMerkleTree.back());
}

The latter is a lot easier to read, and because it's C++ with boost there's no error-prone manual memory management.

[jeezy]

I got also in touch with HitBtc, urging them to stop withdrawals and trading. Further, I offered my time to help the Monero devs. I also decided to keep the options markets open so you can still hedge (although I am afk for the next 6 hours mostly).

Calm down everyone! rpietila is here to save the day! Thank our savior!

You sound like a religious tard.

You sound like someone who needs to wiki the keyword "sarcasm". You are welcome.

[btc-mike]

...
It has even been mentioned that BBR should increase in price as a result from an attack towards XMR code (which BBR itself also uses). This proposal is ridiculous, because either it has the same vulnerability and the attack was just directed to the more prominent coin, or BBR will suffer the same attack soon or be already suffering it without even noticing, OR that BBR insider(s) are behind the attack.
...

You left out that the probability that changes in BBR's code already made it not vulnerable to the attack.  

[windjc]

...
It has even been mentioned that BBR should increase in price as a result from an attack towards XMR code (which BBR itself also uses). This proposal is ridiculous, because either it has the same vulnerability and the attack was just directed to the more prominent coin, or BBR will suffer the same attack soon or be already suffering it without even noticing, OR that BBR insider(s) are behind the attack.
...

You left out that the probability that changes in BBR's code already made it not vulnerable to the attack.  

Im embarrased right now to own a lot of Monero. The Monero fanbois are such douchbags right now when it comes to BBR.  Oh, yeah, BBR MUST have the same vunerabilities. Dudes need to worry about their own house and stop talking about BBR.

[maxcan]

Im embarrased right now to own a lot of Monero. The Monero fanbois are such douchbags right now when it comes to BBR.  Oh, yeah, BBR MUST have the same vunerabilities. Dudes need to worry about their own house and stop talking about BBR.

i think that the devs will be far more interested in collaborating on this and finding the problem with XMR than pointing fingers or claiming their brand is best.

[windjc]

Im embarrased right now to own a lot of Monero. The Monero fanbois are such douchbags right now when it comes to BBR.  Oh, yeah, BBR MUST have the same vunerabilities. Dudes need to worry about their own house and stop talking about BBR.

i think that the devs will be far more interested in collaborating on this and finding the problem with XMR than pointing fingers or claiming their brand is best.

The fact that JL777 contacted CZ and CZ is willing to help says ALOT about both of them. I have my doubts, however, that if the situation was reversed, that the favor would be turned.