Supercoin is fundamentally broken - read why inside and save yourself money

[brookefinancial]

Ok I personally had to disturbed our dev during this hardworking time and he took time to answer me. I don't really get the XC/Supercoin "war" (from both sides) and I won't go any further than posting this because my specialty is finance, not tech.

the malleability issue is fixed in bitcoin 0.9.0, this is not an issue. The worst scenario is that the p2p trustless transaction will not go through, no one will lose any coins.

btw, strasboug replied the questions. I think overall his views are correct. This is not an issue, and even txid can change in very rare cases (supposely already fixed in bitcoin 0.9), the only consequence it will cause the anonymous send to fail, and coins return to everyone's original accts. It's like a failed tx in p2p marketplace, that's nothing strange to it. Also there are several ways the tx verification can be done (not always need txid) as pointed out by strasboug.

We are a small team, we don't have time to go all over the places. We don't act aggressively. So don't expect all opinions in favor of us. But fact is fact, it will not change, and people ultimately will understand.

Thanks.

/closethread

[jakiman]

Really surprised no-one from supercoin is addressing the tx id issue.

Guess the devs just don't care? Have they not even acknowledged this fundamental flaw?

its outdated tech, I dont expect much of it and it corresponds exactly to Super's pathetic market cap.

I'm confused then why supercoin "supporters" are spreading FUD and lies about coins with working anon tech like XC... when their own tech is broken  

To me, you guys are spreading FUD without doing your own research also.
Anyways, it's now been answered. Hope that helps a little.

[fluffypony]

Ok I personally had to disturbed our dev during this hardworking time and he took time to answer me. I don't really get the XC/Supercoin "war" (from both sides) and I won't go any further than posting this because my specialty is finance, not tech.

the malleability issue is fixed in bitcoin 0.9.0, this is not an issue. The worst scenario is that the p2p trustless transaction will not go through, no one will lose any coins.

btw, strasboug replied the questions. I think overall his views are correct. This is not an issue, and even txid can change in very rare cases (supposely already fixed in bitcoin 0.9), the only consequence it will cause the anonymous send to fail, and coins return to everyone's original accts. It's like a failed tx in p2p marketplace, that's nothing strange to it. Also there are several ways the tx verification can be done (not always need txid) as pointed out by strasboug.

We are a small team, we don't have time to go all over the places. We don't act aggressively. So don't expect all opinions in favor of us. But fact is fact, it will not change, and people ultimately will understand.

Thanks.

/closethread

BEEEEEP, wrong!

Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will.

Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation.

Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working?

[mr_random]

Ok I personally had to disturbed our dev during this hardworking time and he took time to answer me. I don't really get the XC/Supercoin "war" (from both sides) and I won't go any further than posting this because my specialty is finance, not tech.

the malleability issue is fixed in bitcoin 0.9.0, this is not an issue. The worst scenario is that the p2p trustless transaction will not go through, no one will lose any coins.

btw, strasboug replied the questions. I think overall his views are correct. This is not an issue, and even txid can change in very rare cases (supposely already fixed in bitcoin 0.9), the only consequence it will cause the anonymous send to fail, and coins return to everyone's original accts. It's like a failed tx in p2p marketplace, that's nothing strange to it. Also there are several ways the tx verification can be done (not always need txid) as pointed out by strasboug.

We are a small team, we don't have time to go all over the places. We don't act aggressively. So don't expect all opinions in favor of us. But fact is fact, it will not change, and people ultimately will understand.

Thanks.

/closethread

BEEEEEP, wrong!

Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will.

Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation.

Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working?

Damn



Supercoin just been delivered a knockout blow.

[Polycoin]

Whaat? Whaat!? Shitcoi...I mean Supercoin is the best coin on deh market!

#1!

I am on shitcoi...I mean Supercoin's Foundation Board, and I will strive to make Supercoin the best coin there is.

Don't forget to download the Supercoin Wallet Updates!

[jakiman]

BEEEEEP, wrong!

Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will.

Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation.

Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working?

Your argument is based on the attacker being able to change TXID of every anon transaction?
Can you do that? Is it that easy? or you just saying that some genius hacker can if he really tries?

Last time I checked, even Bitcoin is vulnerable if an attacker spends enough money/time to do it. So that's bad also?
We both do not know what securities supercoindev has put in place nor how easy it is to change txid-reliance in code.
Code isn't finished & public beta test hasn't started. So just wait until it's released before making further accusations.
I hate people attacking each other with mostly assumptions and with a completely biased view. It's not productive.

[mr_random]

BEEEEEP, wrong!

Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will.

Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation.

Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working?

Your argument is based on the attacker being able to change TXID of every anon transaction?
Can you do that? Is it that easy? or you just saying that some genius hacker can if he really tries?

Last time I checked, even Bitcoin is vulnerable if an attacker spends enough money/time to do it. So that's bad also?
We both do not know what securities he has put in place nor how easy it is to change txid-reliance in the code.
Code isn't finished & public beta test hasn't started. So just wait until it's released before making further accusations.

The foundation is built on tx id's so it doesn't matter what else is in place.

The fact is, the Supercoin dev said don't worry about transaction malleability, it's fixed in bitcoin 0.9... except it's not fixed and the transaction ID can still change. So the OP of this topic is still valid.

[fluffypony]

Your argument is based on the attacker being able to change TXID of every anon transaction?
Can you do that? Is it that easy? or you just saying that some genius hacker can if he really tries?

It's trivially easy. Maybe 20 lines of python code that use libbitcoin bindings - all I have to do is watch for transactions broadcast that match a certain spec, and then I can rebroadcast hundreds of the same transaction with just the slightest thing changed so that each of those transactions has a different tx id, and voila: the transaction will be included in a block, but with a different transaction ID from the one expected by the automated system.

Last time I checked, even Bitcoin is vulnerable if an attacker spends enough money/time to do it. So that's bad also?
We both do not know what securities supercoindev has put in place nor how easy it is to change txid-reliance in code.
Code isn't finished & public beta test hasn't started. So just wait until it's released before making further accusations.
I hate people attacking each other with mostly assumptions and with a completely biased view. It's not productive.

Yes, Bitcoin has its own special set of vulnerabilities all with various levels of likelihood or ease of attack. One would hope that a system based on Bitcoin would at least try to not introduce more vulnerabilities than Bitcoin already has.

I'm not making accusations, I'm pointing out where the design is fundamentally flawed. The tx id malleability is the least of my concerns, so don't conflate the two. The system is fundamentally flawed, and it should be dropped in favour of a system that has provable and verifiable cryptography and mathematics behind it.

In fact, the coin itself is not flawed, all the developer needs to do is dump the flawed system, come up with a new one that isn't broken, publish a whitepaper on it that express (mathematically) the underpinnings of the system, and then open it up for debate and discussion. But he won't. Just like every other altcoin "developer", he'll push out diagrams and walls of text meant to demonstrate technical ability, and then write and release shoddy code that embodies a broken design. No mathematics. No cryptography (who needs that in a cryptocurrency, after all). No research. No discussion among clever people that can make a good design even better. Because who needs all that stuff when you can have a diagram hastily shoved together in PowerPoint!

/rant

[Kuriso]

Ok I personally had to disturbed our dev during this hardworking time and he took time to answer me. I don't really get the XC/Supercoin "war" (from both sides) and I won't go any further than posting this because my specialty is finance, not tech.

the malleability issue is fixed in bitcoin 0.9.0, this is not an issue. The worst scenario is that the p2p trustless transaction will not go through, no one will lose any coins.

btw, strasboug replied the questions. I think overall his views are correct. This is not an issue, and even txid can change in very rare cases (supposely already fixed in bitcoin 0.9), the only consequence it will cause the anonymous send to fail, and coins return to everyone's original accts. It's like a failed tx in p2p marketplace, that's nothing strange to it. Also there are several ways the tx verification can be done (not always need txid) as pointed out by strasboug.

We are a small team, we don't have time to go all over the places. We don't act aggressively. So don't expect all opinions in favor of us. But fact is fact, it will not change, and people ultimately will understand.

Thanks.

/closethread

BEEEEEP, wrong!

Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will.

Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation.

Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working?

I will admit that I am not a pro coin coder.  I've just recently started looking into how some of this works.  I have a logical question...

"Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change."

If I understand what you are saying here, TX IDs can be changed or fudged to cause issues with tracking that transaction.  I assume this can cause coins to get lost or stolen.  So my question is, assuming my previous two assumptions are correct, if this is a real issue AND is easy to do, why aren't you forging btc transactions and stealing BTC all day long?  The problem that you say Super has should be a problem that every coin out there has. 

[jpouza]

BEEEEEP, wrong!

Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change. The other thing is that they've made the changes to isStandard(), which is a function that checks for standardness and not for validity. In other words, very new nodes won't relay or mine tx's that already exist but have been modified and rebroadcast, but most of the network (like 90%) will.

Furthermore, there are pools like Eligius that mine non-standard transactions (ie. transactions that would fail these new isStandard() malleability checks but are still perfectly valid transactions). Anything relying on a transaction ID in an automated system is fundamentally broken, and harping on "0.9.0 fixes malleability!" is nothing more than an act of desperation.

Oh, and lastly - "the only consequence it will cause the anonymous send to fail" - why would anyone touch a system where an attacker can trivially prevent all anonymous transactions from working?

Your argument is based on the attacker being able to change TXID of every anon transaction?
Can you do that? Is it that easy? or you just saying that some genius hacker can if he really tries?

Last time I checked, even Bitcoin is vulnerable if an attacker spends enough money/time to do it. So that's bad also?
We both do not know what securities he has put in place nor how easy it is to change txid-reliance in the code.
Code isn't finished & public beta test hasn't started. So just wait until it's released before making further accusations.

The foundation is built on tx id's so it doesn't matter what else is in place.

The fact is, the Supercoin dev said don't worry about transaction malleability, it's fixed in bitcoin 0.9... except it's not fixed and the transaction ID can still change. So the OP of this topic is still valid.

SUPER and MAMM are apparently the same team (devs), once a time I had some MAMM, dev 100% delusional, saying nonsenses since begining like saving animals rights, they keep flooding their own thread to gain attention, it´s kinda funny: of 10 posts in SUPER thread ,4 are hot girls pics with superman uniform hahah.... I almost get a lost on MAMM...altcoins nevermore, learned the lesson, from now on just BTC matters, enough PnD shit.

MAMM dev now deleting 90% of the posts, saying his under FUD attack, both coins are unreliable since day one.

See: https://bitcointalk.org/index.php?topic=737468.0

Tks for the explanation, will help others to do not loose their precious BTC into a broken tech.

[jakiman]

The foundation is built on tx id's so it doesn't matter what else is in place.

The fact is, the Supercoin dev said don't worry about transaction malleability, it's fixed in bitcoin 0.9... except it's not fixed and the transaction ID can still change. So the OP of this topic is still valid.

His last comment:

"Also there are several ways the tx verification can be done (not always need txid) as pointed out by strasboug."

No need to clutch on straws. He seems to know exactly what he is doing unlike us.
So my argument still stands. Code isn't finished & public beta test hasn't started.
Just wait until it's released before making accusations based on assumptions.

[jakiman]

Tks for the explanation, will help others to do not loose their precious BTC.

More people lost more BTC on LTC, DRK, SYS, VRC, VIA, VOOT and even XC due to whales & P/D.
When a coin & its devs are not a scam, people losing BTC due to bad trades are not coin's fault.

I also hate self-moderated threads. I also hate threads with a feeling of religion/cult group. (so many)
But there is no need to attack other coins unless they really are a scam. That's not the case here.

[Grgechkapitalac]

No, if it is that vulnerable, why is Bitcoin not compromised so far?

Go there, explain to them that they are "doomed", cause panic, and get rich in two ways: cheap bitcoin, and bitcoin gained by modifying tx...

They will laugh in your face, sir...Come on, steal BTC, and pump your coins with it...

How will you change tx id of every transaction, between all senders and receivers sir? If this is possible, somebody would destroy Bitcoin long time ago.

[jakiman]

I recommend newcomers to read through supercoindev's previous posts before making assumptions.
He has always been professional with zero condescending remarks. He's a genuine coder at heart.
Please don't confuse "supercointeam" with "supercoindev" account. They are 2 different people.

First, we have defined a complex scheme that coordinate the anonymous send, and it guarantees that all different parties involved will behave correctly, because otherwise they will lose their own coins (mini-escrows in effect).

Second, we have fixed some significant bugs in the code that prevent some multisig features from working correctly. As some of you probably know, the Bitcoin codebase created the multisig system and it has some intensive testing there and many bugs fixed. Bitcoin uses protocol version of 700xx. All the PoW/PoS codebase, however, follows the NovaCoin codebase, which is currently at protocol codebase 60015. The multisig system is unfortunately not working in the 600xx codebase. And porting the whole 700xx to PoW/PoS is a siginicant of change, involves many complete code rewrites. We have successfully fixed the multisig address and transaction system in codebase 600xx without porting the whole new code over. This way it guaratees the smooth development/enhancement of SuperCoin and MammothCoin.

As far as I know, this is the first real p2p decentralized trustless anonymous system in coinjoin category. I am not sure for the crypto-note technology, it seems it is a good one, although it is a different technology and mainly for CPU. But for coinjoin category claims, I don't see any truly trustless system, and this is the first one.

Following is a quick screenshot from my desktop showing test log and some code.

I added a console command "getlastanontxinfo" to get the info for the current or last p2p trustless anonymous transaction, so user can see the status and the log of the current or last (if finished) anonymous tx. From my tests, each trustless transaction takes about 30-40 seconds to complete. Considering the many steps involved, this is a pretty good speed.

More here: https://bitcointalk.org/index.php?action=profile;u=341100;sa=showPosts

[finity]

I recommend newcomers to read through supercoindev's previous posts before making assumptions.
He has always been professional with zero condescending remarks. He's a genuine coder at heart.
Please don't confuse "supercointeam" with "supercoindev" account. They are 2 different people.

First, we have defined a complex scheme that coordinate the anonymous send, and it guarantees that all different parties involved will behave correctly, because otherwise they will lose their own coins (mini-escrows in effect).

Second, we have fixed some significant bugs in the code that prevent some multisig features from working correctly. As some of you probably know, the Bitcoin codebase created the multisig system and it has some intensive testing there and many bugs fixed. Bitcoin uses protocol version of 700xx. All the PoW/PoS codebase, however, follows the NovaCoin codebase, which is currently at protocol codebase 60015. The multisig system is unfortunately not working in the 600xx codebase. And porting the whole 700xx to PoW/PoS is a siginicant of change, involves many complete code rewrites. We have successfully fixed the multisig address and transaction system in codebase 600xx without porting the whole new code over. This way it guaratees the smooth development/enhancement of SuperCoin and MammothCoin.

As far as I know, this is the first real p2p decentralized trustless anonymous system in coinjoin category. I am not sure for the crypto-note technology, it seems it is a good one, although it is a different technology and mainly for CPU. But for coinjoin category claims, I don't see any truly trustless system, and this is the first one.

Following is a quick screenshot from my desktop showing test log and some code.

I added a console command "getlastanontxinfo" to get the info for the current or last p2p trustless anonymous transaction, so user can see the status and the log of the current or last (if finished) anonymous tx. From my tests, each trustless transaction takes about 30-40 seconds to complete. Considering the many steps involved, this is a pretty good speed.

More here: https://bitcointalk.org/index.php?action=profile;u=341100;sa=showPosts

Those are the screenshots from alpha testing on Mammoth wallet done by Mammothdev, Superdev and a bunch of testers, there's also video's if interested.

Or you could apply as a beta tester if you have doubts, at least you'll be the first to know if there's something wrong.

[jakiman]

Those are the screenshots from alpha testing on Mammoth wallet done by Mammothdev, Superdev and a bunch of testers, there's also video's if interested.

Or you could apply as a beta tester if you have doubts, at least you'll be the first to know if there's something wrong.

FYI - New update using Supercoin's real network has been also posted today by the dev.

This is a quick update showing you that dev team is testing on SuperCoin real network.

Below is a screenshot showing successful transaction log for the sender and guarantor. The SuperCoin multisig address created in this transaction is CNixhRT4Jwg92SBLfBAhL4Q9b3sv8Wja4p, note that multisig addresses in SuperCoin starts with "C", not "S" (multisig address never starts with the same letter as normal address, like BTC normal address starts with "1" while multisig address starts with "3" etc). The transactions of it (escrow part) can be seen in the block explorer:
http://chainz.cryptoid.info/super/address.dws?CNixhRT4Jwg92SBLfBAhL4Q9b3sv8Wja4p.htm

This is one of the real network tests we did. Remember we will start beta tests in SuperCoin main network on August 20.

[fabula]

Are you all afraid that supercoin could kill 99% of altcoins and make a new standar in crypto world or what?

You're a denigrating a coin where price is between 1-3k and market volume is one of the lowest ever regarding anon coin.
So, why all this posts again a coin that is at bottom of most altcoin?

There are coins on bittrex like Eutopium,solecoin,quantum2,shadowcoin etc etc that got 20 times more value and volume market that supercoin, and all is focusing only on supercoin.

So,you're fudding a coin at 2k. I can understand if this coin were quoted 80k-140k....but at this prices...this really make no sense at all.

Supercoin got a daily volume of about 0.8btc a day x exchange(pump and dump period apart).
So,why posting all this stuff about a little coin as supercoin?

[fluffypony]

I will admit that I am not a pro coin coder.  I've just recently started looking into how some of this works.  I have a logical question...

"Firstly, not all possible malleability vectors are "fixed" in 0.9, so transactions are still quite malleable and the transaction ID can still change."

If I understand what you are saying here, TX IDs can be changed or fudged to cause issues with tracking that transaction.  I assume this can cause coins to get lost or stolen.  So my question is, assuming my previous two assumptions are correct, if this is a real issue AND is easy to do, why aren't you forging btc transactions and stealing BTC all day long?  The problem that you say Super has should be a problem that every coin out there has. 

A malleability attack doesn't stop the transaction from going through, it just mostly goes through with a different tx ID to the one kicked back by your wallet. Your coins won't disappear, the recipient address will still receive them, and nothing can be stolen. Malleability does not and cannot change the validity of the transaction, the destination, the amount, the p2sh hash (if there is one), the inputs, the outputs, or anything else. The only thing it changes is the transaction ID.

Therefore, if you made a payment to your friend, and sent him the transaction ID, he may not be able to match that with his address history by payment ID. He will still be able to match it based on where it came from and the amount. Bitcoin is still vulnerable to this, as pointed out in the link you reference, and Eligius and other pools will still gladly mine valid transactions that fail isStandard() tests.

[fabula]

Some little words about first beta-test made with supercoindev today on irc:

[21:49] <supercoindev> This is normal, this is what happened:
[21:50] <supercoindev> you send 2.987754 to me
[21:50] <supercoindev> 1st thing is that you send 2.987754 x2 + fee (0.5 coin) = 6.475 to multisig address
[21:50] <supercoindev> this is the escrow
[21:51] <supercoindev> then mixer and guarantor will deposit 2.987754 to escrow
[21:51] <supercoindev> then mixer will send 2.987754 to the destination (me)
[21:51] <supercoindev> after sender (you) verifies the money indeed sent to the destination
[21:52] <supercoindev> it will return one 2.987754 to you
[21:52] <supercoindev> one 2.987544 to mixer (because he sent it to destination)
[21:52] <supercoindev> and send service fees to mixer/guarator
[21:53] <supercoindev> then return the deposit amnount of mixer / guarator to them
[21:53] <supercoindev> ok why so complcated process?
[21:53] <supercoindev> because this is a trustless system
[21:53] <supercoindev> the sender can not trust anyone
[21:53] <supercoindev> so he only put money in escrow
[21:54] <supercoindev> if mixer said he sent to destination, but did not actually do it
[21:54] <supercoindev> the sender will get all his money back from escrow

[fluffypony]

Some little words about first beta-test made with supercoindev today on irc:

-snip-

So in order to send $1000 you first need to have $2000 available AND it needs to be tied up until this transaction is complete?

I'm going to guess, but I may be reaching, that this will never have any sort of longevity:-P