[ANN] Code reviews for altcoins

[earlz]

Hello,

I just wanted to alert people to some stuff I've been doing for a while, but just now is being made public. I code review coins. Some of the reviews are requested, some I do on my own.

For reference, I only analyze the source code, it matching the ANN, and sometimes the blockchain with a local or remote block explorer. I do not analyze binary wallets, nor try to evaluate how trust worthy a developer is (though I sometimes point out when a developer is especially incompetent or competent for the LOLs)

You can see my listing of reviews on Github.

If you'd like to request me to review a coin's code, you can PM me here, or contact me on freenode IRC as `earlz`. Note I only have so much time for these, so it'll be rare that I'll do one without some kind of payment. (and no, 0.01 BTC is not rich enough for me )

Note, all of the reviews are best effort and not at all guaranteed to be exploit free. I only try to find the more obvious exploits.

Also, my last review was Hertzcoin, which had critical exploits. So, since the Hertzcoin developer locked the thread, I couldn't elaborate more on the exploit he used. Basically, he made it so that a block of any difficulty would be accepted by the network, regardless of the current network difficulty. This meant they could easily double spend anything they wanted (because a 51% attack is trivial with a single computer) and they could mine as many blocks as they wanted. Just wanted to include that tidbit somewhere

[KeyserSozeMC]

I recommend earlz. He's a nice guy and trustworthy!

[CanaryInTheMine]

Thanks for what you're doing!

[cryptoangel]

I mentioned this on Nimbus coin thread and got shot down like a sack of shit by the developer.

I love this idea!, do a website with trusted coins.

 

[SecondsOld]

I mentioned this on Nimbus coin thread and got shot down like a sack of shit.

I love this idea!, do a website with trusted coins.

 

Agreed, a website would be huge.  Thank you for taking steps to protect our
investments and our community.

[CanaryInTheMine]

Someone suggested we create a list similar to doggies manufacturing guide for alts using some criteria...
This has pros and cons.  The first con that comes to my mind is that it would become, on some level, an endorsement for alts... How to avoid this?

[originalchilli]

good stuff.

[earlz]

Someone suggested we create a list similar to doggies manufacturing guide for alts using some criteria...
This has pros and cons.  The first con that comes to my mind is that it would become, on some level, an endorsement for alts... How to avoid this?

This is why I stick to only the code and such. Code is not opinion based. It either works or it doesn't.

I attempt to be as unbiased as possible, and thus will not review any coin that I'm holding or mining (though I don't hold or mine much these days).

I also will not endorse any coin, other than posting such a review citing no problems to github. In some cases I will post to ANN threads though notifying people of exploits, hidden premines, etc.

[rayday11]

Thanks Earlz

[helloge]

Thanks for what you're doing!

agreed, help people out of scam coins.

[earlz]

Seems like great idea, what are your credentials if you dont mind me asking

Nothing too formal. I've been programming as a hobby for around 10 years, as a career choice for around 5. I'm completely self taught, and have no formal degree. I got involved with the cryptocurrency movement really hard with Dogecoin. It was the first coin I mined and such. And since then I've been fascinated with the whole concept.

In early May I launched my first (super failed) cryptocurrency completely alone. That thread, Megcoin, is here. A relaunch was attempted, but it didn't do much.

I took what I learned from MEG, and applied it to Fractalcoin, which I launched with 2 others in June. You can see that here. Although I'm still working on it, being a coin developer is not at all profitable, so I've been working on other things to make some side money in the mean time.

Being a coin developer really got me familiar with the code and prepared me to start deep diving into a coin's code. My first deep dive was Boomcoin, where I basically gave an informal review of "Well, there is nothing innovative, but it doesn't have any exploits at least" (that post was deleted by the coin dev, since it was a bit negative)

My first major exploit discovered (and used since no one believed me) was Mysterycoin. My posts about it are here and here.

My second major exploit discovered was the Hertzcoin exploit I talked about in the first post.

I've also uncovered many hidden premines, or incorrect money supply "bugs". Things like block rewards of 50, for 5000 PoW blocks, slapping on a 1M coin premine block, and changing MAX_MONEY=100000000 (100M) and calling it a 1% premine, rather than a 90% premine.

I enjoy doing this, not only because it's interesting (I love nit picking code ), and I'm sometimes paid, but also because I feel like I am actually making a difference in the altcoin community. If I can keep a coin with a hidden premine from reaching exchanges and dumping it, I'm happy. I do not believe the altcoin market should be "regulated", but rather that you should carefully examine what you are getting into. Hopefully along the way I can teach some investors how to conduct their own basic code reviews or block chain analysis to keep scam coins from ever being mined.

[adoalli]

nice guy

[helloge]

here is one coin looking for inspecting the source code:
https://bitcointalk.org/index.php?topic=735355.0
I think you can earn some bounty there.
good luck.

[earlz]

I've added some new reviews You can check the commit history to see a list.

I've also tried to make things a bit easier to understand