[AC] AsiaCoin | Pure PoS | 100% Interest - page 151.

murkster

full member

Activity: 196

Merit: 100

CLOAKCOIN. NOBLECOIN. VERICOIN.

Quote from: EnabledZombi3 on May 07, 2014, 04:16:36 PM

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

impossible. you can't confirm that on the fly and whoever tells you in this situation that he carefully checked the code is lying - knowingly or unknowingly. there are so many possibilities to let the one crucial comparison for the premine address return the wrong result.

Lie #1
It's quite possible to review the code changes for any altcoin with published source code like this. Scroll up in the thread and read about winmerge. Anyone who can read code at a rudimentary level can do this.

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

i also don't think that anybody skilled enough to do the task would be willing to spend all that time necessary to go through the code and check that it's really clean

Lie #2
There are at least four of us on the volunteer dev team who are both skilled enough to review the code on github and willing to spend the time necessary to review it.

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

and doing what these two junior member accounts that are "saving" the coin are telling us.

all you can do is trust them and that doesn't feel right in this context. doing cryptobusiness shouldn't require that amount of trust.

Lie #3
I've been personally very forthcoming about my real life identity and background/experience as a developer. If something does go wrong with this revival, my name is attached to that. I welcome everyone to click through the link on my account.

All that aside, I do not ask anyone to just trust us. Please independently review the open source, patched AsiaCoin code, announce your findings, and point out problems if they exist.

Nicely done..

+1

Nicolaas.R

full member

Activity: 182

Merit: 100

Quote from: EnabledZombi3 on May 07, 2014, 04:16:36 PM

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

impossible. you can't confirm that on the fly and whoever tells you in this situation that he carefully checked the code is lying - knowingly or unknowingly. there are so many possibilities to let the one crucial comparison for the premine address return the wrong result.

Lie #1
It's quite possible to review the code changes for any altcoin with published source code like this. Scroll up in the thread and read about winmerge. Anyone who can read code at a rudimentary level can do this.

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

i also don't think that anybody skilled enough to do the task would be willing to spend all that time necessary to go through the code and check that it's really clean

Lie #2
There are at least four of us on the volunteer dev team who are both skilled enough to review the code on github and willing to spend the time necessary to review it.

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

and doing what these two junior member accounts that are "saving" the coin are telling us.

all you can do is trust them and that doesn't feel right in this context. doing cryptobusiness shouldn't require that amount of trust.

Lie #3
I've been personally very forthcoming about my real life identity and background/experience as a developer. If something does go wrong with this revival, my name is attached to that. I welcome everyone to click through the link on my account.

All that aside, I do not ask anyone to just trust us. Please independently review the open source, patched AsiaCoin code, announce your findings, and point out problems if they exist.

+1

EnabledZombi3

newbie

Activity: 14

Merit: 0

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

impossible. you can't confirm that on the fly and whoever tells you in this situation that he carefully checked the code is lying - knowingly or unknowingly. there are so many possibilities to let the one crucial comparison for the premine address return the wrong result.

Lie #1
It's quite possible to review the code changes for any altcoin with published source code like this. Scroll up in the thread and read about winmerge. Anyone who can read code at a rudimentary level can do this.

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

i also don't think that anybody skilled enough to do the task would be willing to spend all that time necessary to go through the code and check that it's really clean

Lie #2
There are at least four of us on the volunteer dev team who are both skilled enough to review the code on github and willing to spend the time necessary to review it.

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

and doing what these two junior member accounts that are "saving" the coin are telling us.

all you can do is trust them and that doesn't feel right in this context. doing cryptobusiness shouldn't require that amount of trust.

Lie #3
I've been personally very forthcoming about my real life identity and background/experience as a developer. If something does go wrong with this revival, my name is attached to that. I welcome everyone to click through the link on my account.

All that aside, I do not ask anyone to just trust us. Please independently review the open source, patched AsiaCoin code, announce your findings, and point out problems if they exist.

micryon

full member

Activity: 154

Merit: 100

It's true that looking at every line of code is too onerous.. so you build ontop of existing knowledge. The best way to do that is look at diffs and commit history. In lieu of commit history, I diff'd the code line by line using winmerge automation against Cinni and Blackcoin.

Yes there could be other corner cases to the security patch. We won't know until it is in production and/or more eyes get onto it.

For risk adverse people.. please sell.. I encourage people with low risk apetite to sell so you won't have to complain on these forums later on. Nothing in life is risk free.

But everything in life is relative. You all trusted someone with 0 posts, 0 history with Asiacoin initially... Now you can either trust the Jr members (and my own skills).. or not. Any one of us could be the original scammer.. even crunchynut..

Its up to your own risk appetite to decide what to do.. of course for those holding AC right now.. you've got nothing to lose already.

Quote from: crunchynut on May 07, 2014, 03:46:19 PM

impossible. you can't confirm that on the fly and whoever tells you in this situation that he carefully checked the code is lying - knowingly or unknowingly. there are so many possibilities to let the one crucial comparison for the premine address return the wrong result. i also don't think that anybody skilled enough to do the task would be willing to spend all that time necessary to go through the code and check that it's really clean and doing what these two junior member accounts that are "saving" the coin are telling us.

all you can do is trust them and that doesn't feel right in this context. doing cryptobusiness shouldn't require that amount of trust.

Maestro1

full member

Activity: 210

Merit: 100

Quote from: micryon on May 07, 2014, 03:33:44 PM

Quote from: ?? on ??

Palth.net is trading AC. Wallets active but low volumes.

https://www.palth.net/market/AC/BTC

Someone contact these guys and make sure they have new wallet update.

I contacted them that second. Waiting for their response.

crunchynut

full member

Activity: 238

Merit: 100

impossible. you can't confirm that on the fly and whoever tells you in this situation that he carefully checked the code is lying - knowingly or unknowingly. there are so many possibilities to let the one crucial comparison for the premine address return the wrong result. i also don't think that anybody skilled enough to do the task would be willing to spend all that time necessary to go through the code and check that it's really clean and doing what these two junior member accounts that are "saving" the coin are telling us.

all you can do is trust them and that doesn't feel right in this context. doing cryptobusiness shouldn't require that amount of trust.

Quote from: EnabledZombi3 on May 07, 2014, 02:17:44 PM

@Crunchynut
Thanks for playing devil's advocate. We need everyone to provide constructive criticism, and it sounds like you're code savvy enough to help us out. Go ahead and review the code. Let us know if you see a problem that needs to be addressed, or you could even address it yourself.

Quote from: crunchynut on May 07, 2014, 02:06:54 PM

Quote from: EnabledZombi3 on May 07, 2014, 11:55:22 AM

Quote from: 3xk0pt3r on May 07, 2014, 08:09:39 AM

Quote from: maxsinner on May 07, 2014, 08:00:55 AM

So what is to prevent the original developer from selling more coins from the premine as we speak? Are you rolling back the block-chain to some point in the past or what, I don't get it?

Im not a coder, but as far as i know, there is a hardcode to block wallet, where the orriginal dev have these premined coins. That's the main reason for stop deposits and withdraws on exchanges and the rason why we'rewaiting for new updated wallet. Those premined coins will be, simply told, ignored.

I am a coder. I'll break it down.

Everyone can look on our AsiaCoin block explorer from the OP that wallet AKPy5ugy98yBkBCNU9Ne1bHExy5tqdq9Gu gained 3228519924.78 AC from transaction 4f2a34278389aac0b88bbb283338d4dac9314ec62e7dba0f263fc4570aa93c3b. If we go back to the first blocks, it's easy to spot that block 1 is the original dev's premine and has a similarly large value to the dev wallet above.

As for the code fixes, look here and here for the hard coded dev wallet bans. We can all see redundant checks to block AKPy5ugy98yBkBCNU9Ne1bHExy5tqdq9Gu in ProcessBlock, IsStandard, and AcceptBlock. Check it out for yourselves. Each dev wallet ban in the code looks similar to this:

Code:

static const CBitcoinAddress lostWallet ("AKPy5ugy98yBkBCNU9Ne1bHExy5tqdq9Gu");

Code:

if (lostWallet.Get() == addressSource.Get()){
return error("CBlock::AcceptBlock() : Banned Address %s tried to send a transaction (rejecting it).", addressSource.ToString().c_str());
}

you also checked whether this code is ever executed and there isn't anything hidden that prevents that check?

and did you check cbitcoinaddress, cbitcoinaddressvisitor, cbase58data, etc. that there is nothing hidden that would let the cbitcoinaddress constructors or "lostWallet.Get() == addressSource.Get()" do something unexpected? you can confirm that the == operator works correctly and has no tiny flaw added that will fail in this special case?

it's easy to quote a few lines of code that somehow look like that everything is ok while there are several thousand lines of code involved in making this one comparison work and where you could easily hide your stuff.

micryon

full member

Activity: 154

Merit: 100

Quote from: jvrocamora on May 07, 2014, 03:26:35 PM

Or the source code is in github...., he can compile a new version and delete the code for block her address.... can he ? .........

Yes anyone can go to github, revert code and do whatever.. but the point is if they do: they broke the protocol acceptance.

For anyone running with the new client: he can't go to YOUR machine and change the code YOU are running, he can only change his own client's code...

If he changes his client code (which anyone is able).. then his client code effectively would not be able to communicate with YOUR client code.. and thus a fork happens.. Your client which has the code would just reject any attempt at connection.. and your blockchain would never be modified with that transaction. Even if on his blockchain it did..

We're talking about a network of distributed systems and clients here.. thus it's about what you accept.. if you take the client that has the fix.. then by definition you are protected.

micryon

full member

Activity: 154

Merit: 100

Quote from: jvrocamora on May 07, 2014, 03:02:13 PM

But he can send the alls coins to the order addresss, to the other pc with the old version wallet, and he can change the original address...... its very easy.... I dont know... I think its not the solutions.

Doing so will cause immediate fork: new wallets will not accept a block that has that transaction. The code does if nheight > 18013 any attempt at transaction usign old address from either new or old wallet past that block will be rejected by ALL new wallets. Protection is on incoming AcceptBlock/processblock of clients.

In essence, even if he sends coins to old wallet running old code that can do the send.. newer clients will reject it, and be automatically on a different fork.

neaopoliti

newbie

Activity: 28

Merit: 0

Quote from: cryptoba on May 07, 2014, 01:56:13 PM

Great work, great new team, great goals, GREAT COIN !!! Grin

Come on AsiaCoin Cool

Yea, u can also go back to Panda coin if u liked be scamed once again.

micryon

full member

Activity: 154

Merit: 100

Quote from: ?? on ??

Palth.net is trading AC. Wallets active but low volumes.

https://www.palth.net/market/AC/BTC

Someone contact these guys and make sure they have new wallet update.

micryon

full member

Activity: 154

Merit: 100

Quote from: crunchynut on May 07, 2014, 02:06:54 PM

and did you check cbitcoinaddress, cbitcoinaddressvisitor, cbase58data, etc. that there is nothing hidden that would let the cbitcoinaddress constructors or "lostWallet.Get() == addressSource.Get()" do something unexpected? you can confirm that the == operator works correctly and has no tiny flaw added that will fail in this special case?

it's easy to quote a few lines of code that somehow look like that everything is ok while there are several thousand lines of code involved in making this one comparison work and where you could easily hide your stuff.

Coding pros make use of tools like windiff and winmerge. That is the first thing I did even before applying the patches..

I also did negative whitebox testing, using owned addresses..

Is it enough? maybe not..

But at least read the actual thread to understand what has been done.. and/or look at the commit history.. and/or do your own diff/audit.. before making these uneducated comments.

micryon

full member

Activity: 154

Merit: 100

Quote from: MacMuffin on May 07, 2014, 01:53:03 PM

You can download this handy program, winmerge, to check the sourcecodes yourself. Other than that, you can't know if anybody is lying or not.

Bingo..

btw i used winmerge to compare Asiacoin to Cinni and Blackcoin.. and that is how i was able to find all the code diffs that the original scammer put in to hide the premine. All those changes have been reverted in the new code base.

Code is open source guys.. commits are there.. download winmerge, go at it. More people need to learn to code.. or at least read code.

jvrocamora

newbie

Activity: 4

Merit: 0

Quote from: jvrocamora on May 07, 2014, 03:19:26 PM

Quote from: Maestro1 on May 07, 2014, 03:07:29 PM

Quote from: jvrocamora on May 07, 2014, 03:02:13 PM

Quote from: Maxikosw on May 07, 2014, 02:13:45 PM

Quote from: lilikiki on May 07, 2014, 02:09:30 PM

What would happen if you took the source modified out the fixes, created 2 different wallet without the fix. You then send the money from the premine account through the modded wallet, to the wallet of the other account with the modded wallet. What would that do? Would that effectively transfer the coins from the premine to another account, thus it would be valid from there right?

Or do the nodes reject it? The nodes reject right?

Maestro1 says on page 37:

Only transactions from the wallets of the original developer (which holds the premined coins) are voided in the new wallet. All other transactions will remain valid regardless. However, people must upgrade to the new wallet when we release it to make sure that they are on the right network/blockchain if the original developer decided to mess around.

But he can send the alls coins to the order addresss, to the other pc with the old version wallet, and he can change the original address...... its very easy.... I dont know... I think its not the solutions.

The new wallet invalidates all transactions from his address (including what he sends to his own other addresses). If he sends coins with the old wallet, anyone running the new wallet (including the exchanges) will not accept the transaction. Anyone running the old wallet will still accept it (a fork occurs), but once they want to send it to anyone with a new address, the forked block containing any transaction from his old address (in the history of the coins) will be invalidated, therefore he won't be able to spend them anywhere.

Yes, of course.

But Now we cant confirm that he send the coins to the other address. I cant see the blockchain. can we know the age of the coins to destroy, block or diluite Huh

?

Or the source code is in github...., he can compile a new version and delete the code for block her address.... can he ? .........

micryon

full member

Activity: 154

Merit: 100

Quote from: crunchynut on May 07, 2014, 01:04:27 PM

Quote from: mrdennis86 on May 07, 2014, 12:44:54 PM

Greate job "new" team!

well, you are right that there is no proof that the "new" team isn't in fact the old team. there is only a 2 months old account promising us that everything will be fine soon and we'll be back on the road to unlimited wealth. what's really going on and what the true intentions of this "team" really are, we don't know. in this situation we simply have no other option than to trust them and that they really try to save the coin and not to pull of another scam to dump the premined coin. they are in control now. nothing we as normal users can do about it.

Okay Mr. Rapecoin.. look at my trust rating and comments. Tongue

What's your angle anyways? It surely is not to protect people, but only motivated by personal gain.

Maybe you are just trying to just get some ultra cheap coins from people so you can sell for MUCH higher once exchange opens?

Actually... that's not a bad idea..

But hey.. once you make your millions of BTC when AC goes up.. at least consider sending the foundation a tip for all THEIR hard work to fix the coin, so you could profit from it.. That's the least you can do..

jvrocamora

newbie

Activity: 4

Merit: 0

Quote from: Maestro1 on May 07, 2014, 03:07:29 PM

Quote from: jvrocamora on May 07, 2014, 03:02:13 PM

Quote from: Maxikosw on May 07, 2014, 02:13:45 PM

Quote from: lilikiki on May 07, 2014, 02:09:30 PM

What would happen if you took the source modified out the fixes, created 2 different wallet without the fix. You then send the money from the premine account through the modded wallet, to the wallet of the other account with the modded wallet. What would that do? Would that effectively transfer the coins from the premine to another account, thus it would be valid from there right?

Or do the nodes reject it? The nodes reject right?

Maestro1 says on page 37:

Only transactions from the wallets of the original developer (which holds the premined coins) are voided in the new wallet. All other transactions will remain valid regardless. However, people must upgrade to the new wallet when we release it to make sure that they are on the right network/blockchain if the original developer decided to mess around.

But he can send the alls coins to the order addresss, to the other pc with the old version wallet, and he can change the original address...... its very easy.... I dont know... I think its not the solutions.

The new wallet invalidates all transactions from his address (including what he sends to his own other addresses). If he sends coins with the old wallet, anyone running the new wallet (including the exchanges) will not accept the transaction. Anyone running the old wallet will still accept it (a fork occurs), but once they want to send it to anyone with a new address, the forked block containing any transaction from his old address (in the history of the coins) will be invalidated, therefore he won't be able to spend them anywhere.

Yes, of course.

But Now we cant confirm that he send the coins to the other address. I cant see the blockchain. can we know the age of the coins to destroy, block or diluite Huh

?

micryon

full member

Activity: 154

Merit: 100

Quote from: zmhaha on May 07, 2014, 08:05:15 AM

I call for a adaptive PoS rate scheme.
If it is not so hard to implement,this definitely will give another major advantage.

Difficulty adjustment is happening in PoS.. same as PoW.. block halving and rewards are more similar concepts.

Anyways, this needs more thought.. not saying it might not have more merit.. But probably better reserved for a new coin concept...

micryon

full member

Activity: 154

Merit: 100

Quote from: beachparty on May 07, 2014, 07:08:13 AM

You would have to use new chain to erase premine. So pretty much new coin with the name of the failed coin.

The strategy is not based on erasing the premine, but containing the premine, so that it cannot be used.

Maestro1

full member

Activity: 210

Merit: 100

Quote from: jvrocamora on May 07, 2014, 03:02:13 PM

Quote from: Maxikosw on May 07, 2014, 02:13:45 PM

Quote from: lilikiki on May 07, 2014, 02:09:30 PM

What would happen if you took the source modified out the fixes, created 2 different wallet without the fix. You then send the money from the premine account through the modded wallet, to the wallet of the other account with the modded wallet. What would that do? Would that effectively transfer the coins from the premine to another account, thus it would be valid from there right?

Or do the nodes reject it? The nodes reject right?

Maestro1 says on page 37:

Only transactions from the wallets of the original developer (which holds the premined coins) are voided in the new wallet. All other transactions will remain valid regardless. However, people must upgrade to the new wallet when we release it to make sure that they are on the right network/blockchain if the original developer decided to mess around.

But he can send the alls coins to the order addresss, to the other pc with the old version wallet, and he can change the original address...... its very easy.... I dont know... I think its not the solutions.

The new wallet invalidates all transactions from his address (including what he sends to his own other addresses). If he sends coins with the old wallet, anyone running the new wallet (including the exchanges) will not accept the transaction. Anyone running the old wallet will still accept it (a fork occurs), but once they want to send it to anyone with a new wallet, the forked block containing any transaction from his old address (in the history of the coins) will be invalidated, therefore he won't be able to spend them anywhere.

jvrocamora

newbie

Activity: 4

Merit: 0

Quote from: Maxikosw on May 07, 2014, 02:13:45 PM

Quote from: lilikiki on May 07, 2014, 02:09:30 PM

What would happen if you took the source modified out the fixes, created 2 different wallet without the fix. You then send the money from the premine account through the modded wallet, to the wallet of the other account with the modded wallet. What would that do? Would that effectively transfer the coins from the premine to another account, thus it would be valid from there right?

Or do the nodes reject it? The nodes reject right?

Maestro1 says on page 37:

Only transactions from the wallets of the original developer (which holds the premined coins) are voided in the new wallet. All other transactions will remain valid regardless. However, people must upgrade to the new wallet when we release it to make sure that they are on the right network/blockchain if the original developer decided to mess around.

But he can send the alls coins to the order addresss, to the other pc with the old version wallet, and he can change the original address...... its very easy.... I dont know... I think its not the solutions.

X-Laboratories

full member

Activity: 163

Merit: 100

founder of X-Laboratories

As soon as I download the new wallet I will donate as promised.
20% of my total AC holding to the DEV AC address.
Please provide the correct address for the tranfer.
Great job guys!!!
P.S.

We need to coordinate with miners to sustain the market price of the AC.
I hope the multipool will be the next step of this brilliant initiative.
We need to have a decent and costant BUY pressure on major markets, and to stabilize price.
We need to point our hashing power to one or max two multipools. (X-Lab can provide respectable hashing power)
We need to mine other alts----->sell them at market price to obtain BTC and then BUY decent quantities of AC coin costantly, over multiple markets and with the right pace to avoid price drops.

Topic: [AC] AsiaCoin | Pure PoS | 100% Interest - page 151. (Read 264528 times)