im still on the fence
can someone explain how this stops someone from generating lots of PoS blocks 20 days in the future from a bunch of TX's with small interval, whether through one or multiple wallets
ss << nStakeModifier;
ss << nTimeBlockFrom << nTxPrevOffset << txPrev.nTime << prevout.n << nTimeTx;
hashProofOfStake = Hash(ss.begin(), ss.end());
if(CBigNum(hashProofOfStake) > bnCoinDayWeight * bnTargetPerCoinDay)
return false;
im not well enough versed with the code to know what these variable names imply
i have discovered a flaw with current PoS implementation
you can easily do a 51% attack with PoS blocks without needing large holdings
since PoS blocks are generated on a coin age basis, you could create TXO's delayed by a time offset at the minimum TXO cost for a future attack period
so after creating 10000 TXO of 1 MINT separated by 0.5 seconds to make sure 60 consecutive blocks are generated at repeated interval by your wallet 20 days in the future, the attack would last 1 hour and 40 minutes
enough to put the security and function of a coin in question
couple that with the fact the difficulty calculation includes PoS blocks, that would mean difficulty would jump to stratospheric levels making it impossible to mine PoW blocks
are people really not concerned about this?
YOU CAN 51% ATTACK ANY POS COIN WITHOUT THE NEED FOR 51% OF SUPPLY OR ANY PoW HASHRATE AT ALLHi all. Just thought I'd share some of the joy we've been dealing with on the Mintcoin thread. Have a good night.
Check our code i'd say
No explanation? I'm not computer savvy enough to get the answer from the code myself so I was hoping somebody who knows the blackcoin code could explain. It
seems that this type of attack is prevented by hybrid PoW/PoS since the PoW blocks have a different and independent difficulty algorithm from the PoS blocks, and you cannot predict with any certainty what the next block in the chain will be (trying to build x consecutive PoS blocks to form an attack with would be interrupted by the generation of a valid PoW block). If that is true, I still don't understand how a pure PoS coin would deal with this. I've got a lot of money invested in this coin and other PoS coins so I would like to know my money is safe, and I would appreciate a concrete answer other than "your money is safe" or "we've figured out how to prevent that" because I'm the type of person that only trusts something if I understand why.
This flaw was addressed by the author of PoS, Sunny King, earlier this year:
Official release build is now available
http://www.ppcoin.org/ (via sourceforge)
What's in 0.3.0 release:
Stake generation protocol upgrade (protocol switch March 20th)
Qt UI support
Fix compatibility with vanitygen (note: private keys dumped in v0.2 is no longer importable into v0.3.0, must dump again from v0.3.0 client)
Miscellaneous bug fixes and improvements
The protocol upgrade in 0.3.0 includes a new algorithm to derive proof-of-stake hash modifier, the entity that scrambles computation for stake owners, which replaces the current proof-of-stake difficulty used as modifier in 0.2 protocol. The design was started late September last year, when I first began to realize the issues with using difficulty as modifier. Honorary mention also goes to Jutarul, who independently discovered and verified an issue with using difficulty as modifier and published on bitcointalk in December last year, while successfully executed a demo attack on the block chain. Other changes in the protocol include starting hash weight from 0 at the 30-day mininum age, and requirement that coinstake timestamp must equal block timestamp. Overall 0.3 protocol should significantly strengthen the proof-of-stake protection and resolve the current known vulnerabilities.
My sincere appreciation to co-contributors of 0.3.0 release:
Robert VanHazinga of Hartland PC (dreamwatcher) for the vanitygen compatibility fix
Jutarul for demonstrating stake generation vulnerability
EskimoBob for reporting issue fixed in 0.3.0
And just to make it absolutely clear Blackcoin uses 0.3.0 POS protocol.
Also the attack described would not work. Coins are not staked only on coinage, it is only one factor. So even if you made a lot of transactions so all your coins were separated by a small interval, there is no guarantee they will stake at each interval - in fact splitting them into small amounts to make these intervals will make them less likely to stake. You would have to have a very large amount of coins at each interval to even have a chance of producing 2 consecutive blocks. This attack is completely unrealistic.
A scrypt rig will cost alot more than that 
