Looks like I may have gotten wrong information on NOMP not being affected. Anyone have a modified miner to test with?
https://github.com/zone117x/node-open-mining-portal/issues/430
Topic: Duplicate Shares Exploit -- Most Pools Affected (Read 1545 times)
LOL - Really? How much does SuprNova have total for Scrypt mining? As I'm not seeing much.
Perhaps this is why pool owners are being very very quiet about this exploit.
most just dont know about it. to put it bluntly. 99% of altcoin hash is in 1 place. suprnova. so he's the only one who should care about the patch
http://pools.smarterhash.com pools have been patched to guard against this exploit.
Perhaps this is why pool owners are being very very quiet about this exploit.
NOMP is affected. Ive checked it from what i can tell
Ahmed
Ahmed
This is good to know if true. Who has indicated that NOMP is unaffected?
Stratum-mining reportedly fixed 14 days ago.
https://github.com/Crypto-Expert/stratum-mining/commit/d5b4ffddf60117c177945e0ea544288e9a9b2db9
I have not heard reports of NOMP base pools being exploited and have been told NOMP is unaffected by this issue.
https://github.com/Crypto-Expert/stratum-mining/commit/d5b4ffddf60117c177945e0ea544288e9a9b2db9
I have not heard reports of NOMP base pools being exploited and have been told NOMP is unaffected by this issue.
Heres is a example of the fix.
To summarize, you need to force lowercase on all submitted shares. The exploit occurs when someone submits an valid share, then resubmits it and changes capitalization on any part of it (because shares are case insensitive to be valid)
https://github.com/ahmedbodi/powerpool/commit/b82e8b5ec4c79c0bbf820c898fba246ccf273cb5
Now go on, fix all the pools!
To summarize, you need to force lowercase on all submitted shares. The exploit occurs when someone submits an valid share, then resubmits it and changes capitalization on any part of it (because shares are case insensitive to be valid)
https://github.com/ahmedbodi/powerpool/commit/b82e8b5ec4c79c0bbf820c898fba246ccf273cb5
Now go on, fix all the pools!
Wow - all I can say is choose your pools wisely. Ask them if they have made the fix otherwise you could be cheated in your payments by someone else submitting duplicate shares.
I'm not sure how this is fixed - as I'm not a coder, but it affects practically every pool out there.
This thread is all and dandy, but how about someone sharing actual details on the issue, and what branch of stratum has it repaired, and the proof of said repair?
I have a feeling most Scrypt mining pools are still affected by the duplicate shares exploit.
Perhaps this topic will get the other ones moving to fix the exploit where a miner can submit duplicate shares -- receiving 2x, 3x, 4x or more credit for their mining share on a pool.
The following Scrypt pools have fixed the issue:
1. Hash-to-Coins.com
2. IPOMiner.com
3.
?
thanks for the tip Perhaps this topic will get the other ones moving to fix the exploit where a miner can submit duplicate shares -- receiving 2x, 3x, 4x or more credit for their mining share on a pool.
The following Scrypt pools have fixed the issue:
1. Hash-to-Coins.com
2. IPOMiner.com
3.
?
gpu will rule again scrypt soon
ipominer has definitely fixed theirs. Me and wuher were discussing it a couple of weeks ago.
Ahmed
Ahmed
I have a feeling most Scrypt mining pools are still affected by the duplicate shares exploit.
Perhaps this topic will get the other ones moving to fix the exploit where a miner can submit duplicate shares -- receiving 2x, 3x, 4x or more credit for their mining share on a pool.
The following Scrypt pools have FIXED the issue:
1. Hash-to-Coins.com
2. IPOMiner.com
3. Smarterhash.com
4.??
Perhaps this topic will get the other ones moving to fix the exploit where a miner can submit duplicate shares -- receiving 2x, 3x, 4x or more credit for their mining share on a pool.
The following Scrypt pools have FIXED the issue:
1. Hash-to-Coins.com
2. IPOMiner.com
3. Smarterhash.com
4.
??Jump to: