Author

Topic: Duplicate Shares Exploit -- Most Pools Affected (Read 1546 times)

hero member
Activity: 499
Merit: 500
Looks like I may have gotten wrong information on NOMP not being affected.  Anyone have a modified miner to test with?


https://github.com/zone117x/node-open-mining-portal/issues/430
hero member
Activity: 630
Merit: 504

LOL - Really?  How much does SuprNova have total for Scrypt mining?  As I'm not seeing much.

hero member
Activity: 800
Merit: 1000

Perhaps this is why pool owners are being very very quiet about this exploit.



most just dont know about it. to put it bluntly. 99% of altcoin hash is in 1 place. suprnova. so he's the only one who should care about the patch
sr. member
Activity: 616
Merit: 253
http://pools.smarterhash.com pools have been patched to guard against this exploit.
hero member
Activity: 630
Merit: 504

Perhaps this is why pool owners are being very very quiet about this exploit.

hero member
Activity: 800
Merit: 1000
NOMP is affected. Ive checked it from what i can tell

Ahmed
hero member
Activity: 630
Merit: 504

This is good to know if true.  Who has indicated that NOMP is unaffected?

hero member
Activity: 499
Merit: 500
Stratum-mining reportedly fixed 14 days ago.

https://github.com/Crypto-Expert/stratum-mining/commit/d5b4ffddf60117c177945e0ea544288e9a9b2db9

I have not heard reports of NOMP base pools being exploited and have been told NOMP is unaffected by this issue. 
full member
Activity: 306
Merit: 100
Heres is a example of the fix.

To summarize, you need to force lowercase on all submitted shares.  The exploit occurs when someone submits an valid share, then resubmits it and changes capitalization on any part of it (because shares are case insensitive to be valid)

https://github.com/ahmedbodi/powerpool/commit/b82e8b5ec4c79c0bbf820c898fba246ccf273cb5

Now go on, fix all the pools!
hero member
Activity: 630
Merit: 504

Wow - all I can say is choose your pools wisely.  Ask them if they have made the fix otherwise you could be cheated in your payments by someone else submitting duplicate shares.

I'm not sure how this is fixed - as I'm not a coder, but it affects practically every pool out there.

full member
Activity: 306
Merit: 100
This thread is all and dandy, but how about someone sharing actual details on the issue, and what branch of stratum has it repaired, and the proof of said repair?
legendary
Activity: 1400
Merit: 1050
I have a feeling most Scrypt mining pools are still affected by the duplicate shares exploit.

Perhaps this topic will get the other ones moving to fix the exploit where a miner can submit duplicate shares -- receiving 2x, 3x, 4x or more credit for their mining share on a pool.

The following Scrypt pools have fixed the issue:

1.  Hash-to-Coins.com
2.  IPOMiner.com
3.  Huh?


thanks for the tip  Grin gpu will rule again scrypt soon Grin
hero member
Activity: 800
Merit: 1000
ipominer has definitely fixed theirs. Me and wuher were discussing it a couple of weeks ago.

Ahmed
hero member
Activity: 630
Merit: 504
I have a feeling most Scrypt mining pools are still affected by the duplicate shares exploit.

Perhaps this topic will get the other ones moving to fix the exploit where a miner can submit duplicate shares -- receiving 2x, 3x, 4x or more credit for their mining share on a pool.

The following Scrypt pools have FIXED the issue:

1.  Hash-to-Coins.com
2.  IPOMiner.com
3.  Smarterhash.com
4.  Huh??

Jump to: