Topic: Namecoin was stillborn, I had to switch off life-support - page 7. (Read 46129 times)

This is sad, Namecoin was a big innovation.

@Coinslayer: Nice find... in a way. Congrats! :-)


Having many people examine the code is only possible with open source. So in general that makes open source software more secure and less bug-ridden than closed source software. This is well-known.

Obviously, making a piece of software open source doesn't automatically make it more secure. While the discovery of the OP is quite desastruous for NMC, think about how much bigger the desaster would have been if the bug had been discovered by some black hat in a year or two because (?) the project was closed source.

Now the devs (assuming there are some left, but there seems to be *some* activity over at dot-bit.org) have a chance to fix the issue and bring the project back to where it's useful. I think the ideas behind NMC are quite cool, especially because this way namecoins and the NMC blockchain do have an intrinsic value, in contrast to all the other alts.

RIP

Well, it will be awfully hard to administer such a hardfork - either you reorganize all the way back to block 139872, from when you have the patch ready, or you need to backtrack false takeovers and reverse them. I'd say that it is more fair to cancel all reservations, after all, they never really were enforced anyway... Further, it would be healthy to clean up the list of domains.

It's great that you're reviewing the code, and sad indeed that the developers ignored you.
Still, how does this imply "Namecoin is dead"?

It's just a hardfork that needs to be done in order to enforce the rules, no?

So all the brains and noise in crypto and open source projects over looked such a disaster?
I'm not sure whether to congratulate you or offer my condolences to the dev team and the big players.

This is rather interesting, not only for crypto, but also for all open source projects; having a project "open source" and calling the myth of "open source is more secure" doesn't make the code more secure.. Having developers like yourself actually looking into the code and testing the hell out of every possibility  is what makes it secure.

Nice work, hope a fix, patch, rebirth or whatever you want to call it will be pushed out soon as such noise is in no way good to any cryptos including but not limited to Bitcoin  

Is it impossible for the devs to hard-fork NMC with the bugfix, and keep all/most of the current domain registrations?

I suggest: "or just a cancel of all the name reservations starting from some future block" - so enforce a reset of all name reservations, say from block 141000, and following that enforce the rules. This means that all domains reserved are worthless, but that is also the case today due to the bug. However, this approach might cap the NMC rate decline.

How they going to fix this?

This is the postmortems and obituary over namecoin. In fact it never really existed, but by block: 139872 it became clear. However, if you haven' t noticed yet read on...

Edit 131016 : A nice fix is currently being tested, so it seems like namecoin will be back in business. Cudos to the "snailbrain" and "phelix" for cooking it together and acting fast. So current status is - don't buy a domain from someone, and don't trust any important key-value pair in namecoin  before the fix has been rolled out! - Will update once it is there, but could take days to deploy at miners.

Namecoin has always been my favorite alt-coin - it had a clear purpose, different from Bitcoin, offering a nice way to keep a de-central registry of key-value pairs. About a month ago I had a closer look at namecoin, to integrate it into libcoin on the Kraken exchange. Libcoin is a complete other story, it is a library supporting bitcoin as well as several of the alt coins, enabling easy construction of anything from light weight wallets to full server wallet solutions for exchanges and merchant sites. However, back to namecoin...

I have integrated several alt coins, and I know the machinery pretty well by now. The engine of any bitcoin based crypto currency is the ConnectBlock / ConnectInputs methods in main.cpp. They keep the rules of when to accept a block and when to reject a block, and it is there you make patches to enable anything from alternative hashing algorithms (litecoin) to merged mining (namecoin and others) as well as add new features and rules. Namecoin keep a reasonable separation through the definitions of hooks, implementing the actual rules in a separate file, namecoin.cpp.

So the real interesting stuff in namecoin is happening in namecoin.cpp in the ConnectInputs method. This one is called from ConnectInputs in main.cpp and hence have the ability to change and add rules.

All namecoin rules are kept hidden from the bitcoin script rule engine through OP_DROP opcodes, i.e. some special opcodes and data is entered, followed by a matching chain of OP_DROP commands, so the normal script rule engine will simply ignore anything namecoin'ish. The special op codes of namecoin are:
The reason for the setup is to avoid domain opportunists listening for new domain reservations and issuing competing reservations to later sell the domain back. So first you issue a:
Where the hash is composed of a random number and the domain, hashed. You are not allowed to issue a first-update, finally registering the domain, before after 12 blocks, ensuring no block reorganizations can enable a domain opportunists to steal your domain. In the name_new/name_firstupdate RPC calls this rule is nicely enforced, however, when you look in the ConnectInputs method you find rules enforcing a fee, rules enforcing the 12 blocks, but NO RULES ENFORCING THE HASH! [namecoin.cpp line 1874-1907] ]. So any name_new can be used as input for ANY name. This means that the domain reservation is not enforced at all leaving namecoin completely open for domain opportunists.

Clearly the patient is bleeding and in urgent need for help, but brace yourselves, this is not affecting already registered domains so it is fixable by a proper patch, and a recommendation to not reserve any new domains before the patch is in effect. Relieved that there was a cure I continued with the standard examination, to check if the rest was ok.

The key lines in namecoin.cpp are probably 1930 to 1949, this is the very core of namecoin. This is the enforcing of a name_update - a name update is the script:
So, take an already registered name and update that with a new value. Now you would expect some code enforcing that only an input of that name can be update to another value - but NO! Again there is no enforcing of the core ruleset. So you can in fact update the value of any name in namecoin by any other input name. And after that you own it, or well, as much as you can actually own a name who anyone can update.

The final test was to try it out - (sorry) - I might had overlooked something, so, I changed the name_update algorithm to enable such takeovers, and did a:

Try name_history on d/bitcoin and see for yourselves - there is no enforced integrity of the key value pairs in namecoin. So namecoin looses its entire purpose. The problem is that there is no fix to this - it is similar to being able to randomly take ownership of other peoples money, all the value is gone. I tried, initially, a silent fix contacting namecoin developers and key users more than a month ago, but I never got any answers back. Perhaps, the best future for namecoin now is a rebirth with a new genesis, or just a cancel of all the name reservations starting from some future block ?

I should also note that up until block 139872, no one have exploited the bugs. The libcoin code actually enforced the above rules, and I was able to download and verify the entire chain, now I have added a flag, ignore_rules, to get pass block 139872.

Coinslayer aka Michael, Chief Operation Officer, Payward Inc. kraken.com