Nxt source code flaw reports - page 40.

ImmortAlex

hero member

Activity: 784

Merit: 501

Quote from: ricot on January 06, 2014, 10:14:54 AM

I also had a quick look at yours: The actual adding of the blcok in pushBlock is synchronized on blocks, so any processBlock call would wait there until the blockchain loading request is finished. (since that synchronizes before doing the popping)
It may however, ignore the block that has been sent using processBlock, eventhough it would have been valid.

1. pushBlock() is not sync'ed outside, in "processBlock".
2. pushBlock creates block and check in validity outside syncronization.
3. Especially dangerous is checks using lastBlock.
4. Than inside syncronization it set processed block as lastBlock, broking what's done in parallel thread.

I think, whole pushBlock() must be sync'ed on blocks.

ricot

newbie

Activity: 56

Merit: 0

Quote from: ImmortAlex on January 06, 2014, 09:51:54 AM

Quote from: Come-from-Beyond on January 06, 2014, 09:44:12 AM

We need guys like him in our team. Hey, big stakeholders, do u hear me?

Definitely. ricot found most interesting flaws in last days, not a small local mistakes, but broken logic in execution flow.

Btw, did you miss my observation in shadows of big ricot investigation?

Any comment, please...

I also had a quick look at yours: The actual adding of the blcok in pushBlock is synchronized on blocks, so any processBlock call would wait there until the blockchain loading request is finished. (since that synchronizes before doing the popping)
It may however, ignore the block that has been sent using processBlock, eventhough it would have been valid.

ImmortAlex

hero member

Activity: 784

Merit: 501

Quote from: Come-from-Beyond on January 06, 2014, 09:44:12 AM

We need guys like him in our team. Hey, big stakeholders, do u hear me?

Definitely. ricot found most interesting flaws in last days, not a small local mistakes, but broken logic in execution flow.

Btw, did you miss my observation in shadows of big ricot investigation?

Any comment, please...

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: nexern on January 06, 2014, 09:40:13 AM

Quote from: bidji29 on January 06, 2014, 09:15:55 AM

I sent you another donation ricot for your amazing work

+1

We need guys like him in our team. Hey, big stakeholders, do u hear me?

nexern

hero member

Activity: 597

Merit: 500

Quote from: bidji29 on January 06, 2014, 09:15:55 AM

I sent you another donation ricot for your amazing work

+1

bidji29

sr. member

Activity: 392

Merit: 250

I sent you another donation ricot for your amazing work

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: ricot on January 06, 2014, 09:08:01 AM

Are you kidding me??? This bug is used in the wild and is crashing your clients left and right! Mine has been crashed using that method 4 times in the last 24h, others too.

This happens only when u connect to a rogue node, most of the nodes r legit ones. NRS has been working with this bug since genesis block. Why is it critical?

ricot

newbie

Activity: 56

Merit: 0

Quote from: Come-from-Beyond on January 06, 2014, 09:09:08 AM

Quote from: ricot on January 06, 2014, 09:08:01 AM

Quote from: Come-from-Beyond on January 06, 2014, 08:59:43 AM

This is a serious bug and is worth a reward. Thank u.

PS: This is not an injected flaw.

Can we please get a 0.5.1 fast that does a quick fix for that? I'm tired of restarting my client all the time. :p

This is not a critical bug, so it's better to stick to the plan, IMHO.

Are you kidding me??? This bug is used in the wild and is crashing your clients left and right! Mine has been crashed using that method 4 times in the last 24h, others too.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: ricot on January 06, 2014, 09:08:01 AM

Quote from: Come-from-Beyond on January 06, 2014, 08:59:43 AM

This is a serious bug and is worth a reward. Thank u.

PS: This is not an injected flaw.

Can we please get a 0.5.1 fast that does a quick fix for that? I'm tired of restarting my client all the time. :p

This is not a critical bug, so it's better to stick to the plan, IMHO.

ricot

newbie

Activity: 56

Merit: 0

Quote from: Come-from-Beyond on January 06, 2014, 08:59:43 AM

This is a serious bug and is worth a reward. Thank u.

PS: This is not an injected flaw.

Can we please get a 0.5.1 fast that does a quick fix for that? I'm tired of restarting my client all the time. :p

[edit]
damn th 360s post limit...

Quote from: ferment on January 06, 2014, 09:06:17 AM

Quote from: ricot on January 06, 2014, 08:47:32 AM

Well, it's not that easy. Unfortunately we can't query an account's balance with any API call... bummer.

Great debugging!

FYI... there is an api.

http://localhost:7874/nxt?requestType=getBalance

Oah, I missed an API... damn it... but anyways, here's the result, confirming my finding: Cool

{"balance":-31542200,"effectiveBalance":-31542200,"unconfirmedBalance":-31542200}

ferment

full member

Activity: 168

Merit: 100

IDEX - LIVE Real-time DEX

Quote from: ricot on January 06, 2014, 08:47:32 AM

Well, it's not that easy. Unfortunately we can't query an account's balance with any API call... bummer.

Great debugging!

FYI... there is an api.

http://localhost:7874/nxt?requestType=getBalance&account=11243542237777034551

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: gsan1 on January 06, 2014, 08:59:18 AM

Quote from: ferment on January 06, 2014, 08:53:24 AM

To get the published code:

1. Remove advanced stuff (aliases, etc) from 0.4.7e.
2. Inject 3 logic flaws.
3. Post on bitbucket.

The code for 0.5.0 never saw the flaws.

But this is a condradiction to CfBs statement?

Quote from: Come-from-Beyond on January 06, 2014, 08:01:19 AM

Quote from: BloodyRookie on January 06, 2014, 07:58:53 AM

Yes, logical flaws. But if I understand CfB correct, he states that the original 0.4.7e (the version which was distributed to the nxt users) and subsequent versions do NOT contain those logical flaws. Can you confirm that, CfB?

No, I can't.

There is no contradiction. I just can't confirm this due to the rules of the review.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: gsan1 on January 06, 2014, 08:49:44 AM

The binary of 0.4.7e that was published weeks ago and used in production does not contain the flaws we are searching here, right? Otherwise that would mean, that we used software that has critical flaws in it. The binary 0.5.0 should have these flaws fixed to, right? Otherwise someone could exploit them, when they are known in this topic.

The source code of 0.4.7e that was published on 3. January is the version of binary 0.4.7e minus alias, coloured coins plus three security flaws. Right? So why can't you confirm that the flaws we are searching are fixed in 0.4.7e or 0.5.0?

If I answered that would be too easy, keep digging. Grin

ImmortAlex

hero member

Activity: 784

Merit: 501

Quote from: Come-from-Beyond on January 06, 2014, 08:59:43 AM

PS: This is not an injected flaw.

It's time to post this:

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: ?? on ??

Quote from: Come-from-Beyond on January 06, 2014, 08:27:00 AM

No. It's just 2⁶⁴.

Was my previous question EVEN MORE trivial for you to not even bother? Cheesy

Maybe...

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

gsan1

newbie

Activity: 50

Merit: 0

Quote from: ferment on January 06, 2014, 08:53:24 AM

To get the published code:

1. Remove advanced stuff (aliases, etc) from 0.4.7e.
2. Inject 3 logic flaws.
3. Post on bitbucket.

The code for 0.5.0 never saw the flaws.

But this is a condradiction to CfBs statement?

Quote from: Come-from-Beyond on January 06, 2014, 08:01:19 AM

Quote from: BloodyRookie on January 06, 2014, 07:58:53 AM

Yes, logical flaws. But if I understand CfB correct, he states that the original 0.4.7e (the version which was distributed to the nxt users) and subsequent versions do NOT contain those logical flaws. Can you confirm that, CfB?

No, I can't.

ImmortAlex

hero member

Activity: 784

Merit: 501

Quote from: gsan1 on January 06, 2014, 08:49:44 AM

So why can't you confirm that the flaws we are searching are fixed in 0.4.7e or 0.5.0?

There was no flaws we are looking for. They were introduced in source code with purpose.

ferment

full member

Activity: 168

Merit: 100

IDEX - LIVE Real-time DEX

Quote from: gsan1 on January 06, 2014, 08:49:44 AM

Quote from: Come-from-Beyond on January 06, 2014, 08:16:49 AM

Quote from: BloodyRookie on January 06, 2014, 08:10:14 AM

hmpf....so I misunderstood the phrase "3 flaws were injected into 0.4.7e".

0.4.7e source code was modified before publishing.

The source code of 0.4.7e that was published on 3. January is the version of binary 0.4.7e minus alias, coloured coins plus three security flaws. Right? So why can't you confirm that the flaws we are searching are fixed in 0.4.7e or 0.5.0?

To get the published code:

1. Remove advanced stuff (aliases, etc) from 0.4.7e.
2. Inject 3 logic flaws.
3. Post on bitbucket.

The code for 0.5.0 never saw the flaws.

gsan1

newbie

Activity: 50

Merit: 0

Quote from: Come-from-Beyond on January 06, 2014, 08:16:49 AM

Quote from: BloodyRookie on January 06, 2014, 08:10:14 AM

hmpf....so I misunderstood the phrase "3 flaws were injected into 0.4.7e".

0.4.7e source code was modified before publishing.

The binary of 0.4.7e that was published weeks ago and used in production does not contain the flaws we are searching here, right? Otherwise that would mean, that we used software that has critical flaws in it. The binary 0.5.0 should have these flaws fixed to, right? Otherwise someone could exploit them, when they are known in this topic.

The source code of 0.4.7e that was published on 3. January is the version of binary 0.4.7e minus alias, coloured coins plus three security flaws. Right? So why can't you confirm that the flaws we are searching are fixed in 0.4.7e or 0.5.0?

Topic: Nxt source code flaw reports - page 40. (Read 113359 times)