Topic: Nxt source code flaw reports - page 43. (Read 113369 times)

I don;t think the flaws should be published....for at least 3 years

Well, we still have a critical and a serious flaws.

What if someone find this fatal flaw but doesn;t say anything?  and keeps it secret.

Edit: And builds a copy-coin....can he still defend the copycat with his knowledge?

I don;t feel good asking this question

Before a block can get popped, it has to be pushed. pushBlock calls analyze (if the block is considered to be valid) and in analyze, the recipient of a transaction is added if needed:


So when popBlock is called, the recipient is known and the Hashmap will always return a valid account.

- It's not a problem with TF, blocks r supposed to be forged in advance.
- This can be fixed by using more than 1 thread for blockchain downloading.

No.

I'm still waiting on statements concerning these two problems:

- Waiting past the creation time of a block to add additinal future transactions gains malicious Bob more coins when forging and causes the creation of unneccessary orphan blocks.
- Malicious Anna can gain ~7.5% more forges by spamming the network with early-generated blocks.

Are both of those working as intended? If yes: The network will become a lot more inefficient in the near future  

Were you able to check if this was possible?

The fatal flaw will bring a copy-coin to death within a day.

The published code contains 3 flaws to find more bugs and to prevent copycats from copying NXT to early, right?
But why does it prevent them from copying? Could the flaws being used to "destroy" a copied NXT system?

When the very last block is reached.

Soft ignores blockchain reorgs deeper than 720 blocks.

That's exactly what we invested in, an idea. The fact, to me, that we are this far along in such a short period of time is nothing short of amazing.

Don't know how your investors should feel about this.

For the life of me,  I can't understand why they use the primitive long to represent money in NXT.  It is crazy!

thx

Good catch. This saved my time coz I was going to find out why sometimes my node can't catch the blocks.

PS: I used the account in ur signature. Thank u.

Yes, I started with 2 well known Peer, both had hallmarks. I logged the method calls in the peer class:

[2014-01-05 19:25:00.629] Nxt 0.4.7e started.
[2014-01-05 19:25:00.630] "blockchainStoragePath" = "blockchain.nrs"
[2014-01-05 19:25:00.636] "myScheme" = "http"
[2014-01-05 19:25:00.636] "myPort" = "7874"
[2014-01-05 19:25:00.636] "myAddress" = ""
[2014-01-05 19:25:00.636] "shareMyAddress" = "true"
[2014-01-05 19:25:00.637] "myHallmark" = ""
[2014-01-05 19:25:00.637] "wellKnownPeers" = "78.46.63.221; 95.85.22.142"
[2014-01-05 19:25:00.642] Peer::addPeer (peer address = 78.46.63.221)
[2014-01-05 19:25:00.643] Peer::addPeer (peer address = 95.85.22.142)
[2014-01-05 19:25:00.643] "maxNumberOfConnectedPublicPeers" = "20"
[2014-01-05 19:25:00.644] "connectTimeout" = "2000"
[2014-01-05 19:25:00.644] "readTimeout" = "5000"
[2014-01-05 19:25:00.644] "enableHallmarkProtection" = "true"
[2014-01-05 19:25:00.644] "pushThreshold" = "0"
[2014-01-05 19:25:00.644] "pullThreshold" = "0"
[2014-01-05 19:25:00.645] "allowedUserHosts" = "127.0.0.1; localhost; 0:0:0:0:0:
0:0:1;"
[2014-01-05 19:25:00.645] "allowedBotHosts" = "127.0.0.1; localhost; 0:0:0:0:0:0
:0:1;"
[2014-01-05 19:25:00.645] "blacklistingPeriod" = "300000"
[2014-01-05 19:25:00.645] "communicationLoggingMask" = "0"
[2014-01-05 19:25:00.646] Loading transactions...
[2014-01-05 19:25:00.692] Loading blocks...
[2014-01-05 19:25:00.704] Scanning blockchain...
[2014-01-05 19:25:00.712] ...Done
[2014-01-05 19:25:00.713] Genesis block: Transactions=73 payload=9344
[2014-01-05 19:25:00.720] Peer::getAnyPeer
[2014-01-05 19:25:00.721] Peer::connect (peer address = 95.85.22.142)
[2014-01-05 19:25:00.724] Peer::getAnyPeer
[2014-01-05 19:25:00.727] Peer::getAnyPeer
[2014-01-05 19:25:00.735] Peer::getAnyPeer
2014-01-05 19:25:00.758:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppCo
ntext@1ddb577{/,file:/F:/Android/Projekte/nxt/webapps/root/,AVAILABLE}{F:\Androi
d\Projekte\nxt\webapps\root}
2014-01-05 19:25:00.776:INFO:oejs.ServerConnector:main: Started ServerConnector@
e3dab5{HTTP/1.1}{0.0.0.0:7874}
[2014-01-05 19:25:00.834] Peer::analyzeHallmark (peer address = 95.85.22.142)
[2014-01-05 19:25:00.835] Peer::blacklist (peer address = 95.85.22.142)
2014-01-05 19:25:01.013:INFO:oejs.ServerConnector:main: Started ServerConnector@
264154{SSL-http/1.1}{0.0.0.0:7875}
[2014-01-05 19:25:01.736] Peer::getAnyPeer
[2014-01-05 19:25:02.737] Peer::getAnyPeer
[2014-01-05 19:25:03.738] Peer::getAnyPeer
[2014-01-05 19:25:04.739] Peer::getAnyPeer
[2014-01-05 19:25:05.725] Peer::getAnyPeer
[2014-01-05 19:25:05.728] Peer::getAnyPeer
[2014-01-05 19:25:05.740] Peer::getAnyPeer
[2014-01-05 19:25:05.836] Peer::getAnyPeer
[2014-01-05 19:25:05.836] Peer::connect (peer address = 78.46.63.221)
[2014-01-05 19:25:05.890] Peer::analyzeHallmark (peer address = 78.46.63.221)
[2014-01-05 19:25:05.913] Peer::blacklist (peer address = 78.46.63.221)
[2014-01-05 19:25:06.741] Peer::getAnyPeer
[2014-01-05 19:25:10.914] Peer::getAnyPeer

Link: https://bitcointalksearch.org/topic/m.4329478

Yeah, that's not really a feasible attack... And it also works on BTC, hell even on small FIATs.
Just go to Honduras (randomly chosen small country), tell everyone there that they get 10x their local money's worth in USD, take all the Iempira (that's their currency), burn it, done.