amount added the recieve coins, but didn't minus the coins send out.
EffectiveBalance can be a negative number.
EffectiveBalance can be a negative number.
No.
Edit: I can't explain why, coz I can leak info about a flaw accidentally, sorry.
Topic: Nxt source code flaw reports - page 64. (Read 113359 times)
No.
Edit: I can't explain why, coz I can leak info about a flaw accidentally, sorry.
Quote
int amount = 0;
for (long transactionId : Block.getLastBlock().transactions) {
Transaction transaction = transactions.get(transactionId);
if (transaction.recipient == id) {
amount += transaction.amount;
}
}
return (int)(balance / 100) - amount;
amount added the recieve coins, but didn't minus the coins send out.
EffectiveBalance can be a negative number.
But shouldn´t he get a bounty for pointig it out?
No. This code won't throw an exception coz buffer capacity is validated.
Ah, ok, I see.
But shouldn´t he get a bounty for pointig it out?
No. This code won't throw an exception coz buffer capacity is validated.
Original:
Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) {....}Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) throws Exception {...}Which line can throw the exception?
Buffer operations like buffer.getInt(), get(byte[] dst) can throw exceptions.
Memory allocations can throw exception.
Ok. This is not an injected flaw though.
But shouldn´t he get a bounty for pointig it out?
Original:
Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) {....}Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) throws Exception {...}Which line can throw the exception?
Buffer operations like buffer.getInt(), get(byte[] dst) can throw exceptions.
Memory allocations can throw exception.
Ok. This is not an injected flaw though.
I really don't care how many lines of code are spread over how many files.
This isn't a beauty contest. There are plenty of open source projects with crap looking code, but they are successful because, at the end of the day, it works and it's clever. For example, consider the OpenSSL source code.
Also, I know plenty of algorithmists who don't spend time on prettiness, but still write solid, correct, code. Oh, and it does things a billion times better than other code, because they're good with algorithms and maths.
This isn't a beauty contest. There are plenty of open source projects with crap looking code, but they are successful because, at the end of the day, it works and it's clever. For example, consider the OpenSSL source code.
Also, I know plenty of algorithmists who don't spend time on prettiness, but still write solid, correct, code. Oh, and it does things a billion times better than other code, because they're good with algorithms and maths.
I remember about the reclusive mathematician who released pages upon pages of his handwriting about the the proof for the Fermat's theorem that shocks the world. Yes, it is not a beauty contest.
Could you take a look at the code and give some comments ?
6821 lines java class?. THAT is more than a fatal flaw.
Looking at the code is giving me a headache.
It's not a problem with any modern IDE. Just use code folding. Looking at the code is giving me a headache.
I wonder how many lines the 0.1-alpha bitcoin code had 
and if NXT was written in perl, it'd be a one liner
and if NXT was written in perl, it'd be a one liner
I really don't care how many lines of code are spread over how many files.
This isn't a beauty contest. There are plenty of open source projects with crap looking code, but they are successful because, at the end of the day, it works and it's clever.
Also, I know plenty of algorithmists who don't spend time on prettiness, but still write solid, correct, code. Oh, and it does things a billion times better than other code, because they're good with algorithms and maths.
This isn't a beauty contest. There are plenty of open source projects with crap looking code, but they are successful because, at the end of the day, it works and it's clever.
Also, I know plenty of algorithmists who don't spend time on prettiness, but still write solid, correct, code. Oh, and it does things a billion times better than other code, because they're good with algorithms and maths.
6821 lines java class?. THAT is more than a fatal flaw.
Looking at the code is giving me a headache.
Looking at the code is giving me a headache.
most lines are empty and for style reasons (single brackets etc). I thought it would be more tbh
6821 lines java class?. THAT is more than a fatal flaw.
Looking at the code is giving me a headache.
Looking at the code is giving me a headache.
Original:
Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) {....}Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) throws Exception {...}Which line can throw the exception?
Buffer operations like buffer.getInt(), get(byte[] dst) can throw exceptions.
Memory allocations can throw exception.
Three is only one file which is a 6812 lies Nxt.java.
It is not a news for those who tries to decompile it since first version Nxt source code has been released - https://bitcointalksearch.org/topic/m.4287127
The code contains 3 flaws - serious, critical and fatal. The 1st person who reports these flaws will get 1'000, 10'000 or 100'000 NXT reward accordingly.
Each flaw has a small description. Here r SHA256 hashes of these descriptions:
bd34c891e9e3df9ea8b8eafc4dc3edc129f81365d42bf204ea58271e320f3ce5 - 1K reward
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530 - 10K reward
f5236644f4306699bb0fa90a905afe2454683c0aad6995e4433d712e2fdb257c - 100K reward
The flaws must be reported before the 3rd of April, after that date they can be revealed at any moment.
If u think that u found a flaw, post here its description. Mathematical proof is not necessary, common sense should be enough. If ur guess is correct u may* get the reward, if u find a non-injected flaw then u'll be asked for more formal proof (u may get a reward too).
NB: Some guys mentioned that they would just decompile 0.4.7e binaries and compare the source codes to find the flaws. As a countermeasure against such the trick u still must explain why there is a flaw.
-------------
* - BCNext reserves the right to refuse to pay a reward without any explanation. This is an anti-troll countermeasure.
The code contains 3 flaws - serious, critical and fatal. The 1st person who reports these flaws will get 1'000, 10'000 or 100'000 NXT reward accordingly.
Each flaw has a small description. Here r SHA256 hashes of these descriptions:
bd34c891e9e3df9ea8b8eafc4dc3edc129f81365d42bf204ea58271e320f3ce5 - 1K reward
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530 - 10K reward
f5236644f4306699bb0fa90a905afe2454683c0aad6995e4433d712e2fdb257c - 100K reward
The flaws must be reported before the 3rd of April, after that date they can be revealed at any moment.
If u think that u found a flaw, post here its description. Mathematical proof is not necessary, common sense should be enough. If ur guess is correct u may* get the reward, if u find a non-injected flaw then u'll be asked for more formal proof (u may get a reward too).
NB: Some guys mentioned that they would just decompile 0.4.7e binaries and compare the source codes to find the flaws. As a countermeasure against such the trick u still must explain why there is a flaw.
-------------
* - BCNext reserves the right to refuse to pay a reward without any explanation. This is an anti-troll countermeasure.
Three is only one file which is a 6812 lies Nxt.java.
I must say I'm impressed(thinking of how high NXT cap is).
This whole thing is like a joke.
Perhaps u mean (amount + fee) part? amount and fee is checked above, they can't exceed 1'000'000'000.
There is no 1'000'000'000 comparison in case "sendMoney" block
Code:
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
...
if (userPasscode == null) { // false
...
} else {
...
if (allowedUserHosts != null && !allowedUserHosts.contains(req.getRemoteHost())) // false
..
switch (req.getParameter("requestType"))
...
case "sendMoney": {
...
Peer.sendToAllPeers(peerRequest);
..
No need to check for overflow coz the transaction will be validated by peers.
Perhaps u mean (amount + fee) part? amount and fee is checked above, they can't exceed 1'000'000'000.
There is no 1'000'000'000 comparison in case "sendMoney" block
Code:
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
...
if (userPasscode == null) { // false
...
} else {
...
if (allowedUserHosts != null && !allowedUserHosts.contains(req.getRemoteHost())) // false
..
switch (req.getParameter("requestType"))
...
case "sendMoney": {
...
Peer.sendToAllPeers(peerRequest);
..
Original:
Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) {....}Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) throws Exception {...}Which line can throw the exception?
Original:
Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) {....}Since the method can throw an unhandled Exceptions it should be
Code:
static boolean pushBlock(ByteBuffer buffer, boolean savingFlag) throws Exception {...}Code:
(amount + fee) * 100L > account.unconfirmedBalance
No, 100L tells that the result will be a 64-bit number.
Really? http://ideone.com/5zWQ0C
Perhaps u mean (amount + fee) part? amount and fee is checked above, they can't exceed 1'000'000'000.
Jump to: