PIVX and possibly 200 other blockchains vulnerable to bug

bathrobehero

legendary

Activity: 2002

Merit: 1051

ICO? Not even once.

Quote from: qwizzie on August 14, 2019, 12:27:20 AM

Yeah, i was wondering about that myself (i did not check the addresses though).
Below seems to summarize the main problem by the way :

https://i.imgur.com/EjdXS0v.jpg

Link : https://www.reddit.com/r/pivx/comments/cpy3ea/a_response_to_the_article_pivx_and_200_pos_chains/

Whoa, did not expect to see myself quoted from reddit.

I'm very curious how long the fix will take and if they decide to punish the offenders in any way.

qwizzie

legendary

Activity: 2548

Merit: 1245

Quote from: Khaos77 on August 14, 2019, 12:22:21 AM

Pivx Team released a response to the article.
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote

There are some discrepancies with that Mr. Yoon seems to be basing his conclusions on.
There is more than 87 coins in this wallet. It’s over 11k.
   Main Address DHagKZ4ByFgxXe3txYysxqG5x6PvcSmwQS
   Owner Unknown
   Balance 11,625.05234493 PIVX
   Addresses 100
   with non zero-balance 100

Hmm,
Discrepancy
According to https://chainz.cryptoid.info/pivx/address.dws?DCLsuSttqkWABZkNvVHNbRFxWtTTHXYRMS.htm
Balance appears to be

Quote

Balance 90.12076074 PIVX

not the amount claimed by the Pivx devs, Tongue

Yeah, i was wondering about that myself (i did not check the addresses though).
Below seems to summarize the main problem by the way :

Link : https://www.reddit.com/r/pivx/comments/cpy3ea/a_response_to_the_article_pivx_and_200_pos_chains/

Khaos77

member

Activity: 200

Merit: 73

Flag Day ☺

Quote from: qwizzie on August 14, 2019, 12:08:50 AM

Quote from: Khaos77 on August 13, 2019, 10:41:32 PM

Quote from: qwizzie on August 13, 2019, 03:56:43 PM

https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote

The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past. However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side Shocked

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age

Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications

So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.

Interesting information, thank you.

Pivx Team released a response to the article.
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote

There are some discrepancies with that Mr. Yoon seems to be basing his conclusions on.
There is more than 87 coins in this wallet. It’s over 11k.
Main Address DHagKZ4ByFgxXe3txYysxqG5x6PvcSmwQS
Owner Unknown
Balance 11,625.05234493 PIVX
Addresses 100
with non zero-balance 100

Hmm,
Discrepancy
According to https://chainz.cryptoid.info/pivx/address.dws?DCLsuSttqkWABZkNvVHNbRFxWtTTHXYRMS.htm
Balance appears to be

Quote

Balance 90.12076074 PIVX

not the amount claimed by the Pivx devs, Tongue

qwizzie

legendary

Activity: 2548

Merit: 1245

Quote from: Khaos77 on August 13, 2019, 10:41:32 PM

Quote from: qwizzie on August 13, 2019, 03:56:43 PM

https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote

The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past. However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side Shocked

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age

Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications

So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.

Interesting information, thank you.

Khaos77

member

Activity: 200

Merit: 73

Flag Day ☺

Quote from: qwizzie on August 13, 2019, 03:56:43 PM

https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote

The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past. However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side Shocked

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age

Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications

So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.

qwizzie

legendary

Activity: 2548

Merit: 1245

https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote

The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past. However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side Shocked

qwizzie

legendary

Activity: 2548

Merit: 1245

Source picture : Cointelegraph article itself

Read more here : https://cointelegraph.com/news/pivx-possibly-other-pos-chains-vulnerable-to-bug-attackers-profit

Note : PIVX is a fork of Dash (forked from Dash v0.12.0.x) and is using a custom proof of stake (PoS) model.
Both PIVX and over 200 other PoS blockchains appear to be vulnerable to disproportionately high staking rewards.
Dash on the other hand does not have this vulnerability, because Dash has a proof of work (PoW) model.

Bitgreen (a PoS altcoin running on PIVX) stated it will start planning a migration from PIVX to Dash.

Quote

As a final solution, the BitGreen project plans to migrate from the still-vulnerable PIVX network to DASH on its next update

Link : https://beincrypto.com/pivx-response-to-network-vulnerability-casts-doubt-on-project/

Update : https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Topic: PIVX and possibly 200 other blockchains vulnerable to bug (Read 162 times)