Author

Topic: PIVX and possibly 200 other blockchains vulnerable to bug (Read 165 times)

legendary
Activity: 2002
Merit: 1051
ICO? Not even once.
Yeah, i was wondering about that myself (i did not check the addresses though).
Below seems to summarize the main problem by the way :

https://i.imgur.com/EjdXS0v.jpg

Link : https://www.reddit.com/r/pivx/comments/cpy3ea/a_response_to_the_article_pivx_and_200_pos_chains/

Whoa, did not expect to see myself quoted from reddit.

I'm very curious how long the fix will take and if they decide to punish the offenders in any way.
legendary
Activity: 2548
Merit: 1245
Quote
There are some discrepancies with that Mr. Yoon seems to be basing his conclusions on.
There is more than 87 coins in this wallet. It’s over 11k.
    Main Address DHagKZ4ByFgxXe3txYysxqG5x6PvcSmwQS
    Owner Unknown
    Balance 11,625.05234493 PIVX
    Addresses 100
    with non zero-balance 100


Hmm,
Discrepancy
According to https://chainz.cryptoid.info/pivx/address.dws?DCLsuSttqkWABZkNvVHNbRFxWtTTHXYRMS.htm
Balance appears to be
Quote
Balance   90.12076074 PIVX
not the amount claimed by the Pivx devs,  Tongue


Yeah, i was wondering about that myself (i did not check the addresses though).
Below seems to summarize the main problem by the way :



Link : https://www.reddit.com/r/pivx/comments/cpy3ea/a_response_to_the_article_pivx_and_200_pos_chains/
member
Activity: 200
Merit: 73
Flag Day ☺
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote
The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past.  However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side  Shocked

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age


Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications  


So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.


Interesting information, thank you.

Pivx Team released a response to the article.
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/
Quote
There are some discrepancies with that Mr. Yoon seems to be basing his conclusions on.
There is more than 87 coins in this wallet. It’s over 11k.
    Main Address DHagKZ4ByFgxXe3txYysxqG5x6PvcSmwQS
    Owner Unknown
    Balance 11,625.05234493 PIVX
    Addresses 100
    with non zero-balance 100
 

Hmm,
Discrepancy
According to https://chainz.cryptoid.info/pivx/address.dws?DCLsuSttqkWABZkNvVHNbRFxWtTTHXYRMS.htm
Balance appears to be
Quote
Balance   90.12076074 PIVX
not the amount claimed by the Pivx devs,  Tongue
legendary
Activity: 2548
Merit: 1245
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote
The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past.  However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side  Shocked

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age


Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications  


So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.


Interesting information, thank you.
member
Activity: 200
Merit: 73
Flag Day ☺
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote
The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past.  However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side  Shocked

So far no proof of stake coins running with coin-age have been proven vulnerable.
Coins such as ZEIT use PoS version 1 with coin-age.

Proof of Stake Version 1 : Used Coin-Age


Proof of Stake Version 2 : Removed Coin-Age and moved to block depth

Proof of Stake Version 3: Used Block Depth and other modifications  


So far only PoS V3 coins have been shown to be affected.
Since Pivx did not actually fix their issue ,
the others using PoS v3 are probably still vulnerable even if they claimed a fix like the pivx team did.
legendary
Activity: 2548
Merit: 1245
https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/

Quote
The “overlapping” variable here is that 700+ projects have cloned the PIVX codebase at some point in the past.  However, my gut says there is a
fundamental issue in the way in which the consensus mechanism rewards which is being “gamed”, and that this is not exclusive to the PIVX network,
but rather is in the nature of the Proof of Stake itself

Looks like those "200 other blockchains" figure is on the conservative side  Shocked
legendary
Activity: 2548
Merit: 1245

Source picture : Cointelegraph article itself

Read more here : https://cointelegraph.com/news/pivx-possibly-other-pos-chains-vulnerable-to-bug-attackers-profit

Note : PIVX is a fork of Dash (forked from Dash v0.12.0.x) and is using a custom proof of stake (PoS) model.
Both PIVX and over 200 other PoS blockchains appear to be vulnerable to disproportionately high staking rewards.
Dash on the other hand does not have this vulnerability, because Dash has a proof of work (PoW) model.

Bitgreen (a PoS altcoin running on PIVX) stated it will start planning a migration from PIVX to Dash.

Quote
As a final solution, the BitGreen project plans to migrate from the still-vulnerable PIVX network to DASH on its next update

Link : https://beincrypto.com/pivx-response-to-network-vulnerability-casts-doubt-on-project/


Update : https://pivx.org/a-response-to-the-article-pivx-and-200-pos-chains-currently-vulnerable-chains-already-under-attack/
Jump to: