Pages:
Author

Topic: Regarding Auroracoin TW exploit (Fix included) - page 6. (Read 27362 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
So however asshole you are BCX, you are an asshole in a good way, thank you!



Please I work hard to be a regular asshole, don't paint me in a good light. Cheesy


~BCX~

I confirm that BCX is an asshole. Smiley
full member
Activity: 140
Merit: 100
I have looked over Dogecoin's implementation, and it is more than likely vulnerable as well.  It is hard to say however, because Dogecoin has a significantly higher hash rate than most other coins and has included a dampening on the adjustment.

Correct me if I am wrong, but I don't think DOGE uses KGW.

Edit: NVM, just read the dev blog and saw they implemented DigiShield in the last update, v1.6.
legendary
Activity: 1242
Merit: 1020
No surrender, no retreat, no regret.
This bug is possible due to no hard limiter at all for difficulty adjustments as well as a large allowance for the future time stamps. EventHorizonDeviation is an averaging factor and doesn't work as a limiting factor. It isn't really supposed to. A retarget code which allows difficulty abuse of such extreme magnitude like with AUR recently isn't a good one. By the way, how many coin developers have copied KGW to their coins without having a good understanding of the internals just because it's a popular trend? That's a rhetorical question.
sr. member
Activity: 477
Merit: 500
Every coin that uses KGW should apply the fix as well asap right?
Yes, I think so.

Any idea if digishield or dgw (version2) are susceptible to the same exploit?
Have not yet dig too deeply on it, but:
Digishield: not the same, but possibly similar. KGW counts a lot of blocks to calculate adjustment, digishield only one, so it quite different. In KGW, attacker can 'jump over' the block in the future, which is not possible with only 1 block. Not yet sure, but there might be another TW exploit: Can you generate 2 blocks with dT less than 2xtarget so difficulty won't rise? If you generate block with dT 0, you get diff +25%, if I calculated correctly. next question: can you generate a block with -25% difficulty with less than 2*timespan? I think you get only -12.5% with 2 blocks time, so this hole is not open :-). But not sure if there are others.
 Edit: this is dogecoin digishiel, don't know others..

DGW: possibly, quick peek reveals no fix, but it might be there, have to make deeper look at it to be sure.



I must make a re-estimate on digishield. It does allow back to median 11 blocks, ie one can go back in time.
1 Go to the future 12:00:00 -> get diff -50%
2 Go back 11:59:30 -> get diff +25%

Yes, there is attack vector.
sr. member
Activity: 448
Merit: 250
Good going BCX. This is what I want to see from old/senior members. And apology for calling you a scammer in other threads. I will remove those.
legendary
Activity: 1025
Merit: 1000
ltex.nl
I added the fix to the original post, feel free to update your coins. If someone want to give this a fancy name, just go ahead!

Great job mate! How about "GoodNite"  Grin
sr. member
Activity: 477
Merit: 500
I added the fix to the original post, feel free to update your coins. If someone want to give this a fancy name, just go ahead!
newbie
Activity: 51
Merit: 0
The foundation of all cryptocurrencies is an agreement
[...]
So however asshole you are BCX, you are an asshole in a good way, thank you!
First thing is a nice idea but as has become more than obvious again and again basing things solely on trust is usually a very bad idea. You talked about algorithms having to be improved too and that being part of that "agreement" to which I entirely agree.

The last thing however was unneeded imho though, but hey, I doubt BCX will cry about it Wink
legendary
Activity: 938
Merit: 1000
Please try to keep my post in context. Thanks. I hear what you are saying though. I think BCX is probably not expecting any sorry.

EDIT: I did fail to read this:


Of note also, it appears that Balduro is actually delivering the Air Drop as promised. I cannot 100% verify that yet and the method he used screams scam. However I am not above admitting mistakes and it is certainly appearing that Balduro has made the all time mother of implementing the right idea with the wrong execution!

More to come on this as I dig deeper.


~BCX~

Well I didn't see that one coming.  Kudos to BCX for being the man and admitting his error.

I guess this is fair enough. I do think many were trying to tell him this, some in a not so nice way, but many were trying to use level reasoning. I am gonna chalk it up to the fact that there are many horrible scams out there and there is no doubt that AUR (I believe unintentionally) opened the door to scamcoins to use this model of coin.
sr. member
Activity: 420
Merit: 263
let's make a deal.
Wow, BCX has a conscience! I am sure there will be no "I may have been wrong about the devs intentions" or "sorry." This will be touted as an abject lesson.
yeah i doubt anybody will apologize to BCX either for all that shittalk, but nbd it's only altcoins.
legendary
Activity: 938
Merit: 1000
Wow, BCX has a conscience! I am sure there will be no "I may have been wrong about the devs intentions" or "sorry." This will be touted as an abject lesson. That said, as awkward as this may all be for both parties to come to terms here, it is good to see that BCX is keeping his word. Both the threat of attack and now working on a resolution to mitigate the harm. Well done sir, just wish it could have been directed at more deserving coins. In the end you are making a contribution.
hero member
Activity: 756
Merit: 500
DGW is not exploitable. It is not effected by this exploit, this has been confirmed. Darkcoin > *.

Sounds like a challenge if I ever read one...
hero member
Activity: 658
Merit: 534
Every coin that uses KGW should apply the fix as well asap right?
Yes, I think so.

Any idea if digishield or dgw (version2) are susceptible to the same exploit?
Have not yet dig too deeply on it, but:
Digishield: not the same, but possibly similar. KGW counts a lot of blocks to calculate adjustment, digishield only one, so it quite different. In KGW, attacker can 'jump over' the block in the future, which is not possible with only 1 block. Not yet sure, but there might be another TW exploit: Can you generate 2 blocks with dT less than 2xtarget so difficulty won't rise? If you generate block with dT 0, you get diff +25%, if I calculated correctly. next question: can you generate a block with -25% difficulty with less than 2*timespan? I think you get only -12.5% with 2 blocks time, so this hole is not open :-). But not sure if there are others.
 Edit: this is dogecoin digishiel, don't know others..

DGW: possibly, quick peek reveals no fix, but it might be there, have to make deeper look at it to be sure.

DGW is not exploitable. It is not effected by this exploit, this has been confirmed. Darkcoin > *.
legendary
Activity: 1358
Merit: 1002
Yes per our agreement I will pull back the exploit and allow a fix.
I am most definitely a person of my word. The conditions that solve for a solution have been met.

Why does Nite69 say "allow" a fix?

As explained by Nite69 I am gaining on the chain with a current running KGW TW. In order to prevent me from gaining and over taking the current AUR blockchain AUR needs 25X my mining power at a minimum, something the miners have proven they have little interest in doing. As such, it is just a matter of time before the TW catches up and is in full implementation.

In order to deploy the "fix" a new client will need to be released and another hard fork implemented. If the TW exploit isn't pulled back before the hard fork, it will instantly catch up at the next hard fork due to diff swings and be in full full implementation. So either way I win, fix it or don't fix it.

Nite69 is very correct, I have no real desire to destroy AUR as initially I was only going to run a test for a few hundred blocks. The concesion by the AUR development is sufficient for me. Understand this is enabled by KGW and was not a vulnerability till KGW was implemented. All coins that deploy KGW are vulnerable.


~BCX~

BCX, in the tecnical point of view; you are perfectly right. The algorithm implementation calculating the difficulty adjustments allow you to use your hashing power to generate a competing blockchain which would win the official blockchain. There is no doubt of that.

But the technical point of view is not the only one. The foundation of all cryptocurrencies is an agreement of all nodes to follow certain rules, which ends up in the possibility to agree about the generation and transaction of the currencies. The implementation of that agreement is the algorithms behind the currency.

This is also one protetion of the coins; if majority of the nodes agrees not to choose a hostile chain, they really can do it, they can reject it, regardless of the hashing power behind it. Technically this rejection would be accomplished by publishing a checkpoint from the official chain and all nodes accepting it. I'm not sure if it would have happened on this case, but I want to believe so. If this community values the coin enought, they will also protect it against all threats.

There is also no doubt, that a succesfull attack like that would in any case cause a lot of damage. But my opinion is, it likely would not have destroyed the coin.

However, this case also emphasizes the importance of the strength of the algorithms behind the coin. Those algorithms are the agreement and they should be tested all the time. In the end, these tests only strenghten the agreements and also the coin and increase trust to it. So however asshole you are BCX, you are an asshole in a good way, thank you!


This has been a well known exploit ever since KGW was starting to get popular, I was lucky with my coin and was notified of this exploit early so that I could make a hasty update and stop it from happening. I am surprised that NO ONE in the AUR knew about the exploit and/or said anything until BCX implemented the TW. Even Darkcoin saw it coming and made a supposed "fix".

the principles or kgw was used, but the code was rewritten with new algorithms to make it react better to incoming changes regarding block generation time. also the potential attack vector of time delution was automatically fixed in what became dgw
sr. member
Activity: 322
Merit: 250
Spray and Pray
Yes per our agreement I will pull back the exploit and allow a fix.
I am most definitely a person of my word. The conditions that solve for a solution have been met.

Why does Nite69 say "allow" a fix?

As explained by Nite69 I am gaining on the chain with a current running KGW TW. In order to prevent me from gaining and over taking the current AUR blockchain AUR needs 25X my mining power at a minimum, something the miners have proven they have little interest in doing. As such, it is just a matter of time before the TW catches up and is in full implementation.

In order to deploy the "fix" a new client will need to be released and another hard fork implemented. If the TW exploit isn't pulled back before the hard fork, it will instantly catch up at the next hard fork due to diff swings and be in full full implementation. So either way I win, fix it or don't fix it.

Nite69 is very correct, I have no real desire to destroy AUR as initially I was only going to run a test for a few hundred blocks. The concesion by the AUR development is sufficient for me. Understand this is enabled by KGW and was not a vulnerability till KGW was implemented. All coins that deploy KGW are vulnerable.


~BCX~

BCX, in the tecnical point of view; you are perfectly right. The algorithm implementation calculating the difficulty adjustments allow you to use your hashing power to generate a competing blockchain which would win the official blockchain. There is no doubt of that.

But the technical point of view is not the only one. The foundation of all cryptocurrencies is an agreement of all nodes to follow certain rules, which ends up in the possibility to agree about the generation and transaction of the currencies. The implementation of that agreement is the algorithms behind the currency.

This is also one protetion of the coins; if majority of the nodes agrees not to choose a hostile chain, they really can do it, they can reject it, regardless of the hashing power behind it. Technically this rejection would be accomplished by publishing a checkpoint from the official chain and all nodes accepting it. I'm not sure if it would have happened on this case, but I want to believe so. If this community values the coin enought, they will also protect it against all threats.

There is also no doubt, that a succesfull attack like that would in any case cause a lot of damage. But my opinion is, it likely would not have destroyed the coin.

However, this case also emphasizes the importance of the strength of the algorithms behind the coin. Those algorithms are the agreement and they should be tested all the time. In the end, these tests only strenghten the agreements and also the coin and increase trust to it. So however asshole you are BCX, you are an asshole in a good way, thank you!


This has been a well known exploit ever since KGW was starting to get popular, I was lucky with my coin and was notified of this exploit early so that I could make a hasty update and stop it from happening. I am surprised that NO ONE in the AUR knew about the exploit and/or said anything until BCX implemented the TW. Even Darkcoin saw it coming and made a supposed "fix".
legendary
Activity: 1291
Merit: 1000

Of note also, it appears that Balduro is actually delivering the Air Drop as promised. I cannot 100% verify that yet and the method he used screams scam. However I am not above admitting mistakes and it is certainly appearing that Balduro has made the all time mother of implementing the right idea with the wrong execution!

More to come on this as I dig deeper.


~BCX~

Well I didn't see that one coming.  Kudos to BCX for being the man and admitting his error.
full member
Activity: 154
Merit: 100
Good stuff guys.

Glad to see the community coming together on this one..
legendary
Activity: 996
Merit: 1013
So however asshole you are BCX, you are an asshole in a good way, thank you!

There's a special term for this kind of individual.

Quote
The trickster deity breaks the rules of the gods or nature, sometimes maliciously (for example, Loki) but usually with ultimately positive effects (though the trickster's initial intentions may have been either positive or negative). Often, the bending/breaking of rules takes the form of tricks (e.g. Eris) or thievery.
sr. member
Activity: 477
Merit: 500
Yes per our agreement I will pull back the exploit and allow a fix.
I am most definitely a person of my word. The conditions that solve for a solution have been met.

Why does Nite69 say "allow" a fix?

As explained by Nite69 I am gaining on the chain with a current running KGW TW. In order to prevent me from gaining and over taking the current AUR blockchain AUR needs 25X my mining power at a minimum, something the miners have proven they have little interest in doing. As such, it is just a matter of time before the TW catches up and is in full implementation.

In order to deploy the "fix" a new client will need to be released and another hard fork implemented. If the TW exploit isn't pulled back before the hard fork, it will instantly catch up at the next hard fork due to diff swings and be in full full implementation. So either way I win, fix it or don't fix it.

Nite69 is very correct, I have no real desire to destroy AUR as initially I was only going to run a test for a few hundred blocks. The concesion by the AUR development is sufficient for me. Understand this is enabled by KGW and was not a vulnerability till KGW was implemented. All coins that deploy KGW are vulnerable.


~BCX~

BCX, in the tecnical point of view; you are perfectly right. The algorithm implementation calculating the difficulty adjustments allow you to use your hashing power to generate a competing blockchain which would win the official blockchain. There is no doubt of that.

But the technical point of view is not the only one. The foundation of all cryptocurrencies is an agreement of all nodes to follow certain rules, which ends up in the possibility to agree about the generation and transaction of the currencies. The implementation of that agreement is the algorithms behind the currency.

This is also one protetion of the coins; if majority of the nodes agrees not to choose a hostile chain, they really can do it, they can reject it, regardless of the hashing power behind it. Technically this rejection would be accomplished by publishing a checkpoint from the official chain and all nodes accepting it. I'm not sure if it would have happened on this case, but I want to believe so. If this community values the coin enought, they will also protect it against all threats.

There is also no doubt, that a succesfull attack like that would in any case cause a lot of damage. But my opinion is, it likely would not have destroyed the coin.

However, this case also emphasizes the importance of the strength of the algorithms behind the coin. Those algorithms are the agreement and they should be tested all the time. In the end, these tests only strenghten the agreements and also the coin and increase trust to it. So however asshole you are BCX, you are an asshole in a good way, thank you!
hero member
Activity: 965
Merit: 515

Did you read the post by Balduro, the founder and Nite69, the developer brought on by the Auroracoin Team? The exploit is live and is working or else I can assure you an agreement would not have been reached. I am satisfied with the agreement and you as an investor should be satisfied with that.

Of note also, it appears that Balduro is actually delivering the Air Drop as promised. I cannot 100% verify that yet and the method he used screams scam. However I am not above admitting mistakes and it is certainly appearing that Balduro has made the all time mother of implementing the right idea with the wrong execution!

More to come on this as I dig deeper.


~BCX~


I am not an investor. If I believed in Aurora I had mined it from the start.. but I thought that it is so obvious to anyone that it's a concept to make the dev rich that no one will mine or buy it. I guess I was wrong at that.

I am more into other coins and didn't read up what the Aurora dev posted.
I can check however then this are just 3 ppl for me that say it is so which has not much more value to me except there are some data and that's what I had liked to see. I am curious of such things. Smiley
Pages:
Jump to: