Topic: Regarding Auroracoin TW exploit (Fix included) - page 6. (Read 27339 times)

I confirm that BCX is an asshole.

Correct me if I am wrong, but I don't think DOGE uses KGW.

Edit: NVM, just read the dev blog and saw they implemented DigiShield in the last update, v1.6.

This bug is possible due to no hard limiter at all for difficulty adjustments as well as a large allowance for the future time stamps. EventHorizonDeviation is an averaging factor and doesn't work as a limiting factor. It isn't really supposed to. A retarget code which allows difficulty abuse of such extreme magnitude like with AUR recently isn't a good one. By the way, how many coin developers have copied KGW to their coins without having a good understanding of the internals just because it's a popular trend? That's a rhetorical question.

I must make a re-estimate on digishield. It does allow back to median 11 blocks, ie one can go back in time.
1 Go to the future 12:00:00 -> get diff -50%
2 Go back 11:59:30 -> get diff +25%

Yes, there is attack vector.

Good going BCX. This is what I want to see from old/senior members. And apology for calling you a scammer in other threads. I will remove those.

Great job mate! How about "GoodNite" 

I added the fix to the original post, feel free to update your coins. If someone want to give this a fancy name, just go ahead!

First thing is a nice idea but as has become more than obvious again and again basing things solely on trust is usually a very bad idea. You talked about algorithms having to be improved too and that being part of that "agreement" to which I entirely agree.

The last thing however was unneeded imho though, but hey, I doubt BCX will cry about it

Please try to keep my post in context. Thanks. I hear what you are saying though. I think BCX is probably not expecting any sorry.

EDIT: I did fail to read this:


I guess this is fair enough. I do think many were trying to tell him this, some in a not so nice way, but many were trying to use level reasoning. I am gonna chalk it up to the fact that there are many horrible scams out there and there is no doubt that AUR (I believe unintentionally) opened the door to scamcoins to use this model of coin.

yeah i doubt anybody will apologize to BCX either for all that shittalk, but nbd it's only altcoins.

Wow, BCX has a conscience! I am sure there will be no "I may have been wrong about the devs intentions" or "sorry." This will be touted as an abject lesson. That said, as awkward as this may all be for both parties to come to terms here, it is good to see that BCX is keeping his word. Both the threat of attack and now working on a resolution to mitigate the harm. Well done sir, just wish it could have been directed at more deserving coins. In the end you are making a contribution.

Sounds like a challenge if I ever read one...

DGW is not exploitable. It is not effected by this exploit, this has been confirmed. Darkcoin > *.

the principles or kgw was used, but the code was rewritten with new algorithms to make it react better to incoming changes regarding block generation time. also the potential attack vector of time delution was automatically fixed in what became dgw

This has been a well known exploit ever since KGW was starting to get popular, I was lucky with my coin and was notified of this exploit early so that I could make a hasty update and stop it from happening. I am surprised that NO ONE in the AUR knew about the exploit and/or said anything until BCX implemented the TW. Even Darkcoin saw it coming and made a supposed "fix".

Well I didn't see that one coming.  Kudos to BCX for being the man and admitting his error.

Good stuff guys.

Glad to see the community coming together on this one..

There's a special term for this kind of individual.

BCX, in the tecnical point of view; you are perfectly right. The algorithm implementation calculating the difficulty adjustments allow you to use your hashing power to generate a competing blockchain which would win the official blockchain. There is no doubt of that.

But the technical point of view is not the only one. The foundation of all cryptocurrencies is an agreement of all nodes to follow certain rules, which ends up in the possibility to agree about the generation and transaction of the currencies. The implementation of that agreement is the algorithms behind the currency.

This is also one protetion of the coins; if majority of the nodes agrees not to choose a hostile chain, they really can do it, they can reject it, regardless of the hashing power behind it. Technically this rejection would be accomplished by publishing a checkpoint from the official chain and all nodes accepting it. I'm not sure if it would have happened on this case, but I want to believe so. If this community values the coin enought, they will also protect it against all threats.

There is also no doubt, that a succesfull attack like that would in any case cause a lot of damage. But my opinion is, it likely would not have destroyed the coin.

However, this case also emphasizes the importance of the strength of the algorithms behind the coin. Those algorithms are the agreement and they should be tested all the time. In the end, these tests only strenghten the agreements and also the coin and increase trust to it. So however asshole you are BCX, you are an asshole in a good way, thank you!

I am not an investor. If I believed in Aurora I had mined it from the start.. but I thought that it is so obvious to anyone that it's a concept to make the dev rich that no one will mine or buy it. I guess I was wrong at that.

I am more into other coins and didn't read up what the Aurora dev posted.
I can check however then this are just 3 ppl for me that say it is so which has not much more value to me except there are some data and that's what I had liked to see. I am curious of such things.