No. Yours is a limited oscillation. This one would collapse it to 0.
Yeah, I realized it now, I haven't heard about that vulnerability for a while.
Topic: [TRC] [DISCLOSURE] Terracoin Difficulty Collapse Exploit - page 4. (Read 10168 times)
Yeah, I realized it now, I haven't heard about that vulnerability for a while.
No. Yours is a limited oscillation. This one would collapse it to 0.
Thank you SunnyKing for pointing this out to the TRC dev's!
Edit: nm, same as time travel with original solidcoin I think.
Following is a summary of the Terracoin vulnerability I communicated to Gavin and Terracoin developer. It is now fixed in the latest Terracoin release.
Summary: Possible manipulation of difficulty by a miner collusion, or a direct 51% attack, to collapse the difficulty and block generation interval to almost 0.
Impact Level: Critical.
Description: because terracoin employed a very short adjustment interval of 30 blocks, while the target spacing is 2-minute, below is what I come up with as an experimental attack scenario (not tested yet but just for illustration purposes for now). The way the attack works is that a miner collusion attempts to artificially inflates the time span of each retarget section. When the collusion gains momentum theoretically for terracoin I think the difficulty will collapse and block spacing drops close to 0. This is because terracoin 1) didn't fix the time travel vulnerability 2) used a too short retarget interval.
diff --git a/src/main.cpp b/src/main.cpp
index 87b8abf..f28ea0b 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1238,6 +1238,15 @@ void CBlock::UpdateTime(const CBlockIndex* pindexPrev)
{
nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());
+ // If the time-travel vulnerability is present (nActualTimeSpan is
+ // computed between the first and last block of the retarget section)
+ // the following patch can gradually attract miners to join a 'collusion':
+ // inflate nActualTimeSpan on both ends of the retarget section
+ if ((pindexPrev->nHeight+1) % nInterval == 0)
+ nTime = max(GetBlockTime(), GetAdjustedTime()) + 105 * 60;
+ else if ((pindexPrev->nHeight+1) % nInterval == 1)
+ nTime = pindexPrev->GetMedianTimePast()+1;
+
// Updating time can change work required on testnet:
if (fTestNet)
nBits = GetNextWorkRequired(pindexPrev, this);
Acknowledgement: this class of attack was first disclosed by ArtForz in 2011 I think. It's well known among bitcoin developers and old-time altcoin developers.
Summary: Possible manipulation of difficulty by a miner collusion, or a direct 51% attack, to collapse the difficulty and block generation interval to almost 0.
Impact Level: Critical.
Description: because terracoin employed a very short adjustment interval of 30 blocks, while the target spacing is 2-minute, below is what I come up with as an experimental attack scenario (not tested yet but just for illustration purposes for now). The way the attack works is that a miner collusion attempts to artificially inflates the time span of each retarget section. When the collusion gains momentum theoretically for terracoin I think the difficulty will collapse and block spacing drops close to 0. This is because terracoin 1) didn't fix the time travel vulnerability 2) used a too short retarget interval.
diff --git a/src/main.cpp b/src/main.cpp
index 87b8abf..f28ea0b 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1238,6 +1238,15 @@ void CBlock::UpdateTime(const CBlockIndex* pindexPrev)
{
nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());
+ // If the time-travel vulnerability is present (nActualTimeSpan is
+ // computed between the first and last block of the retarget section)
+ // the following patch can gradually attract miners to join a 'collusion':
+ // inflate nActualTimeSpan on both ends of the retarget section
+ if ((pindexPrev->nHeight+1) % nInterval == 0)
+ nTime = max(GetBlockTime(), GetAdjustedTime()) + 105 * 60;
+ else if ((pindexPrev->nHeight+1) % nInterval == 1)
+ nTime = pindexPrev->GetMedianTimePast()+1;
+
// Updating time can change work required on testnet:
if (fTestNet)
nBits = GetNextWorkRequired(pindexPrev, this);
Acknowledgement: this class of attack was first disclosed by ArtForz in 2011 I think. It's well known among bitcoin developers and old-time altcoin developers.
Jump to: