Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 704. (Read 4671660 times)

100% of attacks take this form. Some code (or occasionally hardware) processes input in a manner that was not intended which makes it exploitable, and a malicious party identifies that input and submits it to carry out the attack. Nothing unusual here.

That is incorrect.  A malicious party crafted a v2 block causing the split so in essence there was an attack, that block did not come about on its own.  This was possible due to a bug in the code which allowed a v2 block to be crafted at this point in time.

LOL, never even noticed. Finding the Craptsy drama hilarious. It's not like this forum hasn't been warned for at least a year.

I realize that the Devs are volunteers, if not I would have really come down ages ago. This scene is not even remotely operated in a professional manner. This is more a sign of disorganization as opposed to one of incompetence. I think sometimes the scope of this project is forgotten. This project sits on a razors edge and can go either way. The organizational structure is fine for a project that is not trying to change the world but this project is held to higher standards and rightly so. All funding requests for the roadmap have been met as far as I've seen and if another position is needed then it is the devs job to bring that up to the community. We are sitting on the outside with not much more than faith and pull requests. AFA the chant "Shutup if your not contributing" that is a nothing but a Ad hominen. Contributing comes in many forms, time is not the least of which. The barriers to entry for coding this coin look intentionally conflated. The first thing a project manager is going to do when starting or taking on a project is to check the documentation and that includes the logic tree which I asked for over a year ago and still have yet to see. Commenting code is not a substitute for a simple flowchart.

BTW I just got rivered (poker) for a butt-ton so I'm pissy at the moment.




Thanks smooth, can you link tewinget's work please?


Again, bad day all around so I'm being a bit of a dick, I know it but sometimes someone has to be the one to say the emperor is not wearing cloths.

Yes it was a bug that allowed the v2 block to enter the blockchain too soon. The code was exploited not attacked and this caused the network consensus to fail and split into several blockchains. There needn't be any debate on what happened. A bug was at fault not an attacker.

Thanks, forgot that one, but added it above.

I agree it is a valid question, just posted a general remark. Wolf's miner development is nearly done as far as I know, his unofficial (not pushed on github yet) miner even outperforms that of claymore if I recall correctly. Also, I think tewinget is doing or did some work on cleanup and documentation.

I think the question on who is active is valid.

In addition to the commits you see on github (mostly moneromooo, fluffypony, recently some from hyc, occ. others), other people regularly involved with testing, code reviews, debugging, and design decisions are myself, warptangent, tacotime, luigi, and othe, plus occ. others. Shen is actively developing the ringCT stuff (currently working on C++ code for it). NoodleDoodle does, well, whatever amazing things he feels like doing such as a the massive optimization rework that took months. He seems to prefer working independently. Wolf recently did some miner development but I think that is winding down. Finally, tewinget is doing or did some work on cleanup and documentation.

All are welcome.

EDIT: added tewinget's cleanup and documentation work.

We got added a while ago lol -> https://www.cryptsy.com/markets/view/XMR_BTC

Also, as a general remark to your post, bear in mind that most people working on Monero are merely volunteers and got day jobs, and/or companies to run as well. Therefore, their time is mostly limited. On top of that, resources are kind of limited.

Possibly, I don't doubt a thread looking for a security position on the team would not go unfilled. Maybe we should ask BTCExpress?


Nice to see you back in the thread, been awhile. I know it's frustrating after all the work you guys put in but this edge case seems so basic. I'm guessing you guys don't have someone that's position is Project Manager? I can see how many people working on various parts of a project can allow these things to slip through but this is not a website we are talking about where people are buying tic-tacs. This has been in the works and delayed for quite awhile and the reason for that was because Of the testing going on, correct? AFA helping, well that's not possible, 20 years ago yes but not these days unfortunately. Could you answer my question on which devs are actively participating in the project currently?

BTW, does anyone have that link for voting on craptsy? I think it's about time we got added right?

Ohh and good job on the quick response guys.

Thanks for the fast fix.  Updated here. 

We have a pretty comprehensive test suite, and this was an oversight in the tests - we missed adding one for this edge-case.

As always, this is an open-source project, feel free to submit a pull-request to expand the unit tests and core tests.

To get you started, here are all the unit tests: https://github.com/monero-project/bitmonero/tree/master/tests/unit_tests

And here are the hard fork unit tests we've created: https://github.com/monero-project/bitmonero/blob/master/tests/unit_tests/hardfork.cpp

I look forward to your first pull request, and thanks for offering to help!

If you can round up such people I am sure the dev team would be more than willing to accommodate their "testing/hacking" of testnet versions before release.  Do you know such volunteers that would do it for the accolades?

thanks for the fix. my node was stuck too.
give it some time, network will recover fast.

no matter how good the devs are, bugs will happen. i can imagine how it happend.


if you forget something you forget something..if you are unlucky, it was something important.

also i think its important to mention one of the testing principles here: testing can only show the presence of bugs, but never proove their absence

so the right amount of testing is always hard to find.


but i agree, its a mistake in a place where there definetely should not be one.

Nice. Thanks. Upgraded

Everyone that is running 0.9 needs to mandatory upgrade to 0.9.1!!

https://github.com/monero-project/bitmonero/releases/tag/v0.9.1

Again, mandatory upgrade for everyone that is running 0.9

This resolves the issues caused by the malicious fork which is described here -> https://forum.getmonero.org/1/news-announcements-and-editorials/2452/monero-network-malicious-fork-from-block-913193-updates-and-resolution



EDIT: All pools listed here seem to be on the correct chain -> https://monerohash.com/#network

Sorry, I tried to clarify and messed up. 

The quoting above is misleading. I was responding to:


There was no apparent connection to the increase in the hash rate earlier in the week.

Isn't the time window for the complexity small enough that the chain forking in two would have a visible impact on the computed hashrate?
If the miners work equally on each fork forever, the computed hashrate on each side is half of the initial one.

Absolutely. If anything the community should have more trust (not less) in the Monero development team after this.

I don't know of any major software that doesn't need patches or updates. Look at Bitcoin or Windows for obvious examples. So just because there was an issue is not the big deal since that happens with 99% of software. The main point is that the devs jumped on it quickly, provided a patch, and are continuously providing updates...that should be the focus imho.