Closed chris2286266 closed 9 years ago
Hi, thanks for that. i was aware of this bug however i haven't found much of a need to fix it. 99% of pool ops i know of have moved over to NOMP, and other software. stratum is need of a major refactor to get it to a good standard. I'd be willing to implement this fix however i would say it might be a good idea to move to something like NOMP or UNOMP (a fork of NOMP with features that should have been added long ago)
refactor done here: https://github.com/Multicoin-co/stratum-mining/pull/2 now you can specify your own diff1 and algo
Due to a (obvious?) bug in template_registry.py all sha256d (and probably quark) pools using the current version (June, 26 2014) are affected. (I have not checked other versions and forks.)
I checked and proofed the vulnerability myself on my pool http://coinz.at/DEM which also was cheated. For testing I used the setup described in https://github.com/Crypto-Expert/stratum-mining/issues/313 using difficulty of 0.001 and poolers cpu-miner.
Reason:
Following expression in function diff_to_target is always true (and thus is wrong) if settings.COINDAEMON_ALGO == 'scrypt' or 'scrypt-jane':
This means, that ALL algos work with diff1 = 0x0000ffff00000000000000000000000000000000000000000000000000000000
This is incorrect for sha256d by factor 65535 (and quark by factor 255) and allows the exploit.
Suggested fix:
def diff_to_target(self, difficulty): '''Converts difficulty to target''' if settings.COINDAEMON_ALGO == 'scrypt': diff1 = 0x0000ffff00000000000000000000000000000000000000000000000000000000 elif settings.COINDAEMON_ALGO == 'scrypt-jane': diff1 = 0x0000ffff00000000000000000000000000000000000000000000000000000000 elif settings.COINDAEMON_ALGO == 'quark': diff1 = 0x000000ffff000000000000000000000000000000000000000000000000000000 elif settings.COINDAEMON_ALGO == 'sha256d': diff1 = 0x00000000ffff0000000000000000000000000000000000000000000000000000 else: '''default/fallback: diff of bitcoin/sha256d''' diff1 = 0x00000000ffff0000000000000000000000000000000000000000000000000000 return diff1 / difficulty
It took me a lot of hours (and nerves) to find this (obvious?) bug. If you appreciate my work, consider donating BTC 1NDSvWkyn4gQfLuud688zcocARuHiU4Qx2 or LTC LcZvuNVDcbDqV2Txr9GToYh4ZAhfGttxef
Cheers Chris