MottyLab / bitzeny

Bitzeny Plus core v0.16.7
MIT License
3 stars 0 forks source link

missing validation in <txdb.cpp> #1

Open cryptozeny opened 5 years ago

cryptozeny commented 5 years ago

https://github.com/MottyLab/bitzeny/blob/18e6981d5dded8b69f5400b2d501dd1647897a4a/src/txdb.cpp#L290

thanks for your work. however I wanna know why it removed and is it enough safe for block validation?

i think its LTC's way, but not for bitzeny...

                // Litecoin: Disable PoW Sanity check while loading block index from disk.
                // We use the sha256 hash for the block index for performance reasons, which is recorded for later use.
                // CheckProofOfWork() uses the scrypt hash which is discarded after a block is accepted.
                // While it is technically feasible to verify the PoW, doing so takes several minutes as it
                // requires recomputing every PoW hash during every Litecoin startup.
                // We opt instead to simply trust the data that is on your local disk.
                //if (!CheckProofOfWork(pindexNew->GetBlockHash(), pindexNew->nBits, consensusParams))
                //    return error("%s: CheckProofOfWork failed: %s", __func__, pindexNew->ToString());
fujicoin commented 5 years ago

It doesn't matter whether it is litecoin or bitzeny. There is no reasonable reason why this process is necessary. The judgment of litecoin is correct.

cryptozeny commented 5 years ago

i mean this removing is necessary only for getpowhash, because LTC uses sha256d for indexing. but ZNY is using yescrypt for indexing.

cryptozeny commented 5 years ago

anyway it works without (or with) this validation. but still i do not understand well. if you said so, what are the advantages and dis-advantages of this removal? (cons and pros)

fujicoin commented 5 years ago

Even if this verification is adopted, the bitzeny which has hashes DB does not have a big influence on the startup time. So you have no problem adopting it. However, there are no disadvantages if you do not use this verification.

cryptozeny commented 5 years ago

If we remove this validation check (BTC's one), is there any possibility of a security hole? I think we should use this validation. IMHO.

fujicoin commented 5 years ago

Please consider specifically in what case CheckProofOfWork () will be false. Blocks imported into the blockchain have passed CheckProofOfWork () in the past. So it would only be false if there is a data error on the disk. In this case, since the checksum does not match, it is an error that the data can not be read in the first place. In that case, I think that OS will stop. Please let me know if other cases can be considered.

bubasik commented 5 years ago

Do we have such a vulnerability? https://github.com/yentencoin/yenten

bubasik commented 5 years ago

As I understand it, Elicoin is vulnerable. compares blocks by hash sha256. https://github.com/elicoin/elicoin/blob/master/src/txdb.cpp

fujicoin commented 5 years ago

@bubasik Your words are too short to understand exactly what is the problem. Please describe more specifically. 日本語でもいいですよ。

bubasik commented 5 years ago

@fujicoin Is our coin affected by this vulnerability? I think that in coin Yenten there is no this problem, since It is made on the old code.

cryptozeny commented 5 years ago

@bubasik motty claims to have a problem on hashdb. I'm checking now. I do not know yet.

bubasik commented 5 years ago

@cryptozeny Thanks.