search

X-CASH-official / xcash-core

📦 First Cryptonote coin with public & private transactions, custom DPOS consensus
https://xcash.foundation
Other
66 stars 20 forks source link

Delegate function fail with only one node called #7

Closed picatextra closed 4 years ago

picatextra commented 4 years ago

In delegate functions ,there is a loop that is used to send a request to a random network data node to retrieve the list of current block verifiers The send_and_receive_data throws an exception if the node is offline (or any error).

Result of this bug the following functions will fail at first call of send_and_receive_data if the node is offline.

simple_wallet::vote
simple_wallet::delegate_register
simple_wallet::delegate_remove
simple_wallet::delegate_update
wallet_rpc_server::on_vote
wallet_rpc_server::on_delegate_register
wallet_rpc_server::on_delegate_remove
wallet_rpc_server::on_delegate_update
t_rpc_command_executor::verify_round_statistics
check_block_verifier_node_signed_block

Steps to reproduce

In /src/common/send_and_receive_data.cpp

add a trace :

std::string send_and_receive_data(std::string IP_address,std::string data2)
{
  std::cout << IP_address << " ... " << std::endl;;

Result when calling vote :

[wallet XCA1ZW]: vote test
Wallet password: 
europe3.xcash.foundation ... 
Error: Failed to send the vote

Only one node call and the vote failed Others node are not called

zachhildreth commented 4 years ago

Hi @picatextra Yes I can confirm that if it fails to find a block verifier in the loop, it will stop the whole registration process etc

This behavior has been changed in this commit

We are awarding the bug bounty for this bug to you!

CVSS Score

We have determined that the CVSS score for this bug is a 0

So according to the Bug Bounty official documentation this bug qualifies for a award between $5.00 and 25.00 USD

We have calculated the final amount in USD based on the following criteria

Question Answer
How long I have spent on the bug N/A
How often does the bug occur If a block verifier is offline
Was there any modification to the code to create the bug NO
Did the user provide a full code fix NO
Did the bug have to do with multi-threading NO
Could the tester use a debugger, static analysis or both both
Are we currently in Alpha, Beta or Live implementation of DPOPS ALPHA

Based on the above the team has decided that the final awarded amount will be $10.00 USD

Please post a X-CASH Wallet address in the comments, and we will send the payment in a public transaction, post the transaction hash and then close the issue.

Thank you for helping out the DPOPS by finding this bug.

picatextra commented 4 years ago

XCA1ka4bXH1bnvdT8vti1S12PfyH8fJ5XDUXyNRusyMRTBfFCawywJyCV5vvG38h71GAv77WotbmwbmbJen5bQpC7GeVx8gSws

zachhildreth commented 4 years ago

Date: 2019-10-21 Amount (USD): $10 Amount (XCASH): 311089.83 XCASH Spot Price: 0.0000321450563020242 USD/XCASH XCASH Address: XCA1ka4bXH1bnvdT8vti1S12PfyH8fJ5XDUXyNRusyMRTBfFCawywJyCV5vvG38h71GAv77WotbmwbmbJen5bQpC7GeVx8gSws Tx Hash: 1b19ff8baacbb7dd72c2b46a7d5b410caf9063b2a3e8bb68652d265a9d00a02d Link: https://explorer.x-cash.org/Transaction?data=1b19ff8baacbb7dd72c2b46a7d5b410caf9063b2a3e8bb68652d265a9d00a02d "Bounty Paid ✅