MotoAcidic
commented
5 years ago Open MotoAcidic opened 5 years ago
MotoAcidic
commented
5 years ago 
ghost
commented
5 years ago Their apparent 'fix' on LGS was to raise MN rewards to 99%. Yet a detailed explanation of how this should fix the vulnerability has not been given.
MotoAcidic
commented
5 years ago Yea that is not a fix at all lol
ghost
commented
5 years ago My interpretation exactly. Have asked for clarification. https://github.com/lgsproject/LogisCoin/issues/1
onestan2
commented
5 years ago Ah... I see. I don't have access to the LGS codebase and will point that out to the other devs. I'll update LPC on the last part. Thanks.
hbastidas
commented
5 years ago hello guys, it's a pleasure to write to you, you've been warned of this problem for this coin, I'm writing from Venezuela, I hope to help you if necessary, I've been seeing what you've done, but if you update me more I could be more effective.
onestan2
commented
5 years ago Thanks! For this repository and current issue, the codebase is an older fork of PIVX. The initial PR that I did did not work properly as the examples were from a newer fork of PIVX codebase. It's necessary to code the solution to fix the issue with the appropriate unit test to (a) demonstrate the exploit and (b) demonstrate a successful fix of the exploit in the test. I'm not sure if you've had a proper orientation from our LPC VZ contact but the statements of work should be pretty clear on what should be done. DM me if you have questions. Connecting with you now.
hbastidas
commented
5 years ago yes, i have spoken in Caracas with representatives of LPC-vzl so i write here, well if i will do a fork of current pivx and try to run current chain lpc on that code base in a new protocol, so we use the modifications and pivx support.
MotoAcidic
commented
5 years ago Current PIVX is on 3.2 and you are running 2.3 on LPC you will run into errors and it will not work at all. They just need to fix their code base and actually show their commits this wouldn't be an issue.
hbastidas
commented
5 years ago Well, I will make it work.
MotoAcidic
commented
5 years ago Its clear this project leader is not willing to fix the issues so im closing this.
onestan2
commented
5 years ago @hbastidas has been assigned.
hbastidas
commented
5 years ago Hey, guys. @MotoAcidic @onestan2
I've been conducting experiments here,
and with good results, I don't know if they can keep an eye on him and maybe we all end up giving him the push he needs.
https://github.com/hbastidas/PIVX/commit/596f435f6faf6d46596b8c294f7af5d142b2e0d5
onestan2
commented
5 years ago Cool @hbastidas! I really do appreciate your help! When you are ready for the PR, please let me know.
You did not apply any code to fix this exploit. https://github.com/lpcproject/LightPayCoin/blob/7ffd157817e585338d2747eb6d930bdb910c8a6a/src/main.cpp#L2536 https://github.com/lpcproject/LightPayCoin/blob/7ffd157817e585338d2747eb6d930bdb910c8a6a/src/main.cpp#L2304 those are the areas you needed to apply this code!!! If you are unable to figure it out please look at a few projects that have done so. https://github.com/Galilel-Project/galilel/commit/f1c373c7f66e4582ba0ac6cf170e0e3ab23fb9ce