openvcash / vcash

A decentralized currency for the internet.
https://vcash.info
GNU Affero General Public License v3.0
36 stars 35 forks source link

Network Split Code (ZeroDay) Bug Comitted #20

Open xcoresucksatcode opened 7 years ago

xcoresucksatcode commented 7 years ago

Background Information:

A ZeroDay flaw has been introduced to the main codebase and released to the public. This ZeroDay flaw was not present until @xCoreDev created it. @xCoreDev 's code change has never been tested on the "mainnet" for edge cases. Quiick tested on "mainnet" reducing the activiation height of 705000 to 605000 and became forked (stuck) within the first 2 blocks.

Suspect code:

https://github.com/openvcash/vcash/blob/118ae80118158f8031aae3e850fe21672a9fb5ed/coin/src/block.cpp#L1971

Code comment that explains why @xCoreDev 's change will fork the network (votes are not consensus based as nodes may not see all votes or winners):

We accept the block as valid since we lack consensus.

Last Words:

Tested this on testnet and the network split so both the code comment and test confirm you've made a fatal code change. Join testnet and start mining immediately and watch your blocks get rejected but your chain keeps growing (other nodes have runners up and you don't because votes are not a consensus and not seen by all nodes, winners will vary across nodes).

Conclusion:

There is a 100% chance that post block 705000 this MUST be reverted and the chain will be rewound due to the many forks caused by lack of vote consensus (if you are missing a vote or winner you MUST send a "getivotes???" message or you WILL fork off and build your own private chain that rejects new votes as invalid since the block hash + height no longer match the vote score). This code change makes the network split into many parts starting after block 705000 as soon as the first node "lacks vote consensus" a chain reaction will occur resulting in mass banning and network fragmentation (split into many networks).

xcoresucksatcode commented 7 years ago

This flaw can be triggered remotely using a Sybil attack (run 8 nodes connected to the entire network) and censor/drop/alter(mutate) random incentive votes so other nodes hit this fatal code segment.

ghost commented 7 years ago

That sucks. This shit ain’t gonna go anywhere soon, unless somebody who knows what he’s doing takes over. Somebody who has the balls to explain what he’s doing. Somebody with a face and a name. Not gonna wait for that point in time any longer, glad to be out of this crap for good, you missed the boat.

chacham18 commented 7 years ago

You been saying something along those lines for months and nothing happened. Just a bunch of mambo jambo is what I read.

megaluck commented 7 years ago

xcoresucksatcode we all know it's you JC , why the heck dont you buy 500k Vcash from exchanges at start submitting PR to help out .

Finish what you started, every shitcoin id booming , we with one of the most advanced cryptos are still on this misery. Even with all the drama people would be open to have you help out . Help anonymously nobody needs to know its you

JohnVonNeumann commented 7 years ago

Is there a fix for this coming?

VcashCommunity commented 4 years ago

Background Information:

A ZeroDay flaw has been introduced to the main codebase and released to the public. This ZeroDay flaw was not present until @xCoreDev created it. @xCoreDev 's code change has never been tested on the "mainnet" for edge cases. Quiick tested on "mainnet" reducing the activiation height of 705000 to 605000 and became forked (stuck) within the first 2 blocks.

Suspect code:

https://github.com/openvcash/vcash/blob/118ae80118158f8031aae3e850fe21672a9fb5ed/coin/src/block.cpp#L1971

Code comment that explains why @xCoreDev 's change will fork the network (votes are not consensus based as nodes may not see all votes or winners):

We accept the block as valid since we lack consensus.

Last Words:

Tested this on testnet and the network split so both the code comment and test confirm you've made a fatal code change. Join testnet and start mining immediately and watch your blocks get rejected but your chain keeps growing (other nodes have runners up and you don't because votes are not a consensus and not seen by all nodes, winners will vary across nodes).

Conclusion:

There is a 100% chance that post block 705000 this MUST be reverted and the chain will be rewound due to the many forks caused by lack of vote consensus (if you are missing a vote or winner you MUST send a "getivotes???" message or you WILL fork off and build your own private chain that rejects new votes as invalid since the block hash + height no longer match the vote score). This code change makes the network split into many parts starting after block 705000 as soon as the first node "lacks vote consensus" a chain reaction will occur resulting in mass banning and network fragmentation (split into many networks).

@xcoresucksatcode Can you show us how to solve this problem?