Replay Protection Implementation #51
Comments
martin-key
changed the title
|
I'll take a stab at this, even though someone with more BTC experience will probably stomp me. Building project now. |
|
Great! We also have one person working on this and maybe we can collaborate to speed up the progress. (All the bounty belongs to you.) |
|
Collab == good. I'm on Bitcoin Gold slack as LxF77. |
|
I thought this was a "work in progress" for the last 2+ weeks? If that's the case, share the branch for bounty hunters to have a starting point. |
|
@StarbuckBG where will you get the 250+50 BTG? If you fork the BTC blockchain, you need that amount in BTC today. |
|
No. When the fork happens and wallet is available you will be paid.
… On 21 Oct 2017, at 19:54, Lea MM ***@***.***> wrote:
@StarbuckBG <https://github.com/starbuckbg> where will you get the 250+50 BTG? If you fork the BTC blockchain, you need that amount in BTC today.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#51 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADrjrVsl4HAiFLJCM18tFP634UXS-cusks5suiGzgaJpZM4QBACc>.
|
|
paid whit BTG? ok, where do you get it? you need to make a transaction to my wallet. and the inputs came from another wallet. these 250+50 can not "appear magically", thay need to exists in the BTG blockchain. |
|
They will be paid as soon as the network is started.
Having your name and eventually your commit will be proof that you have completed the issue. We will add the transaction to the ticket on closing it as a proof that we have paid to you.
… On 21 Oct 2017, at 20:09, Lea MM ***@***.***> wrote:
paid whit BTG? ok, where do you get it? you need to make a transaction to my wallet. and the inputs came from another wallet. these 250+50 can not "appear magically", thay need to exists in the BTG blockchain.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#51 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADrjrScZZLTL_kPaObQsKnBt52ZlGLOFks5suiVMgaJpZM4QBACc>.
|
|
I think you are not answering my question. |
|
There is a premining with time locked funs for the next 3 years.
Most of the funds are for development and dev bounties.
… On 21 Oct 2017, at 20:18, Lea MM ***@***.***> wrote:
I think you are not answering my question.
Where will you get 250+50 BTG to pay me?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#51 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADrjrUnZjTRT9pndN7vPA7GfxcCZ47F2ks5suidKgaJpZM4QBACc>.
|
|
ok, thanks for your answer. |
|
Then, if I solve this I will be payed with 250 BTG locked for the next 3 years? Sounds great! |
|
If you solve it, you get the 250 BTG after the mainnet is started.
…Sent from my iPhone 7 plus
On Oct 22, 2017, at 8:41 AM, Fabián Gonzalo Artur de la Villarmois ***@***.***> wrote:
Then, if I solve this I will be payed with 250 BTG locked for the next 3 years? Sounds great!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
So the premine is not time locked after all? Because otherwise you would need 250 BTC right now. |
|
75% of the premine is locked for the next 3 year.
25% are released on launch to support the dev bounties and the need of servers, infrastructure etc.
…Sent from my iPhone 7 plus
On Oct 22, 2017, at 11:21 AM, Elias ***@***.***> wrote:
So the premine is not time locked after all? Because otherwise you would need 250 BTC right now.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Just cherry-pick it from bitcoin-abc what a problem. |
|
200k premine, that's lots of bounty hunting :> |
|
Replay protection has todo with time() |
|
Maybe change to "will"
|
|
mainnet will not launch without 2way replay protection, it's cooking, so |
|
Bounty for a critical feature opened 4 days before the planned fork. What could possibly go wrong? 😇 |
|
I don't think you guys going to launch the fork on time, this 2 way replay protection must be done before launch. |
|
|
|
If it was scam none of the people will work nonstop for this.
Moreover the mainnet will be released later than the fork.
…Sent from my iPhone 7 plus
On Oct 23, 2017, at 9:57 AM, Duke Leto ***@***.***> wrote:
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
What mechanism is used for timelocking the funds? |
|
working on this |
|
Why would anybody be working on this now? The scam is over. The bitcoin gold site is down. Money was made speculating on btc gaining against the alts before the forking block and the alts getting their value back after the forking block. |
|
Well, first of all, im bored at work, that's why i asked. |
|
As you are bored at work you should have read that the fork is not release.
a SNAPSHOT has been taken. As soon as the main net is secured with replay protection and unique address format, the main net will be release. Now get back to work, someone is paying you doing something useful (:
… On 24 Oct 2017, at 15:35, AlexanderPoschenrieder ***@***.***> wrote:
Well, first of all, im bored at work, that's why i asked.
But most important is because if the wallet and the mainnet are released without Replay protection, and this is a scam, people could rob BTCs just asking some BTG. Which is much worse than just price speculation.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#51 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADrjre5bwjcZAfzGDOXXx3NLqxUYJ-ftks5svdmegaJpZM4QBACc>.
|
|
Your project has devs savvy enough to change PoW algo and to premine, but not to code replay protection?! What gives? You knew the replay protection is a MUST, knew it before any other decisions about the alt coin were made. Please explain. |
|
@nisenbaum protip: it's a scam. carry on. |
|
@StarbuckBG I know that the fork is not yet released that was i asked if someone was working on this. |
|
I’m working on the testnet, you can check my PR.
H4x is working on small tasks and here is the replay protection. If it is not implemented in 2 days I will implement it.
…Sent from my iPhone 7 plus
On Oct 24, 2017, at 6:57 PM, AlexanderPoschenrieder ***@***.***> wrote:
@StarbuckBG I know that the fork is not yet released that was i asked if someone was working on this.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
@jb55 - Let's not be so judgmental. :) Can we call it "ForkDrop"TM? Innovation sometimes hides in the most unlikely places. I liken this to bacteria in the early moments of life on earth. Endless copying and reproducing, rapid decay and occasional viable mutation. There is a downside of course, as the name of bitcoin gets purposely attached to an alt coin, but that's a price of open source freedom. |
|
😂 |
|
Ok, I am working on this part, we can share our code, this is only a small part of the code |
|
Please see the pull request at #83. This should be the completion of this bounty. Without a running node system some of the automated tests might fail, but the entire implementation is there and very likely correct: DISCLAIMER: Should you choose to use it: none of this code has any warrantee, express or implied, usability for a particular purpose,etc blah blah The pull request also fixes the vast majority of the warnings reported in #47 The task includes updating the test suite to use SIGHASH_FORKID, is clear and readable code, and the task is finished before 25.10.2017 12:00 UTC. It uses a FORKID=79, for the atomic number for gold. Please review and let me know how to recieve the 300 BTG. We can make arrangements via PM. EDIT: Due to the relative difficulty of making an account to exchange BTG for BTC, and the fact that no wallets exist yet, and the presumption that you already have such an account, I prefer to receive the equivalent value in BTC at the address 1Nphe82XxmoJSyWa5KgzsDEHV328oWWzxP using a market BTG/BTC exchange rate selected within 24 hours of the date the pull request is merged. Presumably, if BTG both 1) has value, 2) is available to you on an exchange and 3) the value will increase, honoring this request will actually save you money by allowing you to keep your BTG tokens, so I would appreciate it. |
|
I was the one that came up with the idea initially for the SIGHASH_FORKID Just make sure to use a different forkid and also different default ports will simplify people running both BTC and BTG at the same time. Let me know if you need help |
|
Is BTG developers don't know how do it? o_O |
|
We have too much work to do that and we need more devs in the team.
… On 25 Oct 2017, at 13:24, alexeyvip ***@***.***> wrote:
Is BTG developers don't know how do it? o_O
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#51 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADrjrQmn6o7BOiAKJrSoUpTD27nwTelGks5svwx3gaJpZM4QBACc>.
|
|
Parody shit coin, take this coin and throw to the dumpster :) |
|
too shame on BTG team.hope the BTC core dev team will help you secretly. |
|
(updated 3. below with suggestion from bit79 below) Any possibility one of the devs who understands the tech can comment on whether the following strategy would work for splitting coins currently in an exchange (or a local wallet) into separate wallets for each of BTC and BTG? I am a newbie to cryptocurrencies but this seems to me to be a valid strategy for avoiding the whole replay issue altogether:
Does this sound reasonable? Any mistakes in the suggested strategy above? Publicising some simple strategy like this (if it would do the trick) that users can take themselves would assist in stopping people worrying too much about the replay stuff. But the strategy above relies on steps being taken between Oct 25 and Nov 1, which is coming up pretty quickly. |
|
You don't really need a copy of the wallet - just the private key of your address of step 2. After block 491407 (already happened), move your bitcoins to another address, and never reuse the address of step 2. When (if) BTG releases a wallet, import the private key of step 2. |
|
yeah I thought that was likely the case however as I'm not aware of the binary format for the wallet files of any of the clients, I thought it's possible they might store cached balances and such in a binary format, so after the transfer from one wallet to another, the client might think the wallet is empty unless it is a full node that checks the actual blockchain? So thought it safest to just take a copy before the transfer. But yeah that would be unnecessary if the addresses/keys are being imported into a new btg-supporting client app anyway. I'll edit the above to add that simplification. |
|
Let's call your 'pre_fork_wallet' X and your 'btc_wallet' Y. What we want to do is transfer value X->Y in such a way that no attacker can rebroadcast the valid transaction from one chain onto another and steal (or strand) our value on the other chain. We call this 'replay protection.' In the example you gave, value is transferred X->Y and Y->Z, where X and Y are locally controlled wallets and Z may be controlled by a third-party (like an exchange). Your assumption is that, because addresses in Y have not existed on the BTG blockchain, this protocol would provide replay protection. However, an attacker who rebroadcasts the valid transaction X->Y on the other chain introduces those addresses to that chain. By itself, this is a mere inconvenience. Provided they possess the seed, one could recreate Y later in a client and regain their value. However, a valid transaction Y->Z that were rebroadcast, where Z is third-party controlled, runs a real risk of stranding value or facilitating its theft. For this reason, your protocol does not provide replay protection. |
|
Total scam. |
|
@jl777 I guess you have the btc so i understand your help, but they are by definition dishonest and have continued to be so for many weeks now. If you actually help them, tell them to atleast make some sort of apology, I wanted to keep my BTG but i was forced to sell out when I saw a public bounty like that (in the coin sold as having the protection), just banking off some btc whale like you saving them. I mean am I the only one who noticed (BTG) Bitgem was the better buy out of this btc gold news... |
|
@ileathan I think it is more the case of ambition exceeding ability. While the launch of this project has been shambolic, their engagement at times with the community is abysmal. I was on the slack channel before, and the question was asked about when BTG will be added to the Bittrex Exchange. Someone said "Never" at which point the founder Jack Liao jumps in with following response: " suppprt or not, its up to exchange.but they need to give btg to their client.this is bottom" I know English is not his first language, but there is still an astonishing lack of care in his response. He was provided with context and therefore with opportunity to remind the community of the particular issues prohibiting uptake by Bittrex and the other major Exchanges, and how they were addressing those issues to win their confidence and encourage future uptake by those major Exchanges. Instead he writes something tonally belligerent that borders on unintelligible. For such a high profile new coin release, the seeming lack of organisation (Martin indicated elsewhere that he hardly communicates with Jack) and professionalism of the team behind this coin is surprising, and alarming. |
|
@mjoh090 I hope your right. - since I feel like its a scam - The point is they are offering a bounty in BTG for replay protection when they already sold BTG as having replay protection. I do hope things go well, but this bounty is scam/clownish. If you don't know how to make the signatures exclusive in your crypto you should slow way the heck down. |
|
I wanted to write here (and on the PR page) to confirm that with the code implemented and the bounty completed, the BTG team has followed through with payment of the bounty in full, on time, in the manner that I preferred. This instills a significant amount of faith (to me) that the project is being run by people who have a deep sense of professionalism, and I am grateful to them for the opportunity. Thank you very much. |
|
@BTCGReplayUS Thanks for the update, and congratulations on your windfall. I for one never doubted that they would follow through on paying the bounty - it would have been 'lights-out' if they didn't. Your comment's inclusion of 'to me' qualifies your graciousness and gratitude with an awareness that this payment in reality does not invalidate persistent concerns for the rest of us, and therefore does not diminish the need for continued vigilance. |
|
#109 Close? |
|
Sure. |
and others
Two-way replay protection must be provided in Bitcoin Gold
Refer to #18
The solution must feature:
Bounty: 250 BTG
Bonus 50 BTG if the task is finished before 25.10.2017 12:00 UTC
The text was updated successfully, but these errors were encountered: