Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Block 202612 hardcoded hash #118

Closed
Starmute opened this issue Jan 28, 2018 · 70 comments

Comments

@Starmute
Copy link

commented Jan 28, 2018

The measures to hardcode a hash for block 202612 (after the Monero network was attacked on September 4, 2014) were carelessly left in the Electroneum codebase, in /electroneum/blob/master/src/cryptonote_basic/cryptonote_format_utils.cpp. If this code is not removed by the time block 202612 is mined, the entire network will break. Please see MRL-0002 for a description of the attack which led to this original issue.

There is also an instance of code related to this issue here. It should be removed immediately to keep the network functioning once this block is mined.

@Starmute Starmute changed the title Block 202612 code Block 202612 hardcoded hash Jan 28, 2018

@Dr-Hack

This comment has been minimized.

Copy link

commented Jan 28, 2018

Surprisingly , No acknowledgement or feedback from the team ..

@Starmute

This comment has been minimized.

Copy link
Author

commented Jan 28, 2018

I should note that the most serious offender is get_block_longhash, which uses a hardcoded height to set the block hash for 202612. This needs to be fixed at once.

@Mojo-LB

This comment has been minimized.

Copy link

commented Jan 28, 2018

Electroneum Team are more bothered with marketing than tech. If they don't fix it, electroneum will die.

They already had their share of problems, and something like this can really break them, already the network is at the line of a 51% attack probability, and now this!

Kudos for looking into it, but at the moment I doubt electroneum will react in time. Some of their servers were out of sync for weeks causing many people balance issues. It took them a month to resync some servers, I don't believe they are capable of solving this before the deadline.

I think I will sell my hodlings of ETN, it has been too much drama for a single coin.

@nightvision04

This comment has been minimized.

Copy link

commented Jan 28, 2018

Thanks Starmute. Would you be available to to guide the team a bit in case they need assistance with a fork? I know that it's in the best interest of the team to fix this (since their coins are locked), and they might need to lean on your competency a bit.

@Starmute

This comment has been minimized.

Copy link
Author

commented Jan 28, 2018

nightvision04, I would be happy to help if necessary, but I suspect that they will not ask for my help with this.

@XzenTorXz

This comment has been minimized.

Copy link

commented Jan 28, 2018

i created a pull request for the issue https://github.com/electroneum/electroneum/pull/119/commits

@Mojo-LB

This comment has been minimized.

Copy link

commented Jan 28, 2018

@electroneumRepo You just need to check and merge, and announce the fork!
These guy did all the work for you. Save yourself and ourselves the pain.

Please.

@Starmute

This comment has been minimized.

Copy link
Author

commented Jan 28, 2018

@XzenTorXz, good work. Hope they implement it in a timely manner.

@Mojo-LB

This comment has been minimized.

Copy link

commented Jan 28, 2018

They replied on twitter.

@electroneumRepo What about the probability of 51% Attack after nanopool gets that percentage?

@Starmute

This comment has been minimized.

Copy link
Author

commented Jan 28, 2018

@Mojo-LB I'm outraged at their response. They decided it was a good idea to attack me because I saved their project.

@Mojo-LB

This comment has been minimized.

Copy link

commented Jan 28, 2018

@Starmute I actually didn't expect any better of them. Though I'm not really sure how to feel about it. I already sold a big part of my ETN holdings, and Stopped my ETN Pool and asked my miners to mine Graft. At least Graft team are involved in the technology and actually respond to issues.

I lost hope on Electroneum when they started deleting unfavorable comments on Twitter and Facebook. That only shows they try to sell illusion, not actual value of any kind.

@schmeckles22

This comment has been minimized.

Copy link

commented Jan 28, 2018

How hard is it to have a team that replies to this sort of thing? It's pretty basic for any company that hosts anything computer related

@Starmute

This comment has been minimized.

Copy link
Author

commented Jan 28, 2018

@schmeckles22 They did reply to it -- by nebulously attacking me and @XzenTorXz, who helped to patch the bug. We were not thanked for our efforts or even acknowledged.

@schmeckles22

This comment has been minimized.

Copy link

commented Jan 28, 2018

They've made it very difficult to find the answers though.

@electroneumRepo

This comment has been minimized.

Copy link

commented Jan 29, 2018

@Starmute @XzenTorXz Could we ask you both to send us an email to support@electroneum.com with the subject "Block 202612 hardcoded hash" - This is so that we can discuss the issue with you and thank you both for your work.

Regards
Electroneum

@Mojo-LB

This comment has been minimized.

Copy link

commented Jan 29, 2018

@electroneumRepo Seriously though? After publicly slandering them?
And what about the issues regarding nearing 51% hashrate control and possibility of attack? Silence as well?

@electroneumRepo

This comment has been minimized.

Copy link

commented Jan 29, 2018

@Starmute @XzenTorXz hi, I really want to clear this up!

I am very grateful for your input and ALL the positive community input. It's incredible. I've just re-read the Facebook post that you think is attacking you, and I can understand that it can be read that way - but I completely assure you that is NOT the case. In the section of that post where Taylor states "We are forever grateful for the support and patience shown by our community" - that's about you guys - the guys at the coalface of Electroneum - making it work and making it awesome. Then when he states "we have noticed the negative speculation and misinformation being pushed out regarding Monero Block 202162" he is talking about a very hard effort by a number of individuals on Telegram and other social media sites that were using this information to attack Electroneum. I promise you faithfully that this statement was not about you in any way.

I am personally grateful for what you are adding to the community and I'll make sure that all correspondence is run past me before it gets released on our Facebook page to try and prevent this kind of thing from happening in the future.

Best Regards,
Richard Ells.
CEO / Founder of Electroneum.

@XzenTorXz

This comment has been minimized.

Copy link

commented Jan 29, 2018

since i allready wrote an email to "support@" i just gonna repost it here:

I'm not very happy about the whole situation and how you handled it. You basicly accused a user (starmute) in public about spreading misinformation and you can interpret a lot more into it with the paragraph you wrote before. This is a serious hit against the open source community. You should be happy and thankful that there are people out there, who take a look in your code and publish the issues and dont expect anything in return. He never had to take a look, he never had to publish it. I expect an apology to him. He has to take a lot of shit from the community at the moment, because they lost a few $, but still better then having a non-working blockchain.

Yes the community was a bit worried and since there was no official statment, i decided to create a little fix to calm them down. We did a lot of informing over the issue on discord and explained what it is all about and what needs to be done. There was no missinformation, we calmed the people who thought all is over and explained more who thought this isnt a deal at all. You have a big community, you should treat them the right way, because they're the most valuable product you have.

sincerely
XzenTorXz

@Mojo-LB

This comment has been minimized.

Copy link

commented Jan 29, 2018

Dear Mr. Ells @electroneumRepo , @Starmute, and @XzenTorXz,

I think we can either keep a conversation going back and forth here, or settle this publicly as it was created publicly.

Mr. Richard, you are the marketing genius here, and I assume you are already preparing/prepared a plan to undo the damage that have been accidentally done.

As the community of Electroneum, we feel concerned about the stagnation and delays. You guys talk about 27 days since you went online, but we are on our nerves since November. That, combined with both hype, fear, and some tiny trigger, can (and already did) cause turbulence.

Honestly, we want to see actions both in terms of technology AND business. And yet (I know it's more complex than that, but not "1 month with your budget" complex) resync of some servers and implementing accurate checks took way too long to be done.

I guess the most frustrating part is the feeling that our voices and concerns are not being heard, except when they are blown out of proportion.

Regards,
Mojo from Lebanon.

@Starmute

This comment has been minimized.

Copy link
Author

commented Jan 29, 2018

The following email was sent to support@electroneum.com on January 29. 2018 at 8:08AM EST:

Hello Electroneum,

I’m Starmute from the GitHub, and will prove this by posting on the GitHub the exact timestamp of the email sent to you.

I was dismayed at the response to my discovery of the block-202612 bug. When I disclosed it, I expected to be at least thanked by your team and your community. This was a small bug, and an easy to fix one, yet it held the potential to stop the entire Electroneum network in its tracks. I reported it with the intention of helping your community, and receiving your thanks in return.

Instead I was met with rage, anger and threats from angry investors who had lost money, and your Facebook update piled on to that. What you posted was interpreted by many as an accusation, against myself, of spreading misinformation, and my discovery of a fatal flaw in your code was not rewarded, not thanked, not even acknowledged. All that myself and XzenTorXz got was a vague reference to the “community devs” who “confirmed that it is a 2 line fix.”

When I asked, on your Telegram group, to speak to an Electroneum team member, simply saying that I had discovered the block-202612 bug, I was immediately banned by David Payton, an administrator in the Electroneum group.

You have created a community and an environment that, rather than rewarding and thanking those who work to keep it alive, slanders us and screams “FUD!!!”. This type of attitude is dangerous and self-destructive, and if you allow it to continue, your community will shrink in turn.

I never had to publish the bug. There are a vast number of ways I could have profited by keeping it a secret. I published it because I wanted to keep Electroneum alive, and because I expected the gratitude of the community to be its own reward. Instead, your community and team decided to shoot the messenger.

You should be rewarding people who help you the way I have.

Sincerely,

Starmute/KnifeOfPi2

@mattcode55

This comment has been minimized.

Copy link

commented Jan 29, 2018

Poor @Starmute :(

Should have just left ETN to die.

@Grimm2017

This comment has been minimized.

Copy link

commented Jan 29, 2018

Guys this is an issue tracker, not a general forum. Stop posting completely irrelevant stuff.

@JoelIsMe

This comment has been minimized.

Copy link

commented Jan 29, 2018

Release an updated binary file to github. Also, please send the binary to cryptopia before september 2032.
The version 1.0 of the released files hosted here will crash the blockchain in 37 days.

@JoelIsMe

This comment has been minimized.

Copy link

commented Jan 29, 2018

Also the 4 pools and big mining farms with private pools that actually mine the coin have to update their software too for the chain to continue.

Every electroneum-daemon has to be updated to the new code that is NOT released as a binary file as of now.

@kevin39

This comment has been minimized.

Copy link

commented Jan 29, 2018

Stay calm, you're boring everyone. There is no "big" emergency, they'll fix it soon.

@JoelIsMe

This comment has been minimized.

Copy link

commented Jan 29, 2018

@kevin39 the market loves to dump when a coin is guaranteed to fail in 37 days from now.
there is no binary release available with the fixed code and cryptopia has to install that program.

when i'll see an updated .exe file here on this github, I'll say I'm calm.

@rizwansarwar

This comment has been minimized.

Copy link

commented Jan 30, 2018

Isn't it the same problem for everyone? If ETN forks due this or some other reason, why would people invest in new fork? And if the update/patch/fix solves the issue, why would you need to fork? A fix before the imminent bug will be as if an update to wallet has been issued. I am struggling to see the logic, why would ETN deliberately allow the bug to be hit and create a fork? Surely if there is a solution (as posted above), they would accept it, what am I missing?

@XzenTorXz

This comment has been minimized.

Copy link

commented Jan 30, 2018

there is no hardfork needed, you could call it softfork or just call it update. Every node needs to update (else they will stop working on the height of 202612), thats about it. But you still need to anounce the update (so everyone has some time) and its very critical that its announced loud and quick.

@cambazz

This comment has been minimized.

Copy link

commented Jan 30, 2018

Hello Everyone and @Starmute @XzenTorXz @electroneumRepo

I am running a mine pool software of my own making - that is dependent on electroneumd.

Do I have to update electroneumd for this bug? I have read the entire thread, but it was not entirely clear to me, it appears there is a fix, but do we have to re-download and re-compile the electroneumd?

Best regards,
C.

@jeffreyscholz

This comment has been minimized.

Copy link

commented Jan 31, 2018

I'll also leave a reference to #120 here

@Carolusian

This comment has been minimized.

Copy link

commented Jan 31, 2018

@electroneumRepo It is great to hear about that, and it is really appreciated about your efforts. One suggestion is that, we would love to see the electroneum base chain keep opensourced and keep maintained actively. Active maintenance of the whole chain in a technological transparent way will help give more confidence to the community. Thanks again @Starmute and @XzenTorXz

@XzenTorXz

This comment has been minimized.

Copy link

commented Jan 31, 2018

they have to publish their source commint on github. Else the source and the binaries wouldnt be in sync.

@infiniteC001

This comment has been minimized.

Copy link

commented Jan 31, 2018

Will I have to manually update my daemon or will it grab the new update automatically once it is published?

@Starmute

This comment has been minimized.

Copy link
Author

commented Feb 1, 2018

@infiniteC001 You will need to manually update electroneumd

@electroneumRepo

This comment has been minimized.

Copy link

commented Feb 5, 2018

Hi All, Please use the latest version of our code in all nodes and use cases. This fixes this issue regarding block 202612. We've also merged various improvements and bug fixes from Monero's v0.11.1.0.
In a similar way to Monero's regular updates we have introduced a fork at height 179840.

All users must update their code before that block to remain in sync.

We have notified major pools and exchanges already.

Thanks for all your help and feedback.

Electroneum Team.

@Starmute

This comment has been minimized.

Copy link
Author

commented Feb 5, 2018

@electroneumRepo,

I sent you an email one week ago, but you still have not responded. Please send me a response as soon as you can.

Thanks,
Starmute/KnifeOfPi2

@mannie65

This comment has been minimized.

Copy link

commented Feb 5, 2018

@electroneumRepo - It's great that you updated the major pools, but how about the other pool owners. Can you publish something about this on your new look website in the support section, and make it nice and easy for people to find.

@Mojo-LB

This comment has been minimized.

Copy link

commented Feb 5, 2018

@bobbieltd

This comment has been minimized.

Copy link

commented Feb 5, 2018

@Mojo-LB : Lol , young pool owners are busy to look for miners. Moreover, how can they find this posts from hundreds of post ?

@octvcdrc octvcdrc referenced this issue Feb 5, 2018

Closed

New build needed #2

@Starmute

This comment has been minimized.

Copy link
Author

commented Feb 19, 2018

@electroneumRepo Please respond to my email. Thanks.

@Mojo-LB

This comment has been minimized.

Copy link

commented Mar 2, 2018

@Starmute

This comment has been minimized.

Copy link
Author

commented Mar 2, 2018

@Mojo-LB From the looks of it, somebody screwed up the update code. The difficuties are related to the fork. Most people seem to have updated but only empty blocks are being mined which means no transactions can go through.

@Mojo-LB

This comment has been minimized.

Copy link

commented Mar 2, 2018

@fetenete

This comment has been minimized.

Copy link

commented Mar 2, 2018

Seems like something is wrong with the previous block 179839.. According to the blockexplorer the fees are N/A

@mannie65

This comment has been minimized.

Copy link

commented Mar 2, 2018

Pools with updates are stuck on block 179846/7 - with Zero rewards, pools that have not applied the patch are progressing with new blocks - up to 179928 according to their stats, so I'm no expert on the fix, but do we have 2 forked (varied block chains) ?

@fetenete

This comment has been minimized.

Copy link

commented Mar 2, 2018

I'm not familiar with the code, but what if the block 179840 was found by a node that hasn't been patched yet? Would that be an explanation?

@Starmute

This comment has been minimized.

Copy link
Author

commented Mar 2, 2018

@fetenete No, it's a v3 block. They have compiled a new version which will be released tonight.

@mannie65

This comment has been minimized.

Copy link

commented Mar 2, 2018

@Starmute - Does that mean a recompile/update for all pool owners - or back-end fix ?

@fetenete

This comment has been minimized.

Copy link

commented Mar 2, 2018

@Starmute thx for the update! Appreciate your help for the electroneum community!

@XzenTorXz

This comment has been minimized.

Copy link

commented Mar 2, 2018

@mannie65 every node needs to update again and then we might move along

@bobbieltd

This comment has been minimized.

Copy link

commented Mar 2, 2018

What should I do for the pool to fix it now ? Any quick solution or I have to wait for an update fix from dump Electroneum devs ?

@keybutler

This comment has been minimized.

Copy link

commented Mar 2, 2018

They say it will be updated on GitHub so all Pool Masters will update the code? / patch?
Yolo

@keybutler

This comment has been minimized.

Copy link

commented Mar 2, 2018

Soon

@Ogy

This comment has been minimized.

Copy link

commented Mar 3, 2018

Is it ok now ? ..

@bobbieltd

This comment has been minimized.

Copy link

commented Mar 3, 2018

It’s ok now. Download and recompile.

@bmatthewshea

This comment has been minimized.

Copy link

commented May 6, 2018

Shame they put the exact same version on 'revert release'. It isn't a complete revert to previous "v0.11.0.0". Therefore the version should be changed. (duh). If you use 'original' "11.0.0" it will not go past 202612. Not to say I'm surprised they created more confusion. They seem to be good at it.

This is what you get when 'devs' fork code (monero), but generally have no idea what they are doing overall aside from renaming it. Form before function.. same old story.
Thank you @XzenTorXz and rest for "pushing" them on this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.