Invalid checkpoint found!

[paumiau]

Hi!

I just received on the pool (peercoin.econing.com) a strange error never happens again:
It 's an error when rpc does some calls (getblock, listsinceblock, listaccounts)

Error: {"code":-2,"message":"Safe mode: WARNING: Invalid checkpoint found! Displayed transactions may not be correct! You may need to upgrade, or notify developers of the issue."}

thanks

[kha0S]

Blockchain forked here:
https://bitinfocharts.com/ppcoin/block/204617/dfc685677c3c541cab159b62895474f5c2ec686b04bae5797664ae871e123fc1

[mably]

Hi @kha0S, could you detail a bit more your analysis of what happened exactly?

[Thireus]

I can confirm Peercoin's blockchain was forked.

You can verify it here:

• http://bkchain.org/ppc/block/388c5c875d1ab37ff7b9329a12a415e43e38335316a5caa982fc3a373a32e93d
• https://bitinfocharts.com/ppcoin/block/204613/388c5c875d1ab37ff7b9329a12a415e43e38335316a5caa982fc3a373a32e93d

The next blocks of bkchain.org and bitinfocharts.com are on two separate blockchains. Action must be taken rapidly to prevent double spending (i.e. if BTC-E and Shapeshift are on two separate forks, everyone will be able to double their money).

[kha0S]

Hi @mably.

@Thireus has already explained. I can confirm also, that my pool (http://give-me-coins.com) has nodes on both forks. Payments have been disabled to prevent abuse.

[sigmike]

Some nodes are rejecting block 8350ac92844dfe4d8308d06fc4ecf379a98b0657f8b6435546f620888174adcc because they consider one of the included signatures is invalid. Other nodes (including the one propagating the sync checkpoints) have considered it valid. I'm not sure why this is happening.

[sigmike]

I was able to make a node accept the signature by applying this patch: 3320650

But it didn't work on some other nodes. The node where it worked has openssl > 1.0.1k. The other nodes have openssl < 1.0.1k.

[jooize]

How severe is this? Should we make a statement calling attention to it for exchanges etc.?

[kha0S]

I've locked my pool payments. Exchanges should do the same...

[mably]

Looks like funds are locked on btc-e already.

[miguelangel-nubla]

I dont see any actions locked on btc-e

[mably]

Deposits are not showing even after 6 confirmations, I've tested it.

[miguelangel-nubla]

That should mean you are on a different fork thank btc-e, double spending should be possible.

[erasmospunk]

As reported by @glv2 and @sigmike the fork happened due to the transaction with id 2d00a7349e5d281406a9e78c3af5d14dd0b3df2dedbc61c08e02e909797c6ecf.

I tried to verify it with Coinomi's bitcoinj and it fails because this BER signature uses a 5 byte length field:
3085000000004502...

Notice that 0x850000000045 encodes the size of the signature: 0x85 > 0x7f (127 bytes) so read the next 0x85 & 0x7f == 0x05 5 bytes to get the size of the signature 0x0000000045 == 69 bytes. Usually this field would be 0x45 instead of 0x850000000045 to encode the small signature.

Now the problem is that OpenSSL has a bug where you cannot store 5 bytes in a long int on a 32bit machine and this is what caused the consensus fork.

Was this intentional? This transaction has 1 input and 1 output (this is rare), the amounts are suspiciously round (0.1 PPC input, 0.05 PPC output and 0.05PPC fee) and lastly why use 0x850000000045 vs 0x45 to encore the size of the signature?

In bitcoin, this issue was solved with BIP66. Read here for more info:

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009697.html
https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki

[sigmike]

Indeed someone certainly exploited the bug found by Pieter Wuille. The network is probably split between 64 bits Linux systems and 32 bits Linux + all Windows systems. Exchanges and other users should be warned.

[mably]

What about SK synchronized checkpointing? Looks like it was done on Linux 64.

[sigmike]

Probably.
But on a 64 bits system I still had to apply the patch mentioned above to make it accept the signature.
The nodes that still rejected the signature after the patch are 32 bits.

[paumiau]

Thanks! I'll try the patch
My pool payments keeps stopped from the beginning of the bug

[randuev]

does it mean we have to sync the repo up to bitcoin core 0.10 in order to fix this? or should we just port signature bugfix into 0.5?

[chemicstry]

so the linux x64 chain fork is the correct one?

[sigmike]

@randuev it's more complex than that. Bitcoin avoided the problem by making a protocol change before the bug was disclosed. We can't do that anymore so we have to make a fix.

@intel it depends on your definition of correct.

[mably]

@sigmike are you in touch with @sunnyking about this issue? Is he working on a fix?

[jooize]

Would the following be an appropriate warning to post on r/Peercoin?

ATTENTION: Peercoin's blockchain has forked because of a bug. Exchanges and users should be warned to be wary of making transactions!

Information and discussion at GitHub and PeercoinTalk (also see the chatbox).

---

Update: Warning posted.

[sigmike]

@mably no, I sent him an email but I didn't get an answer yet.

[erasmospunk]

Here is the neutralized version of this transaction, just in case:

010000003b5d405601b8619c01f98c8f01aa0db29155ae61e209809c71c011da630b18743a51d99be1010000006b4830450221009802e19f86a3d348218a180599cd4488da687c250b850788b43427d277e4981002202a52418c497dd9ba9e5b97f1cb4de8b683e2ad9efe9f95f763022b23d2c5ee4e0121028a2d8bdcb6f0210fab72c19c63c513818ec19289e4002f9057555b5057dde7c5ffffffff0150c30000000000001976a9146f8dd023bbbe103c661c5c6ac8b43f46f795fba988ac00000000

[Mullick]

Just to clarify the block with the signature will be accepted as the valid chain going forward correct?
I could apply the patch now but will likely wait to see how things shake out over the next 24 hours.

Also why if the patch still needs to be applied to 64 bit nodes did the checkpointing node accept the block? Is it not running the latest stable release?

[kha0S]

I notified btc-e to lock PPC transactions. If anyone has contacts with other exchanges, please do the same.

[jooize]

Tweeted a warning and mentioned some exchanges (@exchange). Please add others you're aware of. I have no huge amount of relevant followers on Twitter, unfortunately.

We have a list of exchanges at Peercoin.net in case someone's looking for one.

[sigmike]

I wrote a quick fix here: 4f3f5d8, in the der_length_fix branch.

[sigmike]

Commit 3320650 is also required if you have OpenSSL 1.0.1k or above. It's included in the der_length_fix branch.

[chemicstry]

Thanks for the fix. However, I'm a bit confused on which chain is the correct one. Is it the one that has that transaction or the one that doesn't?

[gigatux]

@glv2 Thanks. That seems to work - it disconnected about 75 blocks before connecting 73. I'm on block 204686 now.

[zimbo123]

i upgrade my wallet to v0.5.0ppc.rc1-beta and have installed openssl 1.0.1f
But always the same error.

[sigmike]

v0.5.0ppc.rc1 doesn't include the fix. Use v0.4.1ppc.rc1.

[jooize]

Updated recommendations (2015–11–15):

Exchanges:

1. Suspend transactions with Peercoin!
2. Upgrade to Peercoin v0.4.1ppc.rc1 at https://github.com/ppcoin/ppcoin/releases/tag/v0.4.1ppc.rc1
3. Note: v0.5.0ppc.rc1 does not include the fix.
4. Carefully resume operations.

Users:

1. Don't send or request coins!
2. Please always backup wallet (via the wallet menu, don't just copy wallet.dat) before proceeding. Also note down your total balance/stake.
3. Uninstall your wallet software.
4. Install updated wallet software. Peerunity v0.1.3 RC1 is available for all platforms. Peercoin-Qt reference wallet v0.4.1 RC1 for Windows and Linux released. OS X build is being worked on.
5. Sunny King describes how to confirm you're on the “supported” blockchain.
6. Confirm any exchange you use has upgraded before sending or withdrawing coins, and try with small amounts first! Assuming both parties have upgraded you should be safe to transact.

Please validate these instructions and let me know whether to change anything.

See also r/Peercoin thread.

Sunny King's Weekly Update #168.

[sigmike]

Windows build is available here: http://sourceforge.net/projects/ppcoin/files/0.4.1%20RC1/ppcoin-0.4.1rc1-win32-setup.exe/download

Please always backup wallet before proceeding. Also note down your total balance/stake.
Uninstall version 0.4.0.
Install version 0.4.1 RC1.

[jooize]

@sigmike Can you publish a SHA-256 hash here as SourceForge doesn't even serve over HTTPS?

I produce this from two different locations:

$ shasum -a 256 ppcoin-0.4.1rc1-win32-setup.exe
c0fa41ad46ee6c27571a39e6bac4ef68d92f6e2b8c53919472ead98bc31c4bdb  ppcoin-0.4.1rc1-win32-setup.exe

Sunny King confirms the hash.

[sandakersmann]

I can confirm sha256sum: c0fa41ad46ee6c27571a39e6bac4ef68d92f6e2b8c53919472ead98bc31c4bdb

[sandakersmann]

Can someone merge this ASAP: super3/peercoin.net#239

[sandakersmann]

Sunny King confirmed sha256sum here: https://www.peercointalk.org/index.php?topic=4312.msg41209#msg41209

[MatthewLM]

What OpenSSL version should I use to build ppcoin or peerunity with? 1.0.1j? I seem to remember 1.0.1k or higher caused a problem with earlier versions of bitcoin. I'm not sure if it's related to this.

[sigmike]

The patch includes the fix for OpenSSL1.0.1k so any version should work.

[MatthewLM]

OK thanks. I just built peerunity 0.1.3 and I can confirm that it works for Linux 64-bit (Debian Jessie) with OpenSSL 1.0.1k.

[JoinJoin]

will this fix be merged into the latest version? Any ideas when?

[sandakersmann]

Peerunity v0.1.3-RC1 is available for all platforms. You can download builds here:

https://github.com/Peerunity/Peerunity/releases

[gigatux]

Hmm, I think that Peerunity RC thinks my wallet is corrupt:

Peerunity version v0.1.3.0-gd4fb03b ()
Default data directory /home/ppcoin/.ppcoin
Loading addresses...
dbenv.open LogDir=/home/ppcoin/.ppcoin/database ErrorFile=/home/ppcoin/.ppcoin/db.log
Loaded 12335 addresses
addresses 111ms
Loading block index...
Peerunity Network: genesis=0x0000000032fe677166d5 nBitsLimit=0x1d00ffff nBitsInitial=0x1c00ffff nStakeMinAge=2592000 nCoinbaseMaturity=500 nModifierInterval=21600
block index 0ms
Loading wallet...
Error reading next record from wallet database
Error loading blkindex.dat
Error loading wallet.dat: Wallet corrupted
wallet 954ms
Done loading
mapBlockIndex.size() = 0
nBestHeight = -1
setKeyPool.size() = 102
mapWallet.size() = 590
mapAddressBook.size() = 116
Peerunity: Error loading blkindex.dat
Error loading wallet.dat: Wallet corrupted

DBFlush(false)
addr.dat refcount=0
addr.dat checkpoint
addr.dat closed
blkindex.dat refcount=0
blkindex.dat checkpoint
blkindex.dat closed
wallet.dat refcount=0
wallet.dat checkpoint
wallet.dat detach
wallet.dat closed
StopNode()
DBFlush(true)
addr.dat refcount=0
addr.dat checkpoint
addr.dat closed
Peerunity exiting

I didn't get this on the link @glv2 posted regarding the 0.1.3 tree with just the fix. I'll investigate more tomorrow.

[gigatux]

I think I'm going to have to leave PPC disabled. I still get the Peerunity v0.1.3-RC1 complaining both about the wallet being corrupted and it not being able to load blkindex. This happens even when using the wallet from the original Peerunity (not the tree linked to by @glv2 ). There seems to be something quite wrong with this RC.

[glv2]

@gigatux Have you checked if the BerkeleyDB version you compiled Peerunity v0.1.3-RC1 with is identical to the BerkeleyDB version of your previous Peerunity?
Linking to a different BDB version could explain the issues when trying to open or read the databases (wallet.dat and blkindex.dat).

[gigatux]

@glv2 Very good point. Although it's linked to the same library, when compiling it used later BerkeleyDB include headers (as I have to use a later DB for dogecoin on the same server). I've dropped it back down to the older DB headers, recompiled and the release candidate is now working just fine.

Sorry for the confusion everyone! I'll just do a brief sanity check of the commits and then make this live on Bittylicious again.

[ghost]

The fix is not complete. A signature contains three encoded lengths, but the patch covers only one of them.

[sandakersmann]

New patch by sigmike: #116

[sandakersmann]

Another patch by sigmike: #117