Changing Block Time Will Not Stop The Attack

[vishal3967]

So, the commit that Justin just made is locked to comments so I'm posting this here. Justin, you need to fix the difficulty calculating code, the block time drift fix you implemented is not enough.

[justinvforvendetta]

the drift is enough to prevent this from happening again, because hours are needed off chain to make the diff lower. what is your suggestion as far as difficulty recalculation? we use dgw currently.

[vishal3967]

But if they manage to consecutively control the blocks, they will eventually get to a few hours. It'll just take more hash power initially. I'm thinking a difficulty algo which calculates difficulty for each algo separately.

[justinvforvendetta]

they were mining blocks on a different chain, with a 2 hour time difference. they never "controlled the blocks".

[vishal3967]

They eventually controlled the chain. That's what I meant. Also your code for checking for the valid chain shouldn't just require the chain to be the longest.

[justinvforvendetta]

we have a new repository with a whole new codebase we are working on. this will prevent the attack for now.

[vishal3967]

Okay cool. So the block drift change isn't the only fix. Any ETA on the new codebase?

[JohnJohnssonnl]

@justinvforvendetta , may I do a code suggestion for difficulty (just trying to help, please remove if you don't want it here ;-))? I think the bnProofOfWorkLimit[algos] (main.h/main.cpp) is never actually inited with minimal values, therefore the difficulty could go so low (maybe I missed something). This is checked against in the DarkGravityWave3 method in main.cpp (and more places). It's the safeguard if some loser tries to get around the code rules again.

[justinvforvendetta]

of course pull requests are always welcome here @JohnJohnssonnl

[vishal3967]

@justinvforvendetta can you please explain what other measures are being used to address this attack vectors in the new codebase?

[justinvforvendetta]

@vishal3967 we are rebasing with bitcoin core.

[shyrwall]

When looking at verge it feels like im in gradeschool again. Good luck.

[vishal3967]

@justinvforvendetta how will you deal with multi algo when rebasing since you BTC doesn't have it?

[justinvforvendetta]

@shyrwall when looking at your github, it looks like you have done nothing at all. is that pre-kindergarten?

[justinvforvendetta]

@vishal3967 we added it in of course.

[shyrwall]

@justinvforvendetta If you want I can fire up the copy-paste engine and become just as good as you. https://git.shieldx.sh/SHIELD-team/Core-Projects/SHIELD/commit/c9da6eb64f670a6e0336ceb10332b2bd94498eba

But I feel that I was wrong in being childish in my comment before. Sorry for that. I get like that when i see copy-pasting without references.

[justinvforvendetta]

@shyrwall actually that whole repository was copied from us about a year ago, before we integrated tor and stealth. also we changed our drift before that commit too ;)

[FFMG]

Please guys, don't feed the trolls, rather fix the hole(s).

Ironically, the change you made bought you some time, but not a lot.
You have not fixed the hole, you know it, I know it, and every true developer in the world knows it.

Please release a proper fix, (in your difficulty calculator), and everything will be fine.

[jrsikors]

@FFMG as Justin has pointed out , this is a community project. Anyone is welcome to make a pull request on how to fix it. Some people like @shyrwall just want to troll and see people fail, which is sad, but that's for him to live with.

But as you pointed out, @justinvforvendetta knows and this isn't permanent. Thanks for your input though, and as mentioned, any ideas / suggestions are welcome here.

[vishal3967]

@justinvforvendetta: your method and implementation looks identical to the github code posted there and that was committed in April. Your fix in April involving block drift was nothing like the code pushed by Shield. Please give credit when you copy open-source code, it's essential.

[shyrwall]

@jrsikors It's not trolling if it's true. When Verge starts giving credit for all the copy-pastes then people will stop what you call trolling. Just look at the stealth address copy-paste from opalcoin. Are you going to say they copied Verge? :D e361292#diff-e75eff0ce0dde388eddbe3173db85bd4L1779

I agree a github issue is not really the correct forum to talk about this but atleast you don't get censored ;) People only bash Verge because of the code stealing without giving credit. Just imagine how good this project could have been if the Vergers just wrote like "We used the code from Opalcoin because their implementation was good" but nope.

[jrsikors]

Go re-read this entire thread from the beginning up until you entered with your remarks. Try to find the difference between the positive discussion going on and your first comment.

[justinvforvendetta]

@shyrwall actually sdc created stealth addressing on this codebase, and opal didnt credit them. (if we want to get technical) i just grabbed the stealth.cpp from the first repo i found ;]

[jrsikors]

Alright well I think this "discussion" went from "helpful" to "not" pretty quick there. So thank you for those who contributed in ruining it 😄

To summarize:

~Verge is currently working on rebasing with Bitcoin Core, and will be implementing a more permanent fix to the recent attacks.
~Yes we have used code that others have taken from others who have taken from others, this is not a secret or debated.
~Anyone is welcome to help contribute to the open source Verge github repo, and we strongly encourage any development assistance.