Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN] [SUMO] SUMOKOIN - 🔏 Digital Cash For High-Confidential Transactions 🔏
by
JC1DA
on 15/09/2017, 16:37:12 UTC
Quote from: stoffu on September 15, 2017, 04:12:08 PM
Quote from: Germining on September 15, 2017, 11:24:06 AM
Quote from: stoffu on September 15, 2017, 10:52:57 AM
Quote from: quangvhg on September 15, 2017, 10:24:21 AM
Quote from: stoffu on September 15, 2017, 09:17:45 AM
Who on earth would want to query the spend secret key over wallet RPC?
https://github.com/sumoprojects/sumokoin/commit/819f7e6e0eff6e4f7f41eca32f2e9df1d9b92e03

If the connection was somehow compromised and an attacker managed to see this data, all your money would be gone. Only a fool would use this feature.

The developers seem neither competent nor serious about security, which explains why the very old bug in the wallet has been left unsolved for a long time.

1. First, seed words can be retrieved via wallet RPC too, what's different from spendkey if connection is somehow compromised?


My overall doubt anout the developers' competence and honesty still remains, though.

Could you explain why?

My doubt about their honesty is primarily due to the premine which is never justifiable if the currency were to be legit. Another reason is the recent release of the GUI miner that they claim to be open source, which is not in reality because the source code isn't released; we don't know when the code will be released, and there's a fair chance that it'll never be released. They should immediately retract the GUI miner by deleting the download link and release it again with the source code attached when it's ready. If they don't do so, I consider it as a scam.

My doubt about their incompetence comes from the general low activity in their GitHub repository. Also, this part from the OP:

Quote from: sumoshi on May 07, 2017, 04:48:14 AM
  • Do you have any relationship with The Monero Project?
    - No. While we have full respect for all core developers of The Monero Project who are competent, open and smart, however, we've never had opportunity to contribute anything to Monero yet (we hope we will).

makes me think that they don't contribute to Monero because they aren't competent. Also, the wallet bug recently reported by eeX seems to be old and have been left unfixed for a long time, which is another indication of their incompetence.


I understand your concerns. For the premine, as those coins are locked so we have some time to consider about this project, I think it's good as we can leave before the wallet is unlocked.

The miner was released about a week ago, we need Vu to confirm when its source code will be released.

Actually, we all expect devs to be more active. There is less and less information about this project recently (except for the miner).

Need more time to confirm if this is a legit project or not. Give them some time to answer. Don't conclude in haste. Smiley