Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [$XVG] VERGE [POW][MultiAlgo][BLACKHOLE][Entire Line of TOR/i2P Resources]
by
dbkeys
on 24/05/2018, 09:57:13 UTC
Quote from: R-J-F on May 22, 2018, 06:53:11 PM
Quote from: boxalex on May 22, 2018, 04:19:30 PM
Quote from: xtraelv on May 22, 2018, 02:13:48 PM
Official response is "mining pools were DDossed".



That's even more annoying...
Verge Devs should be well aware what it is after it occured allready some weeks back.....

This coin had really a good chance, but with such coding and nonstop multi million expolits i have my doubts it will go anywhere near where we hoped it will get.


Not the first coin to be attacked and won't be the last, this too shall pass...  I do agree they need to find a real defense against this "time warp" method.

2 hour time window (inherited from BTC) seems waaaaay too lax.   Don't most (if not all) warp attacks stem from this laxity ?  
I think somebody looked into it, and propagation of data network wide takes an average of 6 seconds and maybe 12 seconds max, IIRC.  I understand the need to have some laxity in the ordering of timestamps, but ... 2 hours !?!  
Why not a time window of single-digit multiple of the block time?  That should be enough.... Maybe 3x or 5x the block time ?   With Verge's 30s block time, this window would then be 90s or maybe 150s (2m 30s). Blocks timestamped outside this window should be rejected.

Also, there ought to be a trust score on the peers a node maintains connections with, based on how long they've been connected and how closely a peer's idea of time matches the node's.  A peer should not be able to just appear out of the blue, and present a huge fork and have it accepted. Only if said peer has been around long enough to establish a min trust score should their blocks be accepted and re-broadcast.   Likewise, if a peers idea of time is more than 30 seconds or so off from ours, the trust score should be lowered (or denied entirely) until their clocks match reality.

What do people think ? Would this fix the exploit ?