Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN][DRK] Darkcoin | First Anonymous Coin | Inventor of X11, DGW and Darksend | Instant TX
by
vertoe
on 15/12/2014, 08:16:27 UTC
Quote from: Mr. Spread on December 15, 2014, 07:24:43 AM
Quote from: eduffield on December 15, 2014, 01:14:29 AM
Quote from: MyFarm on December 14, 2014, 07:42:10 PM
The Spreadcoin dev is reviewing the Darkcoin code and just posted this: https://bitcointalk.org/index.php?topic=715435.msg9839488#msg9839488

Quote from: Mr. Spread on December 14, 2014, 07:36:41 PM
Quote from: cyptohunter on December 14, 2014, 06:39:13 PM
Mr.spread,what's status of masternode and darksend developmnet?
It is far from ready yet but I think I found a potential vulnerability in DarkCoin which allows miners (actually pools) to not pay part of the block reward to masternodes.
DarkCoin wallet checks the following things for each new block: 
1) There is a payment to master node.
2) There is a payment with the same amount as a payment to master node should be (30%).
But there is no check that this is the same payment. This means that if you generate a block you can pay 0.0000001 DRK to masternode and pay 30% and (70% - 0.0000001 DRK) to yourself as separate coinbase outputs. Such blocks should be accepted by DarkCoin network but I haven't tested it on testnet so I can't be 100% sure.
I don't want any vulnerabilities out the wild so thought I'd check here.  This is what happens when "Enforcement" is off, right?  Or is this a separate issue and potential vulnerability?

Patched:  https://github.com/darkcoin/darkcoin/commit/ee8174a2c690b995003449a046b036d87ae25b5d  (sorry, trimmed space after every line)

Compiling 10.17.24 now, feel free to update from source
Is there any reward for discovering bugs and vulnerabilities? I have found several other bugs.

There used to be bounties for bugs and vulnarabilities. Get in contact with eduffield, flare, udjinm6 or me please. We are interested anyways.