• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Masternode Operators: Sentinel Hotfix (Action Required)

It's all because of those Europeans who use , instead of .

Time to get out the whips (I volunteer ;P)
 
First of all, great work to all involved in catching and fixing this situation so quickly.

But it does raise some questions. This seems similar to an SQL injection, in that a malformed entry caused the system to crash, which seems like a possible attack vector. For example, if InstantSend had been activated when this happened, would it have only used those few MNs that were showing as active? I could see a (likely implausible) scenario where someone could submit a proposal that brings down MNs and then uses the remaining ones to perform some type of attack. Is that really feasible? And has the underlying problem been completely fixed that caused this to happen in the first place?
As long as you are using interpreted languages and not compiled languages, this may happen. In EVERY update of the interpreted language or of its libraries, bad things may happen. Actually the one who controls the updates of the interpreted language, controls also the dash code, and consequently the whole dash network. Do you think satoshi was stupid, when he choosed a compiled language for his bitcoin?

You may say, will the interpreted language developers do such a thing? Yes of course they will do it. We are talking about money religion, remember? For the religion of money, some people kill their own mother and father. The language developers could also target the MNO IP adresses and send only to those specific addresses a buggy language update. In such a case, when the dash network will accuse the language developers, all the rest world will have the correct version of the language and they will not believe Dash's accusations. Yet another reason you should hide the IPs of the MNOs and allow TOR or similar precautions.

Fortunately for you, the masternode owners are complete stupid, they do not understand a word of all that I have just said, so they keep giving their dollars to dash. And this is a good thing, because although the dash generation is greedy, the dollar generation is much more greedy. So they deserve to be fooled.
 
Last edited:
It's all because of those Europeans who use , instead of .

Time to get out the whips (I volunteer ;P)
Reminds me of when the Mars Climate Orbiter software used imperial instead of metric units and $330m literally went "poof!"

For a system that handles millions of dollars of value every day, there should be a top priority on validating and sanitizing ANY user input.
 
should be a top priority on validating and sanitizing ANY user input.
So many things are calling DASH into question now... How do you flub this?

Where's 12.2?

smh...

You guys are making me facepalm so much I'm going to get a concussion...
 
I had a very interesting situation happen which may a highlight a serious flaw. After 10/26, one of my masternodes showed as "inactive" on Ninja. However, when checking the status on Dashman, it reflected the network state as "enabled" , visible to ninja, and was counting down to payment extremely slowly. This discrepancy between what I was seeing on Ninja and by pulling the status on Dashman went on for a week, until I used the masternode start missing command which reset my place all the way back to the beginning (my place in cue was showing 4/4500 at that point but I didn't know whether this was real or not).

Can someone explain how this discrepancy was possible?
 
Back
Top