Masternode Operators: Sentinel Hotfix (Action Required)

nmarley

Active Member
Jun 28, 2014
366
424
133
Masternode Owners: Today a proposal was submitted which our system didn't catch (comma in the decimal) and this broke Sentinel, which means watchdogs stopped being created. We have pushed a hotfix, but Masternode Operators must intervene in order to update Sentinel (unless using some auto-update system).

To implement, simply move into your "sentinel" directory and run a git pull:

Code:
cd /path/to/sentinel/ && git pull
Note: This is required or your Masternode will go offline!
(edit: Apparently w/spork 14 off this isn't enforce, so crisis averted!)

Thank you for your service to the community.
 
Last edited:

Obusco

Member
Core Developer
Sep 23, 2016
42
53
58
28
cd sentinel && git pull only this? Without restart mn?
As you probably setup a crontab to execute every 5 min sentinel, when it got executed, it will execute with the last fix :)
 

methusaleh

Member
Mar 25, 2016
61
35
58
111
I'm hosted with Moo so is this something that happens at his end via Dashman or will I need to do a start?
 

KryptoTypek

New Member
Oct 1, 2016
19
11
3
38
Wow, checked DashNinja after the fix and 4000 masternodes out of approx. 4700 were inactive... it's crazy that such thing as a budget proposal can take down a wast majority of the masternode network... anyways thanks for the quick fix.
 

flare

Administrator
Dash Core Team
Moderator
May 18, 2014
2,287
2,406
1,183
Germany
Wow, checked DashNinja after the fix and 4000 masternodes out of approx. 4700 were inactive... it's crazy that such thing as a budget proposal can take down a wast majority of the masternode network... anyways thanks for the quick fix.
Technically the nodes are not down, they just failed to vote on a watchdog object.

As a sidenote: Dash 12.2 will not have watchdogs anymore, they are deprecated.
 

ericsammons

Active Member
Masternode Owner/Operator
Jan 1, 2016
142
503
143
ericsammons.com
First of all, great work to all involved in catching and fixing this situation so quickly.

But it does raise some questions. This seems similar to an SQL injection, in that a malformed entry caused the system to crash, which seems like a possible attack vector. For example, if InstantSend had been activated when this happened, would it have only used those few MNs that were showing as active? I could see a (likely implausible) scenario where someone could submit a proposal that brings down MNs and then uses the remaining ones to perform some type of attack. Is that really feasible? And has the underlying problem been completely fixed that caused this to happen in the first place?

It is a bit disconcerting that a proposal submission would have any impact on the network, much less one so major as this one did.
 

-crypto

New Member
Masternode Owner/Operator
Jun 17, 2017
15
2
3
After the Hotfix, how long does it take for DashCentral to recognize the MN's? Everything seems to check out on my end, and I'm good on Dash Ninja, but DashCentral still shows ERROR.
 

Tony

New Member
Sep 11, 2017
10
3
3
41
Heya guys,
I'd like your thoughts on having a cron job pulling every half an hour sentinel git. Something like
Code:
cd /home/dash/.dashcore/sentinel && /usr/bin/git pull 2>&1 >> sentinel-pull-cron.log
Pros? Cons?
 

oaxaca

Well-known Member
Foundation Member
Jul 8, 2014
573
832
263
Heya guys,
I'd like your thoughts on having a cron job pulling every half an hour sentinel git. Something like
Code:
cd /home/dash/.dashcore/sentinel && /usr/bin/git pull 2>&1 >> sentinel-pull-cron.log
Pros? Cons?
Here is an answer:

As a sidenote: Dash 12.2 will not have watchdogs anymore, they are deprecated.
Can you folks share any other tidbits about 12.2?
 

TanteStefana

Grizzled Member
Foundation Member
Mar 9, 2014
2,861
1,854
1,283
It's all because of those Europeans who use , instead of .

Time to get out the whips (I volunteer ;P)
 

t0dd

Active Member
Mar 21, 2016
151
132
103
keybase.io
Dash Address
XyxQq4qgp9B53QWQgSqSxJb4xddhzk5Zhh
Note: For those running a masternode on Fedora, CentOS or RHEL and deploy the software via my repos -- ie: https://github.com/taw00/dashcore-rpm -- simply log onto your masternode server and type sudo dnf upgrade dashcore-sentinel -y and you are done.
 
  • Like
Reactions: bhkien

demo

Well-known Member
Apr 23, 2016
3,114
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
First of all, great work to all involved in catching and fixing this situation so quickly.

But it does raise some questions. This seems similar to an SQL injection, in that a malformed entry caused the system to crash, which seems like a possible attack vector. For example, if InstantSend had been activated when this happened, would it have only used those few MNs that were showing as active? I could see a (likely implausible) scenario where someone could submit a proposal that brings down MNs and then uses the remaining ones to perform some type of attack. Is that really feasible? And has the underlying problem been completely fixed that caused this to happen in the first place?
As long as you are using interpreted languages and not compiled languages, this may happen. In EVERY update of the interpreted language or of its libraries, bad things may happen. Actually the one who controls the updates of the interpreted language, controls also the dash code, and consequently the whole dash network. Do you think satoshi was stupid, when he choosed a compiled language for his bitcoin?

You may say, will the interpreted language developers do such a thing? Yes of course they will do it. We are talking about money religion, remember? For the religion of money, some people kill their own mother and father. The language developers could also target the MNO IP adresses and send only to those specific addresses a buggy language update. In such a case, when the dash network will accuse the language developers, all the rest world will have the correct version of the language and they will not believe Dash's accusations. Yet another reason you should hide the IPs of the MNOs and allow TOR or similar precautions.

Fortunately for you, the masternode owners are complete stupid, they do not understand a word of all that I have just said, so they keep giving their dollars to dash. And this is a good thing, because although the dash generation is greedy, the dollar generation is much more greedy. So they deserve to be fooled.
 
Last edited:

Sven

Member
Masternode Owner/Operator
Aug 15, 2017
45
12
48
It's all because of those Europeans who use , instead of .

Time to get out the whips (I volunteer ;P)
Reminds me of when the Mars Climate Orbiter software used imperial instead of metric units and $330m literally went "poof!"

For a system that handles millions of dollars of value every day, there should be a top priority on validating and sanitizing ANY user input.
 

camosoul

Grizzled Member
Sep 19, 2014
2,266
1,130
1,183
should be a top priority on validating and sanitizing ANY user input.
So many things are calling DASH into question now... How do you flub this?

Where's 12.2?

smh...

You guys are making me facepalm so much I'm going to get a concussion...
 

revelations86

Member
Nov 12, 2016
58
20
48
33
I had a very interesting situation happen which may a highlight a serious flaw. After 10/26, one of my masternodes showed as "inactive" on Ninja. However, when checking the status on Dashman, it reflected the network state as "enabled" , visible to ninja, and was counting down to payment extremely slowly. This discrepancy between what I was seeing on Ninja and by pulling the status on Dashman went on for a week, until I used the masternode start missing command which reset my place all the way back to the beginning (my place in cue was showing 4/4500 at that point but I didn't know whether this was real or not).

Can someone explain how this discrepancy was possible?