Please Update To v10.14.1 - Masternode Security Update

stonehedge

Well-known Member
Foundation Member
Jul 31, 2014
696
333
233
Still some confusion on BCT whether local wallets need to be updated...
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Has anybody sent him or her a message asking him nicely to stop? He's done us a favour in a way but he is stealing indiscriminately from people, some of whom will be relying on and hoping for masternode income. Its all very well saying he or she is going to give he stolen DRK away but I wish they were going to the people who should have got them...
Ugh... at this point we need to look at a bigger picture than just "MN income"... The whole system might have more vulns than just this one. What we need to do is asking him nicely to join our dev team, don't you think so? :)
 

UdjinM6

Official Dash Dev
Dash Core Team
Moderator
May 20, 2014
3,638
3,538
1,183
Where was that stated? All clients share the masternode list, you can test this by typing "masternode list" in your console. As long as you are using client version < 0.10.14.1 this list will contain made up entries - and if you are additionally a pool/miner your client will also select the wrong entries for MN payout.
thanks, flare
must be something with my mind :confused:
 

flare

Administrator
Dash Core Team
Moderator
May 18, 2014
2,287
2,406
1,183
Germany
thanks, flare
must be something with my mind :confused:
Never mind - actually it's quite confusing sometimes...:D

We have (at least) three user groups

- normal users
- masternode operators
- miners/pools

For the security update ALL of these are affected

- normal users use the masternode list during Darksend denomination
- masternodes operators are keen on correct masternode list due to MN payouts
- miners/pools refer to the list to randomly choose one entry for MN payout

So if you are in one of these groups it is mandatory to update, the sooner, the better for the Darkcoin network.

Hope that helps,
Holger
 

crowning

Well-known Member
May 29, 2014
1,415
1,997
183
Alpha Centauri Bc
Never mind - actually it's quite confusing sometimes...:D

We have (at least) three user groups

- normal users
- masternode operators
- miners/pools

For the security update ALL of these are affected

- normal users use the masternode list during Darksend denomination
- masternodes operators are keen on correct masternode list due to MN payouts
- miners/pools refer to the list to randomly choose one entry for MN payout

So if you are in one of these groups it is mandatory to update, the sooner, the better for the Darkcoin network.

Hope that helps,
Holger
Should have been in the very first post :tongue:

(in other words, I was unsure to whom the advisory applies as well).

Thanks for making this clear.
 
  • Like
Reactions: flare

GilAlexander

Member
Jun 26, 2014
84
23
48
Hey, guys! Why do you rarely update first post on btalk (that red outdated text at least)? I think there're a lot of people who reads btalk but not darkcointalk. And it is need to read last pages to get info for them.
 
  • Like
Reactions: bertlebbert

splawik21

Grizzled Member
Dash Core Team
Moderator
Foundation Member
Dash Support Group
Apr 8, 2014
1,923
1,280
1,283
EMERGENCY POOL FRIENDLY REMINDER

According to https://drk.mn/blocks.html these haven`t updated their wallets yet...

wafflepool10519.13%105100.00%786.266157.25320%77.14%77.14% - INFORMED BY REDDIT, BCT (NICK: POOLWAFFLE)
coinminepl8114.75%81100.00%544.499108.90020%83.95%83.95% - INFORMED BY TWITTER, CONTACT FORM
coinotroncom6211.29%62100.00%405.30781.06120%75.81%75.81% - INFORMED BY EMAIL --> [email protected]
miningpoolhub468.38%46100.00%307.21161.44220%73.91%73.91% - INFORMED BY TWITTER
trademybitcom417.47%41100.00%314.09962.82020%80.49%80.49% - INFORMED BY TWITTER
multipoolus376.74%37100.00%251.12850.22620%86.49%86.49% - INFORMED BY TWITTER
darkcointalkorg152.73%15100.00%102.11920.42420%86.67%86.67% - INFORMED PROPULSION
p2pool112.00%11100.00%79.03915.80820%81.82%81.82%
drkcif8com40.73%4100.00%25.0455.00920%75.00%75.00% - INFORMED BY MAIL [email protected],
 
Last edited by a moderator:

emmo

New Member
May 23, 2014
37
11
8
Can I migrate to the RC version without losing data (coins and addresses with private keys). What is the procedure for a normal user (using version 0.9.13 before 7.10.2014). In bitcointalk already i see posts that . . ." all users are subject to updates" , but does not explain how to do this. The "non" RC version will not available on darkcoin.io(only RC wallet) . Until now when I update, just copy new . exe file and everything works normal (I'm talking about non RC wallet version ). Thanks
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Never mind - actually it's quite confusing sometimes...:D

We have (at least) three user groups

- normal users
- masternode operators
- miners/pools

For the security update ALL of these are affected

- normal users use the masternode list during Darksend denomination
- masternodes operators are keen on correct masternode list due to MN payouts
- miners/pools refer to the list to randomly choose one entry for MN payout

So if you are in one of these groups it is mandatory to update, the sooner, the better for the Darkcoin network.

Hope that helps,
Holger
For those who don't use Darksend, can they still use the old Stable v.9.13.15 ?
And for those who want to keep their wallet addresses, what should they do?
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Can I migrate to the RC version without losing data (coins and addresses with private keys). What is the procedure for a normal user (using version 0.9.13 before 7.10.2014). In bitcointalk already i see posts that . . ." all users are subject to updates" , but does not explain how to do this. The "non" RC version will not available on darkcoin.io(only RC wallet) . Until now when I update, just copy new . exe file and everything works normal (I'm talking about non RC wallet version ). Thanks
You could always backup your wallet.dat, install the latest wallet, run it so it generates a new RC5 wallet with the larger keypool and then import your private keys into the wallet.
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
For those who don't use Darksend, can they still use the old Stable v.9.13.15 ?
And for those who want to keep their wallet addresses, what should they do?
They should all be updated as there is no longer a stable version. Darksend was merged.

As for keeping wallet addresses, dump the address privatekey and then import into the new RC5 wallet.
 
  • Like
Reactions: moli

flare

Administrator
Dash Core Team
Moderator
May 18, 2014
2,287
2,406
1,183
Germany
For those who don't use Darksend, can they still use the old Stable v.9.13.15 ?
And for those who want to keep their wallet addresses, what should they do?
You can stay on v0.9.13.15 but are encouraged to update to 0.10.14.1.

You can keep your addresses by dumping the privkey of each address from the old wallet and importing it into the new wallet.

After importing the addresses that way you'll need to rescan the blockchain to get the correct display for your balance.

 
  • Like
Reactions: moli and teamer

aaxx1503

Active Member
Feb 28, 2014
113
106
93
Man that tuned update script made updating my masternodes a breeze. Don't think it's ever been this easy! Thanks a lot to everyone.
 

Red-Shinobi

Member
Apr 9, 2014
117
76
78
You can stay on v0.9.13.15 but are encouraged to update to 0.10.14.1.

You can keep your addresses by dumping the privkey of each address from the old wallet and importing it into the new wallet.

After importing the addresses that way you'll need to rescan the blockchain to get the correct display for your balance.

This works but the imported address wont be part of new backups correct? and it wont be in the wallet if you regenerate from seed yes?
Ive got some vanity adress that i quite like, would like to keep them without needed special attention to them after upgrading.
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
This works but the imported address wont be part of new backups correct? and it wont be in the wallet if you regenerate from seed yes?
Ive got some vanity adress that i quite like, would like to keep them without needed special attention to them after upgrading.
Once you've imported it, yes it should then back up just fine. Obviously it won't exist in your previous backups. The official wallet doesn't use a seed - like electrum? Interesting point if you are using electrum though. Will have to try it. Guessing you would have to generate a new seed phrase. (If that's what you mean.)
 
  • Like
Reactions: Red-Shinobi

flare

Administrator
Dash Core Team
Moderator
May 18, 2014
2,287
2,406
1,183
Germany
This works but the imported address wont be part of new backups correct? and it wont be in the wallet if you regenerate from seed yes?
Ive got some vanity adress that i quite like, would like to keep them without needed special attention to them after upgrading.
If you import the privkeys to a wallet.dat the keys are also included in the backup.

Darkcoin does not support BIP32 (deterministic wallets), so there is no seed/passphrase from which the wallet keys are derived.

When you are refering to Electrum you are right - but Electrum-DRK is not released yet ^^

You are always on the safe side when dumping privkeys to e.g. paper. As long as you own the key you own the coins.
 
  • Like
Reactions: Red-Shinobi

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
You can stay on v0.9.13.15 but are encouraged to update to 0.10.14.1.

You can keep your addresses by dumping the privkey of each address from the old wallet and importing it into the new wallet.

After importing the addresses that way you'll need to rescan the blockchain to get the correct display for your balance.

What do you put in [label] and [rescan=true] ?
I just dumped a private key on a testnet wallet to test and didn't put anything in [label] [rescan=true]. The balance shows up, doesn't it mean the coins are already in the wallet?
 

flare

Administrator
Dash Core Team
Moderator
May 18, 2014
2,287
2,406
1,183
Germany
What do you put in [label] and [rescan=true] ?
I just dumped a private key on a testnet wallet to test and didn't put anything in [label] [rescan=true]. The balance shows up, doesn't it mean the coins are already in the wallet?
It does :)

Parameters in [] are optional, so if you leave them blank the defaults will be used. So here: no label and rescan is performed.
 

illodin

Member
Apr 26, 2014
122
71
78
We have to start begging the pools again to update, especially in a critical moment like this? There gotta be some other way. yes, some pools are very quick to respond to updates and I appreciate that but some stubborn ones are making me sick already.
We could look for bugs ourselves. But it's a lot of work. And a lot of people don't understand how it should work, or can't read code. And learning that first is also a lot of work.

Big enough bounties could do the trick. 1k - 10k DRK per vulnerability depending on the severity. But that's not gonna happen so we can just wait and hope Evan fixes problems as they arise. :)
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
We could look for bugs ourselves. But it's a lot of work. And a lot of people don't understand how it should work, or can't read code. And learning that first is also a lot of work.

Big enough bounties could do the trick. 1k - 10k DRK per vulnerability depending on the severity. But that's not gonna happen so we can just wait and hope Evan fixes problems as they arise. :)
I vote for a bounty for that hacker and beg him to join our dev team. Also I vote for a bounty to hire a pen-tester at his suggestion. :)
 

Light

Well-known Member
Foundation Member
Jun 4, 2014
346
256
233
We could look for bugs ourselves. But it's a lot of work. And a lot of people don't understand how it should work, or can't read code. And learning that first is also a lot of work.

Big enough bounties could do the trick. 1k - 10k DRK per vulnerability depending on the severity. But that's not gonna happen so we can just wait and hope Evan fixes problems as they arise. :)
We though we did that already. Kristov security check was kind of what you are suggesting. Plus Evan showed the code to a couple of other folks before open sourcing it. But turns out there are more creative folks out there. So i guess we have no choice but let everyone to try their luck and if they get lucky we don't even have to pay them anything. They will just claim their bounties themselves.
I vote for a bounty for that hacker and beg him to join our dev team. Also I vote for a bounty to hire a pen-tester at his suggestion. :)
We could also invite him to some Darkcoin conference as a guest speaker and then...... :rolleyes: That would not only solve the problem but would make an example out of him.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
It does :)

Parameters in [] are optional, so if you leave them blank the defaults will be used. So here: no label and rescan is performed.
Flare, I imported one private key and then did the rescan after that, the address showed up in the new wallet like you said.
Then I imported the second private key like this (to test if i could do the rescan at once with the key import):
"importprivkey cUepzNRfBGjfGGCP8FhuBCaBH5T4MwFDGK3nZzfVpTJqthq6c6ps rescan=true" (the label was skipped)
... The amount of tdrk was divided in half and sent to some strange addresses... which I didn't send... I'm puzzled.. (this amount was anonymized in the old wallet)

upload_2014-10-8_13-39-18.png
 

Light

Well-known Member
Foundation Member
Jun 4, 2014
346
256
233
It would be interesting to hear Kristov's opinion on this recent exploit.
 
  • Like
Reactions: stonehedge