Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Please Update To v10.14.1 - Masternode Security Update

Discussion in 'Official Announcements' started by eduffield, Oct 7, 2014.

  1. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    I spoke to him yesterday, about 30 minutes after v10-14-1 was published.
    Just ask him...
     
  2. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    Still some confusion on BCT whether local wallets need to be updated...
     
  3. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Ugh... at this point we need to look at a bigger picture than just "MN income"... The whole system might have more vulns than just this one. What we need to do is asking him nicely to join our dev team, don't you think so? :)
     
  4. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    We already have (Evan did) and he said no.
     
  5. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Yes... Join us on IRC :)
     
  6. UdjinM6

    UdjinM6 Official Dash Dev
    Dash Core Team Moderator

    Joined:
    May 20, 2014
    Messages:
    3,637
    Likes Received:
    3,536
    Trophy Points:
    1,183
    thanks, flare
    must be something with my mind :confused:
     
  7. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,287
    Likes Received:
    2,406
    Trophy Points:
    1,183
    Never mind - actually it's quite confusing sometimes...:D

    We have (at least) three user groups

    - normal users
    - masternode operators
    - miners/pools

    For the security update ALL of these are affected

    - normal users use the masternode list during Darksend denomination
    - masternodes operators are keen on correct masternode list due to MN payouts
    - miners/pools refer to the list to randomly choose one entry for MN payout

    So if you are in one of these groups it is mandatory to update, the sooner, the better for the Darkcoin network.

    Hope that helps,
    Holger
     
    • Like Like x 6
  8. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    15 windows QT wallets updated!
     
  9. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    Should have been in the very first post :tongue:

    (in other words, I was unsure to whom the advisory applies as well).

    Thanks for making this clear.
     
    • Like Like x 1
  10. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,287
    Likes Received:
    2,406
    Trophy Points:
    1,183
    Yeah, communication needs to be improved. The info is there, but it's not shouting out loud...

    [​IMG]
    --> https://www.darkcoin.io/downloads/
     
    • Like Like x 1
  11. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    Mea culpa, I've never scrolled down THAT far :D
     
  12. scratchy

    scratchy Member

    Joined:
    Jun 24, 2014
    Messages:
    204
    Likes Received:
    84
    Trophy Points:
    88
    • Like Like x 1
  13. GilAlexander

    GilAlexander Member

    Joined:
    Jun 26, 2014
    Messages:
    84
    Likes Received:
    23
    Trophy Points:
    48
    Hey, guys! Why do you rarely update first post on btalk (that red outdated text at least)? I think there're a lot of people who reads btalk but not darkcointalk. And it is need to read last pages to get info for them.
     
    • Like Like x 1
  14. splawik21

    splawik21 Grizzled Member
    Dash Core Team Foundation Member Dash Support Group Moderator

    Joined:
    Apr 8, 2014
    Messages:
    1,916
    Likes Received:
    1,273
    Trophy Points:
    1,283
    EMERGENCY POOL FRIENDLY REMINDER

    According to https://drk.mn/blocks.html these haven`t updated their wallets yet...

    wafflepool10519.13%105100.00%786.266157.25320%77.14%77.14% - INFORMED BY REDDIT, BCT (NICK: POOLWAFFLE)
    coinminepl8114.75%81100.00%544.499108.90020%83.95%83.95% - INFORMED BY TWITTER, CONTACT FORM
    coinotroncom6211.29%62100.00%405.30781.06120%75.81%75.81% - INFORMED BY EMAIL --> [email protected]
    miningpoolhub468.38%46100.00%307.21161.44220%73.91%73.91% - INFORMED BY TWITTER
    trademybitcom417.47%41100.00%314.09962.82020%80.49%80.49% - INFORMED BY TWITTER
    multipoolus376.74%37100.00%251.12850.22620%86.49%86.49% - INFORMED BY TWITTER
    darkcointalkorg152.73%15100.00%102.11920.42420%86.67%86.67% - INFORMED PROPULSION
    p2pool112.00%11100.00%79.03915.80820%81.82%81.82%
    drkcif8com40.73%4100.00%25.0455.00920%75.00%75.00% - INFORMED BY MAIL [email protected],
     
    #134 splawik21, Oct 8, 2014
    Last edited by a moderator: Oct 8, 2014
    • Like Like x 6
  15. emmo

    emmo New Member

    Joined:
    May 23, 2014
    Messages:
    37
    Likes Received:
    11
    Trophy Points:
    8
    Can I migrate to the RC version without losing data (coins and addresses with private keys). What is the procedure for a normal user (using version 0.9.13 before 7.10.2014). In bitcointalk already i see posts that . . ." all users are subject to updates" , but does not explain how to do this. The "non" RC version will not available on darkcoin.io(only RC wallet) . Until now when I update, just copy new . exe file and everything works normal (I'm talking about non RC wallet version ). Thanks
     
  16. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    For those who don't use Darksend, can they still use the old Stable v.9.13.15 ?
    And for those who want to keep their wallet addresses, what should they do?
     
  17. oblox

    oblox Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,032
    Likes Received:
    537
    Trophy Points:
    183
    You could always backup your wallet.dat, install the latest wallet, run it so it generates a new RC5 wallet with the larger keypool and then import your private keys into the wallet.
     
  18. oblox

    oblox Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,032
    Likes Received:
    537
    Trophy Points:
    183
    They should all be updated as there is no longer a stable version. Darksend was merged.

    As for keeping wallet addresses, dump the address privatekey and then import into the new RC5 wallet.
     
    • Like Like x 1
  19. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,287
    Likes Received:
    2,406
    Trophy Points:
    1,183
    You can stay on v0.9.13.15 but are encouraged to update to 0.10.14.1.

    You can keep your addresses by dumping the privkey of each address from the old wallet and importing it into the new wallet.

    After importing the addresses that way you'll need to rescan the blockchain to get the correct display for your balance.

    [​IMG]
     
    • Like Like x 2
  20. aaxx1503

    aaxx1503 Active Member

    Joined:
    Feb 28, 2014
    Messages:
    113
    Likes Received:
    106
    Trophy Points:
    93
    Man that tuned update script made updating my masternodes a breeze. Don't think it's ever been this easy! Thanks a lot to everyone.
     
  21. Red-Shinobi

    Red-Shinobi Member

    Joined:
    Apr 9, 2014
    Messages:
    117
    Likes Received:
    76
    Trophy Points:
    78
    This works but the imported address wont be part of new backups correct? and it wont be in the wallet if you regenerate from seed yes?
    Ive got some vanity adress that i quite like, would like to keep them without needed special attention to them after upgrading.
     
  22. thelonecrouton

    thelonecrouton Well-known Member
    Foundation Member

    Joined:
    Apr 15, 2014
    Messages:
    1,135
    Likes Received:
    813
    Trophy Points:
    283
    Once you've imported it, yes it should then back up just fine. Obviously it won't exist in your previous backups. The official wallet doesn't use a seed - like electrum? Interesting point if you are using electrum though. Will have to try it. Guessing you would have to generate a new seed phrase. (If that's what you mean.)
     
    • Like Like x 1
  23. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,287
    Likes Received:
    2,406
    Trophy Points:
    1,183
    If you import the privkeys to a wallet.dat the keys are also included in the backup.

    Darkcoin does not support BIP32 (deterministic wallets), so there is no seed/passphrase from which the wallet keys are derived.

    When you are refering to Electrum you are right - but Electrum-DRK is not released yet ^^

    You are always on the safe side when dumping privkeys to e.g. paper. As long as you own the key you own the coins.
     
    • Like Like x 1
  24. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    What do you put in [label] and [rescan=true] ?
    I just dumped a private key on a testnet wallet to test and didn't put anything in [label] [rescan=true]. The balance shows up, doesn't it mean the coins are already in the wallet?
     
  25. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,287
    Likes Received:
    2,406
    Trophy Points:
    1,183
    It does :)

    Parameters in [] are optional, so if you leave them blank the defaults will be used. So here: no label and rescan is performed.
     
  26. illodin

    illodin Member

    Joined:
    Apr 26, 2014
    Messages:
    122
    Likes Received:
    71
    Trophy Points:
    78
    We could look for bugs ourselves. But it's a lot of work. And a lot of people don't understand how it should work, or can't read code. And learning that first is also a lot of work.

    Big enough bounties could do the trick. 1k - 10k DRK per vulnerability depending on the severity. But that's not gonna happen so we can just wait and hope Evan fixes problems as they arise. :)
     
  27. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    I vote for a bounty for that hacker and beg him to join our dev team. Also I vote for a bounty to hire a pen-tester at his suggestion. :)
     
  28. Light

    Light Well-known Member
    Foundation Member

    Joined:
    Jun 4, 2014
    Messages:
    346
    Likes Received:
    256
    Trophy Points:
    233
    We though we did that already. Kristov security check was kind of what you are suggesting. Plus Evan showed the code to a couple of other folks before open sourcing it. But turns out there are more creative folks out there. So i guess we have no choice but let everyone to try their luck and if they get lucky we don't even have to pay them anything. They will just claim their bounties themselves.
    We could also invite him to some Darkcoin conference as a guest speaker and then...... :rolleyes: That would not only solve the problem but would make an example out of him.
     
  29. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Flare, I imported one private key and then did the rescan after that, the address showed up in the new wallet like you said.
    Then I imported the second private key like this (to test if i could do the rescan at once with the key import):
    "importprivkey cUepzNRfBGjfGGCP8FhuBCaBH5T4MwFDGK3nZzfVpTJqthq6c6ps rescan=true" (the label was skipped)
    ... The amount of tdrk was divided in half and sent to some strange addresses... which I didn't send... I'm puzzled.. (this amount was anonymized in the old wallet)

    upload_2014-10-8_13-39-18.png
     
  30. Light

    Light Well-known Member
    Foundation Member

    Joined:
    Jun 4, 2014
    Messages:
    346
    Likes Received:
    256
    Trophy Points:
    233
    It would be interesting to hear Kristov's opinion on this recent exploit.
     
    • Like Like x 1