Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Please Update To v10.14.1 - Masternode Security Update

Discussion in 'Official Announcements' started by eduffield, Oct 7, 2014.

  1. olymp

    olymp New Member

    Joined:
    Sep 3, 2014
    Messages:
    21
    Likes Received:
    4
    Trophy Points:
    3
    after update i got this:

    2014-10-08 20:13:46 ProcessMessage(dsee, 217 bytes) FAILED
    2014-10-08 20:13:46 dsee - Got mismatched pubkey and vin
    2014-10-08 20:13:46 ProcessMessage(dsee, 217 bytes) FAILED
    2014-10-08 20:13:46 dsee - Got mismatched pubkey and vin
    2014-10-08 20:13:46 ProcessMessage(dsee, 217 bytes) FAILED

    Is this mean that i have to start from 0?
     
    • Like Like x 1
  2. oblox

    oblox Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,032
    Likes Received:
    537
    Trophy Points:
    183
    No, it means it's rejecting the spoofed MNs.
     
  3. olymp

    olymp New Member

    Joined:
    Sep 3, 2014
    Messages:
    21
    Likes Received:
    4
    Trophy Points:
    3
    So my MN is working OK and reject attacker?
     
  4. oblox

    oblox Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,032
    Likes Received:
    537
    Trophy Points:
    183
    Correct.
     
  5. Light

    Light Well-known Member
    Foundation Member

    Joined:
    Jun 4, 2014
    Messages:
    346
    Likes Received:
    256
    Trophy Points:
    233
    #155 Light, Oct 8, 2014
    Last edited by a moderator: Oct 8, 2014
  6. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
  7. oblox

    oblox Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,032
    Likes Received:
    537
    Trophy Points:
    183
    Masternodes down, but the injected list remains on clients not updated I believe.
     
  8. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    He still got 15 payments today, and now has a little sister called XixmyNSGGGXEJEzKghoRnTto5ZVhficSek
     
  9. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    The inability to 100% squash this kind of issue instantly is probably the only downside of being anonymous and decentralised!
     
  10. Coinotron

    Coinotron New Member

    Joined:
    May 15, 2014
    Messages:
    21
    Likes Received:
    21
    Trophy Points:
    3
    FYI.

    Coinotron runs on patched wallet.
     
    • Like Like x 1
  11. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    Great :thumbsup:

    Now only multipoolus seems to be missing.
     
  12. Light

    Light Well-known Member
    Foundation Member

    Joined:
    Jun 4, 2014
    Messages:
    346
    Likes Received:
    256
    Trophy Points:
    233
    • Like Like x 1
  13. OnetyOne

    OnetyOne New Member

    Joined:
    Aug 4, 2014
    Messages:
    34
    Likes Received:
    19
    Trophy Points:
    8
    Forgive me if I'm wrong but wasn't the masternode patch a fix that only minimizes the current en prevents future damage? So it comes down the exploited masternode owner himself to update it or not, he can choose to keep it running and maximize his profits (till enough network compliance is met).

    I've been watching his masternode adress and it's income has been steadily declining over the past day, probably due to the compliance of the other MN's and clients wich is rising. But what would be the impact if someone is not so willingly to coorperate?
     
  14. HinnomTX

    HinnomTX Active Member

    Joined:
    Jul 22, 2014
    Messages:
    166
    Likes Received:
    196
    Trophy Points:
    103
    The rogue client is not actually a masternode owner. He/she is not staking any coins for the exploit. He/she can keep the exploit running indefinitely. However, the rogue's future earnings will evaporate as more peers upgrade to 0.10.14.x. There is a stricter version of masternode payment enforcement which is in the works, and rumor has it will require a hard fork. This will cut off the exploit for good.
     
    • Like Like x 1
  15. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    Just an observation but since this exploit my EC2 CPU and bandwidth usage has nearly trebled. Very, very odd. Almost like my iptables rules are being hammered... Will do some snooping.

    EDIT: Nope, darkcoind is just working a lot harder and a lot more data is passing through!
     
  16. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    Please note that this is 10 masternodes on a C3.large

    Screen Shot 2014-10-09 at 16.52.01.png Screen Shot 2014-10-09 at 16.52.28.png
     
  17. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    I just brought up your post in the #darkcoin channel on freenode and elbereth said:

    [12:46:06] <elberethzone> moli: only one block found with that pubkey
    [12:46:24] <elberethzone> could be that it was a mn not yet in the list of the nodes on drk.mn

    Where did you find this address?
     
  18. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    Over at elbereth's site: https://drk.mn/blocks.html

    His site is stuck, so this address is still at the top of the list.
     
  19. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Hm... I only see XwzmEE1cJ6HG84CgJvAt7ADmJ8W9Wh65Tq at the top of the list.
    And the "little sister" got paid only 3 times i think, not sure if it's a hacker's address or a legit MN..
     
  20. UdjinM6

    UdjinM6 Official Dash Dev
    Dash Core Team Moderator

    Joined:
    May 20, 2014
    Messages:
    3,637
    Likes Received:
    3,536
    Trophy Points:
    1,183
  21. LonnieDRR

    LonnieDRR Member

    Joined:
    Jun 24, 2014
    Messages:
    103
    Likes Received:
    41
    Trophy Points:
    78
    Is there a problem with the new Mac wallet?? I can't install it on either of my machines. It just hangs on "loading" and never opens. Had to go back to the 9.13.15 wallet. Nobody responded to my previous post about it. I know most all you guys are on windows...
     
  22. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    New Mac wallet works fine for me...sorry I can't help!
     
  23. hard_forker

    hard_forker Member

    Joined:
    Jun 20, 2014
    Messages:
    41
    Likes Received:
    14
    Trophy Points:
    48
    Sorry, mine is also working fine on Maverics
     
  24. LonnieDRR

    LonnieDRR Member

    Joined:
    Jun 24, 2014
    Messages:
    103
    Likes Received:
    41
    Trophy Points:
    78
    If i upgrade from the non dark send wallet to the new version it doesn't work. If i upgrade from the old darksend version, then it works. Cant upgrade directly from 9.13.15 to the new one.

    I guess Ill have to transfer my coins to my other computer and fresh install the new wallet.
     
    #174 LonnieDRR, Oct 9, 2014
    Last edited by a moderator: Oct 9, 2014
  25. HinnomTX

    HinnomTX Active Member

    Joined:
    Jul 22, 2014
    Messages:
    166
    Likes Received:
    196
    Trophy Points:
    103
  26. LonnieDRR

    LonnieDRR Member

    Joined:
    Jun 24, 2014
    Messages:
    103
    Likes Received:
    41
    Trophy Points:
    78
    thats basically what i did. Transferred the coins to another laptop, then wiped the old wallet and reinstalled a fresh one. And made new backups. Works now. thanks.
     
  27. TreasureSeeker

    TreasureSeeker New Member

    Joined:
    Apr 28, 2014
    Messages:
    25
    Likes Received:
    5
    Trophy Points:
    3
    Nice work keeping things secure, eduffield.

    TreasureQuarry's Darkcoin P2Pool has been updated to 0.10.14.1
     
  28. elmad

    elmad New Member

    Joined:
    May 27, 2014
    Messages:
    13
    Likes Received:
    5
    Trophy Points:
    3
    Is it possible that a pool or a big miner is using the bug? How works the voting system?

    This miner http://explorer.darkcoin.io/address/XhBLSR1HhoaWrdGgrjCHxJkCWWiFFhveHs pays ever the same fake masternode without 1000 drks XixmyNSGGGXEJEzKghoRnTto5ZVhficSek

    Here it's evident:
    http://drk.poolhash.org/masternode.html?srch&nmstr=XhBLSR1HhoaWrdGgrjCHxJkCWWiFFhveHs
     
    #178 elmad, Oct 10, 2014
    Last edited by a moderator: Oct 10, 2014
  29. eduffield

    eduffield Core Developer

    Joined:
    Mar 9, 2014
    Messages:
    1,084
    Likes Received:
    5,319
    Trophy Points:
    183
    Definitely not an exploit. Like I said before, I don't think this solution will get masternodes paid beyond 95% of the time. There will be some bad pools gaming the system. In this case it's a rouge solo miner, paying himself the extra 20%.

    v10.15 addresses this and is not exploitable. But I'm still working on it. We'll get there, one step at a time :)
     
    • Like Like x 9
  30. Walter

    Walter Active Member
    Masternode Owner/Operator

    Joined:
    Jul 17, 2014
    Messages:
    231
    Likes Received:
    201
    Trophy Points:
    103
    It's probably Sojayxt having a run at your bet ;)
     
    • Like Like x 1