Randomness in mn payee selection

demo

Well-known Member
Apr 23, 2016
3,113
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
@dark_wanderer If it was 10 days already then dashd (12.0) could see it as "never paid" even if it was before but that's ok, it means that you are in top 10% from which MNs are picked randomly so just keep your mn online do NOT restart it via masternode start-* commands and it should be paid eventually. If you restart, it will be brought to the end of the queue and you'll have to wait 7+ days to get into that top 10% again.

And this is the reason why static IPs are required for the masternodes....:oops:

Another nail in the coffin of the anonymity of the masternodes. :mad:
 
Last edited:

UdjinM6

Official Dash Dev
Core Developer
Dash Core Team
May 20, 2014
3,639
3,537
1,183
But if you dynamiccaly change IPs, is it equivalant to restarting ?
no, static IP is only required to make it discoverable/available

Sorry for off-topic here, but could you please post the name of the source file with the implementation of this random/deterministic selection?
masternodeman.cpp, look for `CMasternodeMan::GetNextMasternodeInQueueForPayment` and dig from there
 

demo

Well-known Member
Apr 23, 2016
3,113
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
no, static IP is only required to make it discoverable/available
code?

masternodeman.cpp, look for `CMasternodeMan::GetNextMasternodeInQueueForPayment` and dig from there

CMasternode *CMasternodeMan::FindRandomNotInVec(std::vector<CTxIn> &vecToExclude, int protocolVersion) {
LOCK(cs);
protocolVersion = protocolVersion == -1 ? masternodePayments.GetMinMasternodePaymentsProto() : protocolVersion;
int nCountEnabled = CountEnabled(protocolVersion);
LogPrintf("CMasternodeMan::FindRandomNotInVec - nCountEnabled - vecToExclude.size() %d\n", nCountEnabled - vecToExclude.size());
if(nCountEnabled - vecToExclude.size() < 1) return NULL;
int rand = GetRandInt(nCountEnabled - vecToExclude.size());
LogPrintf("CMasternodeMan::FindRandomNotInVec - rand %d\n", rand);
bool found;

BOOST_FOREACH(CMasternode &mn, vMasternodes) {
if(mn.protocolVersion < protocolVersion || !mn.IsEnabled()) continue;
found = false;
BOOST_FOREACH(CTxIn &usedVin, vecToExclude) {
if(mn.vin.prevout == usedVin.prevout) {
found = true;
break;
}
}
if(found) continue;
if(--rand < 1) {
return &mn;
}
}

Is GetRandInt the randomness? Where is GetRandInt defined?

Why you dont let us search it in github?
 

demo

Well-known Member
Apr 23, 2016
3,113
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
No, I already answered where to start digging. CalculateScore in masternode.cpp is your next stop.
GetRandInt is defined in random.cpp

No its not CalculateScore my next step. It is how randomness is defined.
If randomness is not truly random, then whatever you calculate is wrong.
Randomness is defined in random.cpp here.

This is a local randomness. Not a network randomness decided among Masternodes.
In order to calculate a true randomness, you need a secure multiparty computation protocol of randomness among masternodes.

I could change the random.cpp in my masternode and make it return non random values, and that way cheat your calculations.

void GetStrongRandBytes(unsigned char* out, int num)
{
assert(num <= 32); CSHA512 hasher; unsigned char buf[64];
// First source: OpenSSL's RNG
RandAddSeedPerfmon(); GetRandBytes(buf, 32); hasher.Write(buf, 32);
// Second source: OS RNG
GetOSRand(buf); hasher.Write(buf, 32);

// Produce output
hasher.Finalize(buf);
memcpy(out, buf, num);
memory_cleanse(buf, 64);
}
/** Get 32 bytes of system entropy. */
static void GetOSRand(unsigned char *ent32)
{
int f = open("/dev/urandom", O_RDONLY);
if (f == -1) {
RandFailure();
}
int have = 0;
do {
ssize_t n = read(f, ent32 + have, 32 - have);
if (n <= 0 || n + have > 32) {
RandFailure();
}
have += n;
} while (have < 32);
close(f);
}
and

static inline int64_t GetPerformanceCounter()
{
int64_t nCounter = 0;
timeval t;
gettimeofday(&t, NULL);
nCounter = (int64_t)(t.tv_sec * 1000000 + t.tv_usec);
return nCounter;
}

So it is enough for me to change my system's time and the way /dev/urandom behaves and that way cheat your system.

Am I wrong on something? Am I?
 
Last edited:

demo

Well-known Member
Apr 23, 2016
3,113
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
So it is enough for me to change my system's time and the way /dev/urandom behaves and that way cheat your system.

Am I wrong on something? Am I?
Why nobody answers my question? If I am wrong, then why dont you prove my error?

If I am right, then what is the incective the Dash community gives to the people who discover the bugs?
I mean, why someone to reveal a bug, instead of trying to exploit it?

I think you should give incectives to the people who discover flaws in your system.
The role of the testers is very important, equaly important to the role of the developers.
You should allocate a budget some and pay them for each flaw they discover.
 
Last edited:

demo

Well-known Member
Apr 23, 2016
3,113
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
GetNextMasternodeInQueueForPayment != FindRandomNotInVec
You are looking at the wrong piece of code.
You said:
@dark_wanderer If it was 10 days already then dashd (12.0) could see it as "never paid" even if it was before but that's ok, it means that you are in top 10% from which MNs are picked randomly so just keep your mn online do NOT restart it via masternode start-* commands and it should be paid eventually. If you restart, it will be brought to the end of the queue and you'll have to wait 7+ days to get into that top 10% again.
Where is this randomness in the code, if not into the FindRandomNotInVec ?
 
Last edited:

demo

Well-known Member
Apr 23, 2016
3,113
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
So the truth is this.
Either you implement a Protocol for Multiparty Coin Toss with Dishonest Majority.
Or there is no randomness!
 

demo

Well-known Member
Apr 23, 2016
3,113
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
Still waiting for an official answer (aka "where is the code?") regarding the way randomness is defined into the masternodes network.
 

demo

Well-known Member
Apr 23, 2016
3,113
263
153
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
There is a discussion regarding this issue here:
https://www.dash.org/forum/threads/...-program-by-bugcrowd.15321/page-2#post-133234

After the very helpfull clarifications of @UdjinM6, my conclusion is this:
I will investigate whatever system random functions you may use into the code (if any), and how these functions (if hacked in the system) can affect code's behavior. Thanks for the hints and for the clarifications you gave to me . I always appreciate a code related talk with you.
Note that bitcoin's code has no dependacy at all from the local random device.
While dash's code has at least one dependacy here which (according my understanding) seems to affect a disconnected masternode to enter into the masternodes list again (and being a candidate to be paid).
Can this insecure randomness cause severe problems in case the local random device is hacked? I dont know. As long as I am not sure about it, neither I have a showcase to present it to you, the answer is IT CANNOT. It is obvious that you should trust @UdjinM6 on that, rather than me.
 
Last edited: