Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Temporary disabling of InstandSend due to potential quorum exploit method

Discussion in 'Official Announcements' started by AndyDark, Aug 30, 2017.

  1. AndyDark

    AndyDark Official Dash Dev
    Core Developer

    Joined:
    Sep 10, 2014
    Messages:
    329
    Likes Received:
    648
    Trophy Points:
    163
    Hi everyone,

    We'd like to inform you that with help from the community, we have discovered a potential exploit in the current InstantSend implementation which provides the chance for an attacker with 6 or more Masternodes to dominate an InstantSend quorum by brute forcing collateral transaction hashes in a certain way as to increase their chance to be selected for an IS quorum, which could provide the possibility to perform a double spend or a potential network fork.

    We have not yet seen this attack executed on our network and we believe the risks are low because the exploit requires ownership of at least US$ 2.1 million in Dash. However, for safety we have disabled InstandSend via ["SPORK_2_INSTANTSEND_ENABLED": false] to ensure this attack cannot be performed until the fix, which is already completed & QA’d, is released to the network.

    As 12.2 release is imminent, our intention is to include the fix as part of the 12.2 release process, which is estimated within the next few weeks, instead of releasing a hotfix immediately, to minimize the disruption in the coming network upgrade.

    As a result, any InstandSend transactions made before 12.2 deployment will fallback to normal confirmation times, therefore users are advised to refrain from selecting InstantSend on payments in wallets until 12.2 to prevent being charged the higher fee.

    We’d like to thank two community members, Matthew Robertson and Alexander Block for helping to discover this exploit. Consequently, after a post-mortem, our conclusion is that the exploit was missed internally due to the fact that we did not provide enough review of early InstantSend code, with everyone in our (much larger) team today being focused on V12 features and our forthcoming V13 Evolution release.

    Therefore we have been conducting an internal security audit of earlier code which hasn’t found any further explots and we are also seeing the Dash community becoming much more active in contribution and code review, from new contributors to the recent $240,000 BugBounty program funded by the network, which we believe together will ensure that enough ongoing review is being provided to find and secure any future exploits quickly and comprehensively to ensure the Dash Network remains secure.


    Thank you,


    The Dash Core Team
     
    • Informative Informative x 18
    • Like Like x 14
    • Agree Agree x 2
  2. solarguy

    solarguy Active Member

    Joined:
    Mar 15, 2017
    Messages:
    267
    Likes Received:
    117
    Trophy Points:
    103
    Good catch.

    Excellent response.

    Carry on.
     
    • Agree Agree x 11
    • Like Like x 1
  3. Macrochip

    Macrochip Active Member
    Masternode Owner/Operator

    Joined:
    Feb 1, 2015
    Messages:
    113
    Likes Received:
    138
    Trophy Points:
    93
    Our haters are already spinning this as something bad. So amusing! Imagine any other project encountering such an issue while not having sporks. Price would plummet as they'd issue emergency patches like someone kicked a hornet's nest while the exploit could actually be used costing people their hard earned money :rolleyes:

    Thank Duffield for Sporks!
     
    • Agree Agree x 13
    • Dumb Dumb x 1
  4. HashEngineering

    HashEngineering Active Member

    Joined:
    May 3, 2014
    Messages:
    255
    Likes Received:
    354
    Trophy Points:
    123
    The Dash Wallet for Android looks at Sporks to determine if InstantSend is enabled. If it is not enabled, then the app hides the InstantSend checkbox on the Send Coins screen thus not allowing InstantSend to be used. If a QR code has InstantSend requested, the app may still send the transaction with as InstantSend with higher fees.
     
    • Like Like x 5
    • Winner Winner x 4
    • Useful Useful x 3
  5. Voluntary

    Voluntary Member

    Joined:
    May 14, 2016
    Messages:
    101
    Likes Received:
    36
    Trophy Points:
    78
    Dash Address:
    XivwUmSu5davqhqc3BX1j4w6dskzNFihQQ
    Could this network feature suspension have an effect on how masternodes are selected for reward payments? I ask because I've got an established mn that reports as enabled and will shortly reach twelve days since its last reward payment.
     
  6. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    1,951
    Likes Received:
    142
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    You have to understand that the same way the core team can fix bugs using sporks, the same way they can also implant bugs (especially if forced by the 3 letters agency). Stop being so stupid please.:rolleyes:

    The solution ? Community driven sporks, and a proof of individuality of course. The sad thing? Look how many stupid agree with the stupidity of @Macrochip. In the case of such a big concentration of stupids, NO, there is no solution! Even with community driven sporks. Even with proof of individuality. The stupids will always remain stupids, and will always rely upon the will of the smart one.

    So what is the FINAL solution? EDUCATION of the community. Hard education. Even whipping sometimes. They certainly deserve it.

    The good news? Both @codablock and @Matt Robertson do not belong to the greedy stupid dash generation of 2014-2016. Furthermore @codablock is the user 12000, and this number says something.
     
    #6 demo, Aug 31, 2017
    Last edited: Aug 31, 2017
    demo
    This message by demo has been hidden due to negative ratings. (Show message)
    • Trolling Trolling x 5
    • Dumb Dumb x 2
    • Friendly Friendly x 1
  7. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,636
    Likes Received:
    1,031
    Trophy Points:
    183
    I hate to admit it, but there are a few small seeds of truth in the pile of butt gumbo demo posted... Don't throw the baby out with the bathwater.

    Sporks need to be network consensus managed.

    Early DASH adopters are mostly a bunch of fucktards.
     
    • Agree Agree x 1
  8. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,636
    Likes Received:
    1,031
    Trophy Points:
    183
    I've had this happen many times prior to this sporking. I've had MNs get a payment in 4 days, and had one go 22 days... There is some entropy in the system that can lead to an occasional outlier. It averages out in the long run.

    It is likely unrelated, but it would be a good idea for more MNOs to keep an eye to see if this accelerates.
     
  9. Super8

    Super8 Active Member

    Joined:
    Mar 27, 2015
    Messages:
    288
    Likes Received:
    151
    Trophy Points:
    103
    I hope 12.2 is released (and Instant send switched back on) in time for Max Keiser's GAP show. It will be a pity if Max has to admit that one of the keys advantages of Dash compared to Bitcoin isn't working. It's just bad PR for Dash and a missed opportunity for us.

    (I do realise that updates happen at their own pace, but this is just a point to try and ask Dash Core to be mindful and laser focused on a speedy outcome!)

    Thanks.
     
    • Agree Agree x 3
  10. SimontheRavager

    SimontheRavager New Member

    Joined:
    May 16, 2017
    Messages:
    31
    Likes Received:
    11
    Trophy Points:
    8
    Uh great work ^^
     
  11. The philosofers coin

    Joined:
    Apr 23, 2017
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Personally, I still most if not all crypto's still in alpha version, so as investors in alpha software, my biggest concern is to find out that there are potential bugs that could totally destroy the network. (for example non transparent blockchains, which could potential have hidden printed extra coins). Having that said, Dash evolution is aimed at the mainstream, and once it is really for mass adoption (that does not have to mean version one of evolution) the Spork feature should be completely decentralized. It's a necessity. I hope to see this feature gets to be put on the roadmap in a way that is clear as day for everyone that is going be added within a reasable time frame.

    PS we should not forget that Ethereum has a similiar way of control in the hands of Vitalik
     
    • Agree Agree x 2
  12. TroyDASH

    TroyDASH Well-known Member

    Joined:
    Jul 31, 2015
    Messages:
    888
    Likes Received:
    625
    Trophy Points:
    163
    I'm not sure about decentralizing the sporks themselves, but I would definitely be in favor of giving the Masternodes control over who has the keys to them, so that the situation can be remedied quickly in the event that the keys are leaked to a malicious actor or if the current spork key holders are no longer willing or able to use them well.
     
    • Like Like x 2
    • Useful Useful x 2
  13. The philosofers coin

    Joined:
    Apr 23, 2017
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Adding to what TroyDash said a vote of convince could be done by simply proposing a vote similar to the question to increase the blockchain from 1mb to 2mb for the time being
     
  14. Macrochip

    Macrochip Active Member
    Masternode Owner/Operator

    Joined:
    Feb 1, 2015
    Messages:
    113
    Likes Received:
    138
    Trophy Points:
    93
    In Evolution sporking will be done by the network itself without human intervention. That's what's meant by "decentralizing the keys". No voting on each spork by MNOs as that would be wildly inefficient and cause massive lags in response time to urgent network issues. Source: MooCowMoo.
     
    • Like Like x 5
    • Old Old x 1
  15. solarguy

    solarguy Active Member

    Joined:
    Mar 15, 2017
    Messages:
    267
    Likes Received:
    117
    Trophy Points:
    103
    That starts to sound like a network level AI. Interesting. It's alive...sort of.
     
    • Like Like x 1
  16. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    1,951
    Likes Received:
    142
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    Sporks done bye the network. And who initiates the network to spork? This is still centralization too.
     
  17. Jocra

    Jocra New Member

    Joined:
    Aug 5, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Is active the InstandSend? or still disable for now?
     
  18. Macrochip

    Macrochip Active Member
    Masternode Owner/Operator

    Joined:
    Feb 1, 2015
    Messages:
    113
    Likes Received:
    138
    Trophy Points:
    93
    Exactly. Evan has a background in machine learning. I wouldn't be surprised to see an open position for AI experts soon.
     
  19. Voluntary

    Voluntary Member

    Joined:
    May 14, 2016
    Messages:
    101
    Likes Received:
    36
    Trophy Points:
    78
    Dash Address:
    XivwUmSu5davqhqc3BX1j4w6dskzNFihQQ
    @camosoul Thank you for your reply - 22 days is nuts. My mn finally got paid a few hours into its twelfth day. If it makes a habit of that I'd be tempted to put it down to an 'unlucky' hash or masternode key or whatever the selection criteria is. Starting over with a new address and masternode key (and ip address etc) couldn't really hurt with delays like that.
     
  20. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,636
    Likes Received:
    1,031
    Trophy Points:
    183
    How imminent is imminent?
     
  21. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,636
    Likes Received:
    1,031
    Trophy Points:
    183
    It doesn't help to change key/address. You're just putting yourself at the back of the line.

    Sometimes shit just happens.

    The overwhelming majority hold entropy to ~half day worth of blocks.

    I've got one hanging on to 13 days right now... But, two others popped at 6 days... Should be ~7.5.

    If you have only 1 or 2 nodes the aberrations stand out to the limited sample proportion. When you look at the entire stack, it's stable.

    Go to dash ninja and sort the whole stack by payment.
     
    • Agree Agree x 1
    • Informative Informative x 1
  22. younglegend

    younglegend New Member

    Joined:
    Jan 1, 2017
    Messages:
    26
    Likes Received:
    4
    Trophy Points:
    3
    What is their wallet address? I'd like to thank them for discovering it.

    "We’d like to thank two community members, Matthew Robertson and Alexander Block for helping to discover this exploit"
     
    • Like Like x 2
    • Agree Agree x 1
  23. Voluntary

    Voluntary Member

    Joined:
    May 14, 2016
    Messages:
    101
    Likes Received:
    36
    Trophy Points:
    78
    Dash Address:
    XivwUmSu5davqhqc3BX1j4w6dskzNFihQQ
    Is there an obvious fix for this InstantSend exploit or will it require more work than that?
     
  24. solarguy

    solarguy Active Member

    Joined:
    Mar 15, 2017
    Messages:
    267
    Likes Received:
    117
    Trophy Points:
    103
    I believe the core team said they already have a solution, but rather than send it out as a patch, they're going to send it out with the next normal revision. Couple weeks I think...
     
    • Like Like x 3
  25. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,636
    Likes Received:
    1,031
    Trophy Points:
    183
    OP:
    reeding iz gud
     
    #25 camosoul, Sep 8, 2017
    Last edited: Sep 10, 2017
  26. TroyDASH

    TroyDASH Well-known Member

    Joined:
    Jul 31, 2015
    Messages:
    888
    Likes Received:
    625
    Trophy Points:
    163
    Do we know how imminent is imminent? What is the timeline for 12.2 release?
     
  27. tungfa

    tungfa Administrator
    Dash Core Group Foundation Member Moderator

    Joined:
    Apr 9, 2014
    Messages:
    7,730
    Likes Received:
    6,091
    Trophy Points:
    1,283
    a "couple" of weeks is all i know
     
  28. Super8

    Super8 Active Member

    Joined:
    Mar 27, 2015
    Messages:
    288
    Likes Received:
    151
    Trophy Points:
    103
    Lets hope so.
     
  29. sandycat

    sandycat New Member

    Joined:
    Sep 14, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Very great work!!!

    ~~~ appnaz ~~~
     

Share This Page