Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Temporary disabling of InstandSend due to potential quorum exploit method

Discussion in 'Official Announcements' started by AndyDark, Aug 30, 2017.

  1. AndyDark

    AndyDark Well-known Member
    Dash Core Team

    Joined:
    Sep 10, 2014
    Messages:
    336
    Likes Received:
    658
    Trophy Points:
    163
    Hi everyone,

    We'd like to inform you that with help from the community, we have discovered a potential exploit in the current InstantSend implementation which provides the chance for an attacker with 6 or more Masternodes to dominate an InstantSend quorum by brute forcing collateral transaction hashes in a certain way as to increase their chance to be selected for an IS quorum, which could provide the possibility to perform a double spend or a potential network fork.

    We have not yet seen this attack executed on our network and we believe the risks are low because the exploit requires ownership of at least US$ 2.1 million in Dash. However, for safety we have disabled InstandSend via ["SPORK_2_INSTANTSEND_ENABLED": false] to ensure this attack cannot be performed until the fix, which is already completed & QA’d, is released to the network.

    As 12.2 release is imminent, our intention is to include the fix as part of the 12.2 release process, which is estimated within the next few weeks, instead of releasing a hotfix immediately, to minimize the disruption in the coming network upgrade.

    As a result, any InstandSend transactions made before 12.2 deployment will fallback to normal confirmation times, therefore users are advised to refrain from selecting InstantSend on payments in wallets until 12.2 to prevent being charged the higher fee.

    We’d like to thank two community members, Matthew Robertson and Alexander Block for helping to discover this exploit. Consequently, after a post-mortem, our conclusion is that the exploit was missed internally due to the fact that we did not provide enough review of early InstantSend code, with everyone in our (much larger) team today being focused on V12 features and our forthcoming V13 Evolution release.

    Therefore we have been conducting an internal security audit of earlier code which hasn’t found any further explots and we are also seeing the Dash community becoming much more active in contribution and code review, from new contributors to the recent $240,000 BugBounty program funded by the network, which we believe together will ensure that enough ongoing review is being provided to find and secure any future exploits quickly and comprehensively to ensure the Dash Network remains secure.


    Thank you,


    The Dash Core Team
     
    • Informative Informative x 18
    • Like Like x 14
    • Agree Agree x 2
  2. solarguy

    solarguy Active Member

    Joined:
    Mar 15, 2017
    Messages:
    385
    Likes Received:
    171
    Trophy Points:
    113
    Good catch.

    Excellent response.

    Carry on.
     
    • Agree Agree x 11
    • Like Like x 1
  3. Macrochip

    Macrochip Active Member
    Masternode Owner/Operator

    Joined:
    Feb 1, 2015
    Messages:
    154
    Likes Received:
    155
    Trophy Points:
    103
    Our haters are already spinning this as something bad. So amusing! Imagine any other project encountering such an issue while not having sporks. Price would plummet as they'd issue emergency patches like someone kicked a hornet's nest while the exploit could actually be used costing people their hard earned money :rolleyes:

    Thank Duffield for Sporks!
     
    • Agree Agree x 13
    • Like Like x 1
    • Dumb Dumb x 1
  4. HashEngineering

    HashEngineering Active Member

    Joined:
    May 3, 2014
    Messages:
    264
    Likes Received:
    357
    Trophy Points:
    123
    The Dash Wallet for Android looks at Sporks to determine if InstantSend is enabled. If it is not enabled, then the app hides the InstantSend checkbox on the Send Coins screen thus not allowing InstantSend to be used. If a QR code has InstantSend requested, the app may still send the transaction with as InstantSend with higher fees.
     
    • Like Like x 5
    • Winner Winner x 4
    • Useful Useful x 3
  5. Voluntary

    Voluntary Member

    Joined:
    May 14, 2016
    Messages:
    109
    Likes Received:
    37
    Trophy Points:
    78
    Dash Address:
    XivwUmSu5davqhqc3BX1j4w6dskzNFihQQ
    Could this network feature suspension have an effect on how masternodes are selected for reward payments? I ask because I've got an established mn that reports as enabled and will shortly reach twelve days since its last reward payment.
     
  6. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    2,212
    Likes Received:
    160
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    You have to understand that the same way the core team can fix bugs using sporks, the same way they can also implant bugs (especially if forced by the 3 letters agency). Stop being so stupid please.:rolleyes:

    The solution ? Community driven sporks, and a proof of individuality of course. The sad thing? Look how many stupid agree with the stupidity of @Macrochip. In the case of such a big concentration of stupids, NO, there is no solution! Even with community driven sporks. Even with proof of individuality. The stupids will always remain stupids, and will always rely upon the will of the smart one.

    So what is the FINAL solution? EDUCATION of the community. Hard education. Even whipping sometimes. They certainly deserve it.

    The good news? Both @codablock and @Matt Robertson do not belong to the greedy stupid dash generation of 2014-2016. Furthermore @codablock is the user 12000, and this number says something.
     
    #6 demo, Aug 31, 2017
    Last edited: Aug 31, 2017
    demo
    This message by demo has been hidden due to negative ratings. (Show message)
    • Trolling Trolling x 5
    • Dumb Dumb x 2
    • Friendly Friendly x 1
  7. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,771
    Likes Received:
    1,048
    Trophy Points:
    183
    I hate to admit it, but there are a few small seeds of truth in the pile of butt gumbo demo posted... Don't throw the baby out with the bathwater.

    Sporks need to be network consensus managed.

    Early DASH adopters are mostly a bunch of fucktards.
     
    • Agree Agree x 1
  8. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,771
    Likes Received:
    1,048
    Trophy Points:
    183
    I've had this happen many times prior to this sporking. I've had MNs get a payment in 4 days, and had one go 22 days... There is some entropy in the system that can lead to an occasional outlier. It averages out in the long run.

    It is likely unrelated, but it would be a good idea for more MNOs to keep an eye to see if this accelerates.
     
  9. Super8

    Super8 Active Member

    Joined:
    Mar 27, 2015
    Messages:
    297
    Likes Received:
    154
    Trophy Points:
    103
    I hope 12.2 is released (and Instant send switched back on) in time for Max Keiser's GAP show. It will be a pity if Max has to admit that one of the keys advantages of Dash compared to Bitcoin isn't working. It's just bad PR for Dash and a missed opportunity for us.

    (I do realise that updates happen at their own pace, but this is just a point to try and ask Dash Core to be mindful and laser focused on a speedy outcome!)

    Thanks.
     
    • Agree Agree x 3
  10. SimontheRavager

    SimontheRavager New Member

    Joined:
    May 16, 2017
    Messages:
    37
    Likes Received:
    14
    Trophy Points:
    8
    Uh great work ^^
     
  11. The philosofers coin

    Joined:
    Apr 23, 2017
    Messages:
    26
    Likes Received:
    4
    Trophy Points:
    3
    Personally, I still most if not all crypto's still in alpha version, so as investors in alpha software, my biggest concern is to find out that there are potential bugs that could totally destroy the network. (for example non transparent blockchains, which could potential have hidden printed extra coins). Having that said, Dash evolution is aimed at the mainstream, and once it is really for mass adoption (that does not have to mean version one of evolution) the Spork feature should be completely decentralized. It's a necessity. I hope to see this feature gets to be put on the roadmap in a way that is clear as day for everyone that is going be added within a reasable time frame.

    PS we should not forget that Ethereum has a similiar way of control in the hands of Vitalik
     
    • Agree Agree x 2
  12. TroyDASH

    TroyDASH Well-known Member
    Masternode Owner/Operator

    Joined:
    Jul 31, 2015
    Messages:
    1,001
    Likes Received:
    684
    Trophy Points:
    183
    I'm not sure about decentralizing the sporks themselves, but I would definitely be in favor of giving the Masternodes control over who has the keys to them, so that the situation can be remedied quickly in the event that the keys are leaked to a malicious actor or if the current spork key holders are no longer willing or able to use them well.
     
    • Like Like x 2
    • Useful Useful x 2
  13. The philosofers coin

    Joined:
    Apr 23, 2017
    Messages:
    26
    Likes Received:
    4
    Trophy Points:
    3
    Adding to what TroyDash said a vote of convince could be done by simply proposing a vote similar to the question to increase the blockchain from 1mb to 2mb for the time being
     
  14. Macrochip

    Macrochip Active Member
    Masternode Owner/Operator

    Joined:
    Feb 1, 2015
    Messages:
    154
    Likes Received:
    155
    Trophy Points:
    103
    In Evolution sporking will be done by the network itself without human intervention. That's what's meant by "decentralizing the keys". No voting on each spork by MNOs as that would be wildly inefficient and cause massive lags in response time to urgent network issues. Source: MooCowMoo.
     
    • Like Like x 5
    • Old Old x 1
  15. solarguy

    solarguy Active Member

    Joined:
    Mar 15, 2017
    Messages:
    385
    Likes Received:
    171
    Trophy Points:
    113
    That starts to sound like a network level AI. Interesting. It's alive...sort of.
     
    • Like Like x 1
  16. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    2,212
    Likes Received:
    160
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    Sporks done bye the network. And who initiates the network to spork? This is still centralization too.
     
  17. Jocra

    Jocra New Member

    Joined:
    Aug 5, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Is active the InstandSend? or still disable for now?
     
  18. Macrochip

    Macrochip Active Member
    Masternode Owner/Operator

    Joined:
    Feb 1, 2015
    Messages:
    154
    Likes Received:
    155
    Trophy Points:
    103
    Exactly. Evan has a background in machine learning. I wouldn't be surprised to see an open position for AI experts soon.
     
  19. Voluntary

    Voluntary Member

    Joined:
    May 14, 2016
    Messages:
    109
    Likes Received:
    37
    Trophy Points:
    78
    Dash Address:
    XivwUmSu5davqhqc3BX1j4w6dskzNFihQQ
    @camosoul Thank you for your reply - 22 days is nuts. My mn finally got paid a few hours into its twelfth day. If it makes a habit of that I'd be tempted to put it down to an 'unlucky' hash or masternode key or whatever the selection criteria is. Starting over with a new address and masternode key (and ip address etc) couldn't really hurt with delays like that.
     
  20. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,771
    Likes Received:
    1,048
    Trophy Points:
    183
    How imminent is imminent?
     
  21. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,771
    Likes Received:
    1,048
    Trophy Points:
    183
    It doesn't help to change key/address. You're just putting yourself at the back of the line.

    Sometimes shit just happens.

    The overwhelming majority hold entropy to ~half day worth of blocks.

    I've got one hanging on to 13 days right now... But, two others popped at 6 days... Should be ~7.5.

    If you have only 1 or 2 nodes the aberrations stand out to the limited sample proportion. When you look at the entire stack, it's stable.

    Go to dash ninja and sort the whole stack by payment.
     
    • Agree Agree x 1
    • Informative Informative x 1
  22. younglegend

    younglegend New Member

    Joined:
    Jan 1, 2017
    Messages:
    35
    Likes Received:
    6
    Trophy Points:
    8
    What is their wallet address? I'd like to thank them for discovering it.

    "We’d like to thank two community members, Matthew Robertson and Alexander Block for helping to discover this exploit"
     
    • Like Like x 2
    • Agree Agree x 1
  23. Voluntary

    Voluntary Member

    Joined:
    May 14, 2016
    Messages:
    109
    Likes Received:
    37
    Trophy Points:
    78
    Dash Address:
    XivwUmSu5davqhqc3BX1j4w6dskzNFihQQ
    Is there an obvious fix for this InstantSend exploit or will it require more work than that?
     
  24. solarguy

    solarguy Active Member

    Joined:
    Mar 15, 2017
    Messages:
    385
    Likes Received:
    171
    Trophy Points:
    113
    I believe the core team said they already have a solution, but rather than send it out as a patch, they're going to send it out with the next normal revision. Couple weeks I think...
     
    • Like Like x 3
  25. camosoul

    camosoul Well-known Member

    Joined:
    Sep 19, 2014
    Messages:
    1,771
    Likes Received:
    1,048
    Trophy Points:
    183
    OP:
    reeding iz gud
     
    #25 camosoul, Sep 8, 2017
    Last edited: Sep 10, 2017
  26. TroyDASH

    TroyDASH Well-known Member
    Masternode Owner/Operator

    Joined:
    Jul 31, 2015
    Messages:
    1,001
    Likes Received:
    684
    Trophy Points:
    183
    Do we know how imminent is imminent? What is the timeline for 12.2 release?
     
  27. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    7,977
    Likes Received:
    6,243
    Trophy Points:
    1,283
    a "couple" of weeks is all i know
     
  28. Super8

    Super8 Active Member

    Joined:
    Mar 27, 2015
    Messages:
    297
    Likes Received:
    154
    Trophy Points:
    103
    Lets hope so.
     
  29. sandycat

    sandycat New Member

    Joined:
    Sep 14, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Very great work!!!

    ~~~ appnaz ~~~
     
  30. dark_wanderer

    dark_wanderer Member

    Joined:
    Nov 12, 2014
    Messages:
    82
    Likes Received:
    35
    Trophy Points:
    58
    What is the status of the fix ?

    30 aug: fix completed and qa'ed (according to AndyDark)
    24 sep: work on fixing in progress (1st annual dash conference)

    anyway, when would it be safe to use InstaSend?

    Otoh owns more than 6 masternodes. So, it is not unrealistic to conduct such an attack ...
     

Share This Page