Temporary disabling of InstandSend due to potential quorum exploit method

tungfa

Administrator
Dash Core Team
Moderator
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,906
6,729
1,283
IS will be back on when 12.2 is released

otho ?
what does otho has to do with this

save to use
it is disabled so there is nothing to use
 

solarguy

Active Member
Mar 15, 2017
867
413
133
60
What is the status of the fix ?

30 aug: fix completed and qa'ed (according to AndyDark)
24 sep: work on fixing in progress (1st annual dash conference)

anyway, when would it be safe to use InstaSend?

Otoh owns more than 6 masternodes. So, it is not unrealistic to conduct such an attack ...

When they turn it on again, it will be safe to use.
 

dark_wanderer

Member
Nov 12, 2014
82
36
58
Thanks for the feedback.

Could you also please answer the following questions with yes/no?

1) Has the fix been completed and qa'ed on 30 sep 2017?
2) Is work on the fix still in progress as of 24 sep 2017?
3) Is work on the fix still in progress as of today?
 

thedesertlynx

Active Member
Sep 6, 2016
162
150
103
33
Hi @AndyDark, any update on 12.2? It's been nearly a month since this original post, and InstantSend being disabled has prevented a number of projects from continuing development. In general, it's just good to know what to tell people when they ask when they'll be able to use InstantSend again. Thanks!
 
  • Like
Reactions: TroyDASH

thedesertlynx

Active Member
Sep 6, 2016
162
150
103
33
There were 2 major fixes:
https://github.com/dashpay/dash/pull/1592
https://github.com/dashpay/dash/pull/1620
and few smaller followups/cleanups later.
Due to the nature of the vulnerability/fix we can't just apply it on the live network and we have to wait for 12.2 to activate it via soft-fork-like mechanism.
Yes, that was well understood. What I'm not entirely clear about is when the release is planned. The roadmap said September.

I realize that this is a complicated problem that I'm glad I don't have to handle, it just puts me in a difficult position when newcomers ask about when they can use InstantSend and I don't have an answer. It reflects poorly on Dash and makes it seem like things are broken and a mess, and while I know that such isn't true at all, I'd like to be able to answer that question with confidence.
 
  • Like
Reactions: stan.distortion

UdjinM6

Official Dash Dev
Dash Core Team
Moderator
May 20, 2014
3,638
3,538
1,183
Yes, that was well understood. What I'm not entirely clear about is when the release is planned. The roadmap said September.

I realize that this is a complicated problem that I'm glad I don't have to handle, it just puts me in a difficult position when newcomers ask about when they can use InstantSend and I don't have an answer. It reflects poorly on Dash and makes it seem like things are broken and a mess, and while I know that such isn't true at all, I'd like to be able to answer that question with confidence.
The roadmap was put together before IS issue was even discovered and it took a lot of time to find a proper way to fix it (initially we had another fix prepared btw). Anyway, all major tickets for 12.2 are closed now and everything (2mb blocks, lower fees, IS fix, and a whole bunch of internal fixes/backports/refactoring) seems to be working as designed. We are forking testnet right now to test migration process and to make sure that we didn't miss anything and dip0001 activation + network upgrade work well together (these were two separate events on "old" testnet). That's going to take few more days, not sure how long but at least 3 more. If no issues are found during this, then we are going to start migration at the very end of September (30th) or first days of October (more likely). Then it depends on how fast masternoders/miners are going to update so that dip0001 could lock in/activate and thus trigger other fixes. However, you should keep in mind that dip0001 lock in is going to require at least a week in any case, see https://github.com/dashpay/dips/blob/master/dip-0001.md#selection-of-parameters and _this_ is the earliest time we can turn IS back on. Considering how long it usually takes to update MNs, I'd say this day (of IS activation) is probably closer to mid of October.
 
  • Like
Reactions: Raptor73

thedesertlynx

Active Member
Sep 6, 2016
162
150
103
33
The roadmap was put together before IS issue was even discovered and it took a lot of time to find a proper way to fix it (initially we had another fix prepared btw). Anyway, all major tickets for 12.2 are closed now and everything (2mb blocks, lower fees, IS fix, and a whole bunch of internal fixes/backports/refactoring) seems to be working as designed. We are forking testnet right now to test migration process and to make sure that we didn't miss anything and dip0001 activation + network upgrade work well together (these were two separate events on "old" testnet). That's going to take few more days, not sure how long but at least 3 more. If no issues are found during this, then we are going to start migration at the very end of September (30th) or first days of October (more likely). Then it depends on how fast masternoders/miners are going to update so that dip0001 could lock in/activate and thus trigger other fixes. However, you should keep in mind that dip0001 lock in is going to require at least a week in any case, see https://github.com/dashpay/dips/blob/master/dip-0001.md#selection-of-parameters and _this_ is the earliest time we can turn IS back on. Considering how long it usually takes to update MNs, I'd say this day (of IS activation) is probably closer to mid of October.
Thanks for the detailed response, this is definitely something I can work with.

Question: in the original post, Andy mentioned the possibility of an immediate hotfix instead of waiting for 12.2. What would have been the timeline for this approach from the moment the problem was announced?
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
The roadmap was put together before IS issue was even discovered and it took a lot of time to find a proper way to fix it (initially we had another fix prepared btw). Anyway, all major tickets for 12.2 are closed now and everything (2mb blocks, lower fees, IS fix, and a whole bunch of internal fixes/backports/refactoring) seems to be working as designed. We are forking testnet right now to test migration process and to make sure that we didn't miss anything and dip0001 activation + network upgrade work well together (these were two separate events on "old" testnet). That's going to take few more days, not sure how long but at least 3 more. If no issues are found during this, then we are going to start migration at the very end of September (30th) or first days of October (more likely). Then it depends on how fast masternoders/miners are going to update so that dip0001 could lock in/activate and thus trigger other fixes. However, you should keep in mind that dip0001 lock in is going to require at least a week in any case, see https://github.com/dashpay/dips/blob/master/dip-0001.md#selection-of-parameters and _this_ is the earliest time we can turn IS back on. Considering how long it usually takes to update MNs, I'd say this day (of IS activation) is probably closer to mid of October.
And translations?
Who and when?
 

UdjinM6

Official Dash Dev
Dash Core Team
Moderator
May 20, 2014
3,638
3,538
1,183
Thanks for the detailed response, this is definitely something I can work with.

Question: in the original post, Andy mentioned the possibility of an immediate hotfix instead of waiting for 12.2. What would have been the timeline for this approach from the moment the problem was announced?
It's hard to tell. That fix would include protocol bump to get some idea of update progress which would mean that everyone would have to update and moreover, MNs would have to be restarted losing their place in the payment queue.. which is quite of a disincentive. Generally speaking, that would be just like any other major update (we would probably had to turn payment enf. off too because moving MNs in and out of the list brings some "turbulence" to network, which can result in forking). So I'd say it would take at least 2-3 weeks before things would calm down (we fixed this and it shouldn't cause that many issues for 12.2+ updates btw, well, hopefully :rolleyes:). This means that it would be mid/end of September, when we could activate IS... and then we'd have to turn it off again for 12.2 migration after a week or so and ask everyone to update once again... so it didn't make much sense to follow that path imo.

And translations?
Who and when?
I hate this part :p I'll upload new _en.ts to transifex in a few following days. This usually doesn't break anything and can be updated even later in some minor releases, so I left this part for the very end of testing.
 
  • Like
Reactions: stan.distortion

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
I hate this part :p I'll upload new _en.ts to transifex in a few following days. This usually doesn't break anything and can be updated even later in some minor releases, so I left this part for the very end of testing.
Ok, thanks.
 
  • Like
Reactions: stan.distortion

thedesertlynx

Active Member
Sep 6, 2016
162
150
103
33
It's hard to tell. That fix would include protocol bump to get some idea of update progress which would mean that everyone would have to update and moreover, MNs would have to be restarted losing their place in the payment queue.. which is quite of a disincentive. Generally speaking, that would be just like any other major update (we would probably had to turn payment enf. off too because moving MNs in and out of the list brings some "turbulence" to network, which can result in forking). So I'd say it would take at least 2-3 weeks before things would calm down (we fixed this and it shouldn't cause that many issues for 12.2+ updates btw, well, hopefully :rolleyes:). This means that it would be mid/end of September, when we could activate IS... and then we'd have to turn it off again for 12.2 migration after a week or so and ask everyone to update once again... so it didn't make much sense to follow that path imo.


I hate this part :p I'll upload new _en.ts to transifex in a few following days. This usually doesn't break anything and can be updated even later in some minor releases, so I left this part for the very end of testing.
Very good, thank you, that fully answers the whole subject. I think this excellent level of communication is just what's needed to mitigate misconceptions held by the general public. Highly anticipating the 12.2 release!
 

wal

New Member
Dec 6, 2016
33
12
8
40
>However, for safety we have disabled InstandSend via ["SPORK_2_INSTANTSEND_ENABLED": false]

Can you elaborate on that? What else on the DASH network can be enabled/disabled by the powers-to-be ?
 

UdjinM6

Official Dash Dev
Dash Core Team
Moderator
May 20, 2014
3,638
3,538
1,183
Ok, thanks.
Took me longer than I expected exactly because of the reasons why I hate it - some packages for python scripts were missing and I broke my env trying to fix it.. Anyway, en source should be more or less up to date on transifex now :)

Note/reminder to everyone translating strings:
- please keep all special symbols in place - %n and %1 etc are placeholders and MUST be kept ("Copy source string" button is your friend);
- keep number of brackets the same, make sure you have (no) "." at the end just like in the original source;
- do not translate Dash (Core), translating "dashes" is ok however;
- use "Suggestions" to follow more or less the same terminology and save your time;
- you can "borrow" translations for some strings from bitcoin https://github.com/bitcoin/bitcoin/tree/master/src/qt/locale , they are far from being accurate sometimes but can serve as a good start;
- probably smth else I can't remember right now, we'll figure it out as we progress :)

EDIT: PR created https://github.com/dashpay/dash/pull/1659
 
Last edited:

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Took me longer than I expected exactly because of the reasons why I hate it - some packages for python scripts were missing and I broke my env trying to fix it.. Anyway, en source should be more or less up to date on transifex now :)

Note/reminder to everyone translating strings:
- please keep all special symbols in place - %n and %1 etc are placeholders and MUST be kept ("Copy source string" button is your friend);
- keep number of brackets the same, make sure you have (no) "." at the end just like in the original source;
- do not translate Dash (Core), translating "dashes" is ok however;
- use "Suggestions" to follow more or less the same terminology and save your time;
- you can "borrow" translations for some strings from bitcoin https://github.com/bitcoin/bitcoin/tree/master/src/qt/locale , they are far from being accurate sometimes but can serve as a good start;
- probably smth else I can't remember right now, we'll figure it out as we progress :)

EDIT: PR created https://github.com/dashpay/dash/pull/1659
Ok, thanks.
How much we have time to get it done?

EDIT: Finnish translated. There was only 76 new strings.
 
Last edited:
  • Like
Reactions: UdjinM6