Invalid checkpoint found! about peercoin HOT 86 CLOSED

Blockchain forked here:
https://bitinfocharts.com/ppcoin/block/204617/dfc685677c3c541cab159b62895474f5c2ec686b04bae5797664ae871e123fc1

from peercoin.

Hi @kha0S, could you detail a bit more your analysis of what happened exactly?

from peercoin.

I can confirm Peercoin's blockchain was forked.

You can verify it here:

• http://bkchain.org/ppc/block/388c5c875d1ab37ff7b9329a12a415e43e38335316a5caa982fc3a373a32e93d
• https://bitinfocharts.com/ppcoin/block/204613/388c5c875d1ab37ff7b9329a12a415e43e38335316a5caa982fc3a373a32e93d

The next blocks of bkchain.org and bitinfocharts.com are on two separate blockchains. Action must be taken rapidly to prevent double spending (i.e. if BTC-E and Shapeshift are on two separate forks, everyone will be able to double their money).

from peercoin.

Hi @mably.

@Thireus has already explained. I can confirm also, that my pool (http://give-me-coins.com) has nodes on both forks. Payments have been disabled to prevent abuse.

from peercoin.

Some nodes are rejecting block 8350ac92844dfe4d8308d06fc4ecf379a98b0657f8b6435546f620888174adcc because they consider one of the included signatures is invalid. Other nodes (including the one propagating the sync checkpoints) have considered it valid. I'm not sure why this is happening.

from peercoin.

I was able to make a node accept the signature by applying this patch: 3320650

But it didn't work on some other nodes. The node where it worked has openssl > 1.0.1k. The other nodes have openssl < 1.0.1k.

from peercoin.

How severe is this? Should we make a statement calling attention to it for exchanges etc.?

from peercoin.

I've locked my pool payments. Exchanges should do the same...

from peercoin.

Looks like funds are locked on btc-e already.

from peercoin.

I dont see any actions locked on btc-e

from peercoin.

Deposits are not showing even after 6 confirmations, I've tested it.

from peercoin.

That should mean you are on a different fork thank btc-e, double spending should be possible.

from peercoin.

As reported by @glv2 and @sigmike the fork happened due to the transaction with id 2d00a7349e5d281406a9e78c3af5d14dd0b3df2dedbc61c08e02e909797c6ecf.

I tried to verify it with Coinomi's bitcoinj and it fails because this BER signature uses a 5 byte length field:
3085000000004502...

Notice that 0x850000000045 encodes the size of the signature: 0x85 > 0x7f (127 bytes) so read the next 0x85 & 0x7f == 0x05 5 bytes to get the size of the signature 0x0000000045 == 69 bytes. Usually this field would be 0x45 instead of 0x850000000045 to encode the small signature.

Now the problem is that OpenSSL has a bug where you cannot store 5 bytes in a long int on a 32bit machine and this is what caused the consensus fork.

Was this intentional? This transaction has 1 input and 1 output (this is rare), the amounts are suspiciously round (0.1 PPC input, 0.05 PPC output and 0.05PPC fee) and lastly why use 0x850000000045 vs 0x45 to encore the size of the signature?

In bitcoin, this issue was solved with BIP66. Read here for more info:

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009697.html
https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki

from peercoin.

Indeed someone certainly exploited the bug found by Pieter Wuille. The network is probably split between 64 bits Linux systems and 32 bits Linux + all Windows systems. Exchanges and other users should be warned.

from peercoin.

What about SK synchronized checkpointing? Looks like it was done on Linux 64.

from peercoin.

Probably.
But on a 64 bits system I still had to apply the patch mentioned above to make it accept the signature.
The nodes that still rejected the signature after the patch are 32 bits.

from peercoin.

Thanks! I'll try the patch
My pool payments keeps stopped from the beginning of the bug

from peercoin.

does it mean we have to sync the repo up to bitcoin core 0.10 in order to fix this? or should we just port signature bugfix into 0.5?

from peercoin.

so the linux x64 chain fork is the correct one?

from peercoin.

@randuev it's more complex than that. Bitcoin avoided the problem by making a protocol change before the bug was disclosed. We can't do that anymore so we have to make a fix.

@intel it depends on your definition of correct.

from peercoin.

@sigmike are you in touch with @sunnyking about this issue? Is he working on a fix?

from peercoin.

Would the following be an appropriate warning to post on r/Peercoin?

ATTENTION: Peercoin's blockchain has forked because of a bug. Exchanges and users should be warned to be wary of making transactions!

Information and discussion at GitHub and PeercoinTalk (also see the chatbox).

Update: Warning posted.

from peercoin.

@mably no, I sent him an email but I didn't get an answer yet.

from peercoin.

Here is the neutralized version of this transaction, just in case:

010000003b5d405601b8619c01f98c8f01aa0db29155ae61e209809c71c011da630b18743a51d99be1010000006b4830450221009802e19f86a3d348218a180599cd4488da687c250b850788b43427d277e4981002202a52418c497dd9ba9e5b97f1cb4de8b683e2ad9efe9f95f763022b23d2c5ee4e0121028a2d8bdcb6f0210fab72c19c63c513818ec19289e4002f9057555b5057dde7c5ffffffff0150c30000000000001976a9146f8dd023bbbe103c661c5c6ac8b43f46f795fba988ac00000000

from peercoin.

Just to clarify the block with the signature will be accepted as the valid chain going forward correct?
I could apply the patch now but will likely wait to see how things shake out over the next 24 hours.

Also why if the patch still needs to be applied to 64 bit nodes did the checkpointing node accept the block? Is it not running the latest stable release?

from peercoin.

I notified btc-e to lock PPC transactions. If anyone has contacts with other exchanges, please do the same.

from peercoin.

Tweeted a warning and mentioned some exchanges (@exchange). Please add others you're aware of. I have no huge amount of relevant followers on Twitter, unfortunately.

We have a list of exchanges at Peercoin.net in case someone's looking for one.

from peercoin.

I wrote a quick fix here: 4f3f5d8, in the der_length_fix branch.

from peercoin.

Commit 3320650 is also required if you have OpenSSL 1.0.1k or above. It's included in the der_length_fix branch.

from peercoin.

Thanks for the fix. However, I'm a bit confused on which chain is the correct one. Is it the one that has that transaction or the one that doesn't?

from peercoin.

@jooize I have informed BTC38 and they already suspended their deposit/withdrawal

from peercoin.

Since the sync checkpoints are following the chain that includes that transaction I wrote the fix to make everyone join this chain. So it's probably going to be the chain including the block 8350ac92844dfe4d8308d06fc4ecf379a98b0657f8b6435546f620888174adcc and the transaction with the crafted signature.

from peercoin.

@bearsylla Great!

@sigmike Is the der_length_fix branch “feature complete” for the bug?

Is there one link that can be shared for simplicity? Basically, what do we tell everybody?

from peercoin.

I guess it would probably be good to wait for @sunnyking and other developers to review the patch before deploying it everywhere.

from peercoin.

Are these the recommended actions?

1. Suspend transactions with Peercoin.
2. Evaluate #101 and await validation from other developers. Exercise caution in deploying the fix before then.

Will a Peercoin reference wallet release be made with this fix before v0.5?

from peercoin.

@sigmike and @glv2 -- Peerunity has the OpenSSL / DER signature patch already. Will there need to be any additional changes made to introduce the length fix, or is the Peerunity client already behaving as expected and dealing with the maliciously crafted transaction?

from peercoin.

@brossi we are running Peerunity and it still accepted the block with the BER signtature transaction

from peercoin.

Hello. I have contact with btc-e, how he can to fix this issue ?

from peercoin.

@jooize that looks like good recommendations yes. There will probably be a new release before 0.5.

@brossi the DER patch helps on 64 bits systems with 1.0.1k+ but it's not enough on other systems.

@BorilloB they can run peercoin from the der_length_fix. That will remove the warning but it won't solve the fork since many people will still be on the other side. They should avoid blockchain transactions for now. And be prepared to upgrade soon.

from peercoin.

What he need to do with current wallet ? backup him , update and continue to use , or just wait when ppcoin is updated and stop all wallets ?

from peercoin.

Still no news from Sunny, so I guess he will continue to follow the same chain with the sync checkpoints, so switching to the other chain seems very unlikely. No news from other devs either, so I guess there's no obvious error in my patch.

So I started a 0.4.1 version and tagged v0.4.1ppc.rc1. It's based on the v0.4.0ppc tag (the der_length_fix branch was based on the master branch before 0.5.0rc1). It should be safe to upgrade and I think most people should do it, including exchanges. Although if they don't have the "Invalid checkpoint found" warning they are probably already on the right chain and don't need to upgrade.

I don't have the tools to build binaries. Can someone do that?

Users (and exchanges) that don't get the warning are on the right chain and are probably safe to send and receive transactions. The only way these transactions would not be safe would be that Sunny King switches the sync checkpoints to the other chain. That would be irresponsible, and it may not be possible at all (I think clients would reject the checkpoints).

Users who have the warning should upgrade to v0.4.1ppc.rc1 or stop their wallet until a final release is available.

from peercoin.

what should people on the wrong chain do, will they have to resync whole blockchain from scratch?

from peercoin.

They won't have to resync the whole chain. As soon as they start with the upgraded version and they receive a sync-checkpoint they will switch to the right chain.

from peercoin.

How can i upgrade the wallet. Only with ppcoind -upgradewallet ??

from peercoin.

No, for now you must compile the new client from the source code. We're building a compiled version and it should be available soon.

from peercoin.

I compiled a binary with the der_length_fix patch for my raspberry pi (32 bits GNU/Linux) which was on the wrong fork.

When I started it, the node reorganized its blockchain and got back on the good chain:

REORGANIZE
REORGANIZE: Disconnect 64 blocks; 388c5c875d1ab37ff7b9..08170103fef721c41027
REORGANIZE: Connect 56 blocks; 388c5c875d1ab37ff7b9..000000000000000e189

Therefore it looks like that the patch is working as expected.

from peercoin.

Ok, thank you. Only for understanding. You mean backup the wallet.dat, delete the whole ppcoin-folder and then install complete (git clone https://github.com/ppcoin/ppcoin.git, etc.) ?

from peercoin.

@zimbo123 yes, but after you clone you must run "git checkout 0.4.1" before building it, to get the patches.

from peercoin.

Hm, what version i need to use ? 0.5.0 or 0.4.1 ? Early I am running 0.5.0 and how i understand he back compatibility with 0.4.1

from peercoin.

It isn't necessary delete the whole ppcoin-folder. I change the lines modified by sigmike on src/key.cpp. Recompiled & changed de binary.
Works ok. Blockchain has been updated on the good chain, accepting the block with the "wrong" signature
:)

from peercoin.

@BorilloB 0.5.0 doesn't include the patch yet, so 0.4.1. You can switch back from 0.5.0.

from peercoin.

At Bittylicious, I use peerunity because I need wallet notifications which I believe the stock ppcoin doesn't support. Do you have the authority to commit to peerunity as well?

from peercoin.

@paumiau
only Exchange the key.cpp
and then make -f makefile.unix

from peercoin.

@zimbo123 Yes that's. Maybe you will need also miniupnp package to compile

from peercoin.

@paumiau
yeeaah, great it works. Thanks a lot

from peercoin.

no, don't work, only for some minutes. :-(
After more then 2 Connections, i got the error again.

from peercoin.

@zimbo123: ¿Is your openssl updated?

from peercoin.

no, apt-get update openssl ?

from peercoin.

@BorilloB - I also used 0.5 all you have to do is pull the branch and then checkout that branch

Example:
git fetch origin pull/101/head:sslBugFix
git checkout sslBugFix

recompile and enjoy

from peercoin.

@gigatux, if you can't use ppcoin, you can try the peerunity version at https://github.com/glv2/peerunity which contains the patches (note: it also contains other stuff, like protocol 0.5, etc.).

from peercoin.

@gigatux I pushed a branch on peerunity with the fix: https://github.com/Peerunity/Peerunity/tree/der_length_fix

@glv2 Peerunity contains only one of the patches, that solves the problem on Linux 64 bits with OpenSSL 1.0.1k+. It doesn't solve the problem on Linux 32 and Windows 32 or 64. The branch I mentioned above does.

I also made a Peerunity 0.1.3 branch and a v0.1.3-RC1 tag. I don't have the tools to build Peerunity binaries.

from peercoin.

@glv2 oh sorry you mentioned your own Peerunity repo which contains the patch.

from peercoin.

@sigmike @glv2 It's best not to use Peerunity with the v0.5 changes just yet though. Not until v0.5 has been tested and released.

If there is an struggle I can help with OSX builds.

from peercoin.

@sigmike @glv2 @MatthewLM Yeah, this would be using it on live and I'd rather not. I'll just keep PPC off / hidden until a 0.4 patch has been applied to peerunity.

from peercoin.

The 0.1.3 branch of Peerunity (https://github.com/Peerunity/Peerunity/tree/0.1.3) only contains the patch to solve the fork (not the v0.5 patches).

from peercoin.

@glv2 Thanks. That seems to work - it disconnected about 75 blocks before connecting 73. I'm on block 204686 now.

from peercoin.

i upgrade my wallet to v0.5.0ppc.rc1-beta and have installed openssl 1.0.1f
But always the same error.

from peercoin.

v0.5.0ppc.rc1 doesn't include the fix. Use v0.4.1ppc.rc1.

from peercoin.

Updated recommendations (2015–11–15):

Exchanges:

1. Suspend transactions with Peercoin!
2. Upgrade to Peercoin v0.4.1ppc.rc1 at https://github.com/ppcoin/ppcoin/releases/tag/v0.4.1ppc.rc1
3. Note: v0.5.0ppc.rc1 does not include the fix.
4. Carefully resume operations.

Users:

1. Don't send or request coins!
2. Please always backup wallet (via the wallet menu, don't just copy wallet.dat) before proceeding. Also note down your total balance/stake.
3. Uninstall your wallet software.
4. Install updated wallet software. Peerunity v0.1.3 RC1 is available for all platforms. Peercoin-Qt reference wallet v0.4.1 RC1 for Windows and Linux released. OS X build is being worked on.
5. Sunny King describes how to confirm you're on the “supported” blockchain.
6. Confirm any exchange you use has upgraded before sending or withdrawing coins, and try with small amounts first! Assuming both parties have upgraded you should be safe to transact.

Please validate these instructions and let me know whether to change anything.

See also r/Peercoin thread.

Sunny King's Weekly Update #168.

from peercoin.

Windows build is available here: http://sourceforge.net/projects/ppcoin/files/0.4.1%20RC1/ppcoin-0.4.1rc1-win32-setup.exe/download

Please always backup wallet before proceeding. Also note down your total balance/stake.
Uninstall version 0.4.0.
Install version 0.4.1 RC1.

from peercoin.

@sigmike Can you publish a SHA-256 hash here as SourceForge doesn't even serve over HTTPS?

I produce this from two different locations:

$ shasum -a 256 ppcoin-0.4.1rc1-win32-setup.exe
c0fa41ad46ee6c27571a39e6bac4ef68d92f6e2b8c53919472ead98bc31c4bdb  ppcoin-0.4.1rc1-win32-setup.exe

Sunny King confirms the hash.

from peercoin.

I can confirm sha256sum: c0fa41ad46ee6c27571a39e6bac4ef68d92f6e2b8c53919472ead98bc31c4bdb

from peercoin.

Can someone merge this ASAP: super3/peercoin.net#239

from peercoin.

Sunny King confirmed sha256sum here: https://www.peercointalk.org/index.php?topic=4312.msg41209#msg41209

from peercoin.

What OpenSSL version should I use to build ppcoin or peerunity with? 1.0.1j? I seem to remember 1.0.1k or higher caused a problem with earlier versions of bitcoin. I'm not sure if it's related to this.

from peercoin.

The patch includes the fix for OpenSSL1.0.1k so any version should work.

from peercoin.

OK thanks. I just built peerunity 0.1.3 and I can confirm that it works for Linux 64-bit (Debian Jessie) with OpenSSL 1.0.1k.

from peercoin.

will this fix be merged into the latest version? Any ideas when?

from peercoin.

Peerunity v0.1.3-RC1 is available for all platforms. You can download builds here:

https://github.com/Peerunity/Peerunity/releases

from peercoin.

Hmm, I think that Peerunity RC thinks my wallet is corrupt:

Peerunity version v0.1.3.0-gd4fb03b ()
Default data directory /home/ppcoin/.ppcoin
Loading addresses...
dbenv.open LogDir=/home/ppcoin/.ppcoin/database ErrorFile=/home/ppcoin/.ppcoin/db.log
Loaded 12335 addresses
addresses 111ms
Loading block index...
Peerunity Network: genesis=0x0000000032fe677166d5 nBitsLimit=0x1d00ffff nBitsInitial=0x1c00ffff nStakeMinAge=2592000 nCoinbaseMaturity=500 nModifierInterval=21600
block index 0ms
Loading wallet...
Error reading next record from wallet database
Error loading blkindex.dat
Error loading wallet.dat: Wallet corrupted
wallet 954ms
Done loading
mapBlockIndex.size() = 0
nBestHeight = -1
setKeyPool.size() = 102
mapWallet.size() = 590
mapAddressBook.size() = 116
Peerunity: Error loading blkindex.dat
Error loading wallet.dat: Wallet corrupted

DBFlush(false)
addr.dat refcount=0
addr.dat checkpoint
addr.dat closed
blkindex.dat refcount=0
blkindex.dat checkpoint
blkindex.dat closed
wallet.dat refcount=0
wallet.dat checkpoint
wallet.dat detach
wallet.dat closed
StopNode()
DBFlush(true)
addr.dat refcount=0
addr.dat checkpoint
addr.dat closed
Peerunity exiting

I didn't get this on the link @glv2 posted regarding the 0.1.3 tree with just the fix. I'll investigate more tomorrow.

from peercoin.

I think I'm going to have to leave PPC disabled. I still get the Peerunity v0.1.3-RC1 complaining both about the wallet being corrupted and it not being able to load blkindex. This happens even when using the wallet from the original Peerunity (not the tree linked to by @glv2 ). There seems to be something quite wrong with this RC.

from peercoin.

@gigatux Have you checked if the BerkeleyDB version you compiled Peerunity v0.1.3-RC1 with is identical to the BerkeleyDB version of your previous Peerunity?
Linking to a different BDB version could explain the issues when trying to open or read the databases (wallet.dat and blkindex.dat).

from peercoin.

@glv2 Very good point. Although it's linked to the same library, when compiling it used later BerkeleyDB include headers (as I have to use a later DB for dogecoin on the same server). I've dropped it back down to the older DB headers, recompiled and the release candidate is now working just fine.

Sorry for the confusion everyone! I'll just do a brief sanity check of the commits and then make this live on Bittylicious again.

from peercoin.

The fix is not complete. A signature contains three encoded lengths, but the patch covers only one of them.

from peercoin.

New patch by sigmike: #116

from peercoin.

Another patch by sigmike: #117

from peercoin.