Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - logxing

Pages: [1] 2 3 4 5
1
中文(Chinese) / 【公告】DACPLAY615攻击事件报告
« on: June 21, 2016, 02:46:53 am »
首发链接:https://talk.dacplay.org/index.php?topic=12906.0

【攻击概况】
2016年6月15日,攻击者发动了首次攻击(https://blocks.dacplay.org/blocks/block?id=3630918),该攻击无中生有了2000万PLS。随后攻击者又发出了2次攻击,累计无中生有了共计1亿PLS,其中4000万PLS转账到云币卖掉并换成BTC成功提现。我们于2016年6月16日早上发现区块链上的异常交易数据,立刻确认问题并于1小时内紧急发布了受托人专用客户端,避免了损失进一步扩大。

【攻击原理】
本次攻击是利用了整数溢出原理。当发生一笔转账交易时,提取与存入要求相同。同时BTS1允许一笔交易中有多笔存入。攻击者构造了一个转账交易,提取为0.5PLS,存入为3笔,分别是92,233,720,368,547.7800 PLS,92,233,700,368,547.7800 PLS和20,000,000.0000 PLS。在纯粹的数学比较中,0.5肯定不等于92,233,720,368,547.7800 + 92,233,700,368,547.7800 + 20,000,000.0000。但是在程序运行中,由于一个整数在内存中的存储字节是有限的,当相加和超出整数的最大范围时会发生溢出,也就是程序判定两者相等。其中前两笔超大数存入实际导致该地址余额为负数,是无法进一步转账的,但第三笔2000万的存入是可以进一步转账的。这就是导致本次攻击的基本原理。

目前我们已经针对该问题发布了新版PLAY客户端,目前最新版为0.4.5版。在新版本中已经修正了该问题。请所有用户及时更新。

【问题的由来】
我们已经确认该问题来自BTS1的代码,不是PLAY的新增代码。

可以确定,至少在BTS1的早期版本中存在该问题。在BTS1的最终版本0.9.3c中,转账代码仍然没有修复该问题,但我们并不确定BTS1开发者是否通过其他方式已经修正了该问题(要修正该问题,不一定非要通过修改转账代码来进行)。PLAY作为BTS1代码的fork,我们始终关注着BTS1的进展,但我们并未见过该问题相关的issue。我们也不确定,BTS1上是否曾经发生过类似攻击。

此外,据我们的初步研究,由于BTS2采用了不同的实现方式,从原理上BTS2很可能不存在该问题。

注意,以上关于BTS的分析是我们的初步研究结论,仅作为开源社区之间的友情提示,并不能保证绝对正确性。关于BTS客户端以及区块链的情况,一切以BTS开发者的公告为准。

PLAY开发组对广大PLS持有人表示诚挚的道歉。我们将来会加强代码的审核和测试,尽最大可能避免类似问题发生。

【补救措施】
本次攻击,攻击者共成功售出4000万PLS,即市场PLS流通总量增加了4000万,该笔资金已经分布在并无过错的购买者手中,已经无法追回。因此我们将销毁储备中的4000万PLS来确保PLS的流通总量不变。攻击者剩余的攻击所得6000万PLS在新版本中已经失效,不会对流通总量有影响。

【风险提示】
值得一提的是,就在PLAY被攻击的第二天,运行于以太之上的著名合约DAO也发生了被攻击事件。DAO攻击属于智能合约攻击,与PLAY此次发生的攻击都属于直接针对区块链数据的攻击,而不同于以往常见的盗取私钥的传统黑客行为。我们深深感受到区块链产品仍处于相当早期的研发阶段,请各位参与者在充分理解风险的前提下谨慎参与。

2
目前已经确认1个bug,请大家暂停转账和交易PLS,等待新版本发布。

之后会对该问题及影响做详细描述。

3
General Discussion / Stop using the word "Chinese Community" please!
« on: November 28, 2015, 05:38:58 am »
Everyone can express his own opinion. It is not about "Chinese Community" or "most Chinese".
Stop misleading the public.
Focus on the proposal itself please.

4
DAC PLAY / [ANN]Access dacplay.org Get all the infomation about DACPLAY
« on: November 25, 2015, 06:00:38 am »

Now you can get all the infomation about DACPLAY just by dacplay.org.

Download Latest Client https://dacplay.org/

Blockchain explorer https://blocks.dacplay.org/ or http://play.bitsharesblocks.com/

Forum https://talk.dacplay.org/

wiki https://wiki.dacplay.org/

You can find all these link at the top of  https://dacplay.org/.

Now just remember only one Domain dacplay.org, you can get all the infomation about DACPLAY.

5
为方便用户集中获取信息,今后DACPLAY的全部信息都将集中于dacplay.org网站。

客户端下载访问https://dacplay.org/cn/即可看到。

区块链浏览https://blocks.dacplay.org/

论坛https://talk.dacplay.org/

wikihttps://wiki.dacplay.org/

以上链接你也可以在https://dacplay.org/的顶部找到。
现在只需要记住一个域名https://dacplay.org/,你就可以获取关于PLAY的全部信息了。

6
DAC PLAY / PLS Large Amount Trade Service
« on: November 07, 2015, 12:48:17 pm »
Now you can trade PLS at yunbi.com, but the market depth is small and there is only PLS/CNY market.

If you don't use Yunbi, or want to make a large amount trade, or want to trade PLS by BTC, you can PM me.

the format is:
TYPE:buy/sell PLS
AMOUNT:XXXXX
PRICE:XXXXXX satoshi (by PLS/BTC)

Thanks for your support.

7
Technical Support / what is the Win CLI wallet data location path?
« on: November 07, 2015, 07:14:06 am »
I checked %appdata% and "C:\Program Files\BitShares 2\bin", can not find wallet data.
Pls help. Thanks.

8
Bitshares.dacplay.org (BitShares 2.0 web wallet) Activated Referral Program Today

DACPLAY TEAM has launched a BitShares 2.0 web wallet (https://bitshares.dacplay.org) recently as an alternative to OpenLedger.  It provides fast and convenient service for users in Asia Pacific region, especially for those in mainland China.

Today bitshares.dacplay.org has activated referral program.  Pandora's box has been opened and you can start to refer new users to BitShares ecosystem and gain referral reward, as long as you have a lifetime account.

Navigate to your lifetime account's membership page to find your exclusive referral link, in the format of https://bitshares.dacplay.org?r=logxing, as shown in the screenshot below.  You can send the link to your friend, publish on your website, personal blog, twitter/facebook profile page and encourage your friends and audience to discover BitShares world.


You will become referer to those who registered with your referral link and earn at least 40% reward of their fees spent.


In order to attract quality referers, bitshares.dacplay.org as register offers an flexible plan of fee allocation as shown below.  Based on the number of lifetime upgrades from your referred users, you can earn up to 70% allocation of fees.


Let's put aside transaction fee debate for a while and see if referral program can make a difference.

ps: for those using light-weight wallet client, you are welcome to use our API server: wss://bitshares.dacplay.org:8089

Disclaimer: BitShares 2.0 system is brand new.  We are learning it everyday.  If there's any misunderstanding of how referal system work, let us know and we will correct it.

9
DACPLAY TEAM为方便国内用户方便快捷访问BitShares2.0在线钱包提供轻钱包服务,大家可以访问https://bitshares.dacplay.org/来感受BTS轻钱包的快捷方便。如果你拥有BitShares2.0系统的终身会员账号,那么现在就可以通过作为新用户的推荐人来获得返现奖励了。

你可以方便的在自己运营的网站、博客、微信公众号、朋友圈以及其他各种在线渠道,嵌入自己的引荐链接。

点击你终身会员账户的资料栏,可以看到如下图专属推荐链接:https://bitshares.dacplay.org?r=logxing。然后你可以将此链接发送给你的朋友,让他们在浏览器中访问此链接来注册BitShares2.0新账户。(使用https://bitshares.dacplay.org/r/logxing也可以)


新用户注册之后,你就会成为该账户的推荐人,可以获取新用户交易手续费至少40%的返现奖励,赶快行动吧。


为促进引荐高质量的用户,bitshares.dacplay.org作为注册人,提供以下进阶分配计划,根据新用户被你推荐进入系统后升级终身会员的数量,你作为推荐人最高可获得70%的手续费分配。


立即发挥自己的市场推广潜能,在推动BitShares2.0系统的同时,也一起成长吧。

另外,对于使用轻钱包客户端的用户,可以设置轻钱包API服务器为:wss://bitshares.dacplay.org:8089。该服务器位于国内,速度很快,欢迎使用。

10
Technical Support / how to merge two wallet?
« on: October 20, 2015, 11:15:30 am »
I have account1 in wallet1 and account2 in wallet2.
It is complicated to check balance of 2 account.

how to merge two wallet? thanks.

11
When i browse CNY or BTC market, I do nothing but watching screen. Then the order list at left side and the chart change to USD market automatically. But the text is still "CNY" or "BTC".

12
中文(Chinese) / DACPLAY team 提供BTS2 API服务器,速度超快!
« on: October 16, 2015, 03:27:00 pm »
DACPLAY team 为BTS2提供API服务器
wss://bitshares.dacplay.org:8089
服务器位于中国大陆,速度超快,欢迎使用。

14
Same as test5 win wallet :(

15
DAC PLAY / DACPLAY 0.3.0 Bug Feedback
« on: August 25, 2015, 03:05:54 am »
DAC PLAY 0.3.0 -- Lucky Boy

Changes:

Release of important new feature of Red Packet.
Fix crash issue of red packet in protocol part
Fix Windows BUILD issue.
Web GUI Update for red packet.
No need to replay the blockchain.

https://github.com/dacsunlimited/dac_play/releases/tag/pls%2F0.3.0

Pages: [1] 2 3 4 5