Witness arhag update: Aug. 1, 2016 to Aug. 8, 2016

I continued work on the will contract / recovery feature that I started the week prior. I finished the design and made a post about it on Friday, Aug. 5, 2016 as an official proposal which you can read here. I also started the implementation of that feature, which you can find here. I would estimate that the code currently found on that GitHub branch implements about 80% of the coding efforts needed to realize the proposed will contract feature (not including any unit tests).

However, I have stopped work on the implementation of that feature and do not have any current plans to complete it because unfortunately @dan said that Steemit does not plan to adopt that proposed feature at this time due to its complexity.

On Monday evening, Aug. 8, 2016, a user with a set of accounts with names starting with supercomputing began dominating the entire mining queue. The fact that they were completely taking over the mining queue even with high difficulty was suspicious enough, but it was made even more suspicious by the fact that they were always changing their active keys shortly prior to "finding" a proof of work. This suggested to me that @supercomputing was taking advantage of some vulnerability in the mining algorithm to avoid doing the actually computationally heavy steps of finding a proof of work.

From just the information above and my existing understanding of the mining algorithm, I was able to quickly figure out the hack that @supercomputing came up with and determine a solution to fix it. I will likely later write up a separate blog post explaining this in more detail. Anyway, the solution was a fairly straightforward change to the mining algorithm, but it required a hardfork. I explained the vulnerability and the required fix in a chat message to @dan so that he could then write the code changes to fix it the next day.

H2
H3
H4
3 columns
2 columns
1 column
22 Comments