Temporary disabling of InstandSend due to potential quorum exploit method

AndyDark

Well-known member
Hi everyone,

We'd like to inform you that with help from the community, we have discovered a potential exploit in the current InstantSend implementation which provides the chance for an attacker with 6 or more Masternodes to dominate an InstantSend quorum by brute forcing collateral transaction hashes in a certain way as to increase their chance to be selected for an IS quorum, which could provide the possibility to perform a double spend or a potential network fork.

We have not yet seen this attack executed on our network and we believe the risks are low because the exploit requires ownership of at least US$ 2.1 million in Dash. However, for safety we have disabled InstandSend via ["SPORK_2_INSTANTSEND_ENABLED": false] to ensure this attack cannot be performed until the fix, which is already completed & QA’d, is released to the network.

As 12.2 release is imminent, our intention is to include the fix as part of the 12.2 release process, which is estimated within the next few weeks, instead of releasing a hotfix immediately, to minimize the disruption in the coming network upgrade.

As a result, any InstandSend transactions made before 12.2 deployment will fallback to normal confirmation times, therefore users are advised to refrain from selecting InstantSend on payments in wallets until 12.2 to prevent being charged the higher fee.

We’d like to thank two community members, Matthew Robertson and Alexander Block for helping to discover this exploit. Consequently, after a post-mortem, our conclusion is that the exploit was missed internally due to the fact that we did not provide enough review of early InstantSend code, with everyone in our (much larger) team today being focused on V12 features and our forthcoming V13 Evolution release.

Therefore we have been conducting an internal security audit of earlier code which hasn’t found any further explots and we are also seeing the Dash community becoming much more active in contribution and code review, from new contributors to the recent $240,000 BugBounty program funded by the network, which we believe together will ensure that enough ongoing review is being provided to find and secure any future exploits quickly and comprehensively to ensure the Dash Network remains secure.


Thank you,


The Dash Core Team
 
Our haters are already spinning this as something bad. So amusing! Imagine any other project encountering such an issue while not having sporks. Price would plummet as they'd issue emergency patches like someone kicked a hornet's nest while the exploit could actually be used costing people their hard earned money :rolleyes:

Thank Duffield for Sporks!
 
The Dash Wallet for Android looks at Sporks to determine if InstantSend is enabled. If it is not enabled, then the app hides the InstantSend checkbox on the Send Coins screen thus not allowing InstantSend to be used. If a QR code has InstantSend requested, the app may still send the transaction with as InstantSend with higher fees.
 
Could this network feature suspension have an effect on how masternodes are selected for reward payments? I ask because I've got an established mn that reports as enabled and will shortly reach twelve days since its last reward payment.
 
Our haters are already spinning this as something bad. So amusing! Imagine any other project encountering such an issue while not having sporks. Price would plummet as they'd issue emergency patches like someone kicked a hornet's nest while the exploit could actually be used costing people their hard earned money :rolleyes:

Thank Duffield for Sporks!

You have to understand that the same way the core team can fix bugs using sporks, the same way they can also implant bugs (especially if forced by the 3 letters agency). Stop being so stupid please.:rolleyes:

The solution ? Community driven sporks, and a proof of individuality of course. The sad thing? Look how many stupid agree with the stupidity of @Macrochip. In the case of such a big concentration of stupids, NO, there is no solution! Even with community driven sporks. Even with proof of individuality. The stupids will always remain stupids, and will always rely upon the will of the smart one.

So what is the FINAL solution? EDUCATION of the community. Hard education. Even whipping sometimes. They certainly deserve it.

The good news? Both @codablock and @Matt Robertson do not belong to the greedy stupid dash generation of 2014-2016. Furthermore @codablock is the user 12000, and this number says something.
 
Last edited:
I hate to admit it, but there are a few small seeds of truth in the pile of butt gumbo demo posted... Don't throw the baby out with the bathwater.

Sporks need to be network consensus managed.

Early DASH adopters are mostly a bunch of fucktards.
 
Could this network feature suspension have an effect on how masternodes are selected for reward payments? I ask because I've got an established mn that reports as enabled and will shortly reach twelve days since its last reward payment.
I've had this happen many times prior to this sporking. I've had MNs get a payment in 4 days, and had one go 22 days... There is some entropy in the system that can lead to an occasional outlier. It averages out in the long run.

It is likely unrelated, but it would be a good idea for more MNOs to keep an eye to see if this accelerates.
 
I hope 12.2 is released (and Instant send switched back on) in time for Max Keiser's GAP show. It will be a pity if Max has to admit that one of the keys advantages of Dash compared to Bitcoin isn't working. It's just bad PR for Dash and a missed opportunity for us.

(I do realise that updates happen at their own pace, but this is just a point to try and ask Dash Core to be mindful and laser focused on a speedy outcome!)

Thanks.
 
Personally, I still most if not all crypto's still in alpha version, so as investors in alpha software, my biggest concern is to find out that there are potential bugs that could totally destroy the network. (for example non transparent blockchains, which could potential have hidden printed extra coins). Having that said, Dash evolution is aimed at the mainstream, and once it is really for mass adoption (that does not have to mean version one of evolution) the Spork feature should be completely decentralized. It's a necessity. I hope to see this feature gets to be put on the roadmap in a way that is clear as day for everyone that is going be added within a reasable time frame.

PS we should not forget that Ethereum has a similiar way of control in the hands of Vitalik
 
I'm not sure about decentralizing the sporks themselves, but I would definitely be in favor of giving the Masternodes control over who has the keys to them, so that the situation can be remedied quickly in the event that the keys are leaked to a malicious actor or if the current spork key holders are no longer willing or able to use them well.
 
Adding to what TroyDash said a vote of convince could be done by simply proposing a vote similar to the question to increase the blockchain from 1mb to 2mb for the time being
 
In Evolution sporking will be done by the network itself without human intervention. That's what's meant by "decentralizing the keys". No voting on each spork by MNOs as that would be wildly inefficient and cause massive lags in response time to urgent network issues. Source: MooCowMoo.

Sporks done bye the network. And who initiates the network to spork? This is still centralization too.
 
@camosoul Thank you for your reply - 22 days is nuts. My mn finally got paid a few hours into its twelfth day. If it makes a habit of that I'd be tempted to put it down to an 'unlucky' hash or masternode key or whatever the selection criteria is. Starting over with a new address and masternode key (and ip address etc) couldn't really hurt with delays like that.
 
Back
Top