CLOAK developer TheDagger "believes" to have found a vulnerability in PPC

…And claims to be fixing it.

CLOAK is a fork of PPC, though they did delete line 3 of main.cpp (// Copyright © 2011-2013 The PPCoin developers)

It looks to mostly be modifications of the how the clock drift affects valid blocks:

This is from the relaunch and there is significant code change from PPC before this commit that I have not reviewed. Most of it seems related to your usual alt mod stuff and not the security model.

Edit: It’s possible the “fix” isn’t committed yet, or I just simply didn’t find it so the above diff may have nothing to do with it.

Looking at the commit, they appear to have narrowed the maximum clock drift from 2 hours to 8 minutes (sub-block timing), and added a second check on the coin base. After the cursory glance, my initial concern would be that being that stringent with the block acceptance criteria could result in a lot of orphans, and, in young networks (or networks with low minting participation), the chance that you could totally “freeze” the network if period between blocks was at the protocol’s maximum bounds. At this point, those are just supposition.

I’ll need to find the post that SigMike wrote that addressed the max clock drift attack vector. In it, he describes why it isn’t the vulnerability that people make it out to be.

With that being said, it’s worth looking at this change to see if there is another side benefit or undiscovered vector that it closes. The commit is easy to modify to work with Peercoin’s code base, if it proves to be useful.

Ben, I think the post you are looking for is:

Ah, this is the “Time-drift attack” myth: