Invalid checkpoint

paumiau · November 9, 2015, 12:54pm

Something strange is happening today in the ppc network.
all ppcoind calls are reporting an error

-ppcoind getbalance

error: {“code”:-2,“message”:“Safe mode: WARNING: Invalid checkpoint found! Displayed transactions may not be correct! You may need to upgrade, or notify developers of the issue.”}

caribou · November 9, 2015, 1:07pm

I also got this message this morning (EST) when I was minting:
WARNING: Invalid checkpoint found! Displayed transactions may not be correct! You may need to upgrade, or notify developers of the issue.

deusexmachina · November 9, 2015, 4:21pm

I’m also experiencing some issues. My transfer of 1026.99190006 PPC to PJMHDx5DN2sFfhS8r7pEGM2kzeENpiMijL has disappeared. Any ideas what can be done?

thehuntergames · November 9, 2015, 4:48pm

-install peerunity somewhere else and resync the blockchain.
-startup with the wallet.dat replaced or import the priv key of PJMHDx5DN2sFfhS8r7pEGM2kzeENpiMijL

For these kind of things I have several (linux) clones in virtualbox. Once in a while the blockchain get corrupt and a backup clone comes in very handy

AquaTron · November 9, 2015, 5:12pm

Installed Linux Mint on my Mini Thermaltake Q PC last night and downloaded the PeerUnity wallet and it is doing the same thang the wheel is spinning on the bottom right but dont think the block is updating at all. Eeeekkkk :’( :omg: ??? :-/ :))

…Update- Blockchain is downloading will see what it does when it is 100% downloaded

glv · November 9, 2015, 5:24pm

According to my logs, the problem started between 2015-11-09 08:30 UTC and 2015-11-09 09:00 UTC with the transaction 2d00a7349e5d281406a9e78c3af5d14dd0b3df2dedbc61c08e02e909797c6ecf.

askfor tx 2d00a7349e5d281406a9   0
sending getdata: tx 2d00a7349e5d281406a9
ERROR: ConnectInputs() : 2d00a7349e VerifySignature failed
ERROR: CTxMemPool::accept() : ConnectInputs failed 2d00a7349e

So it just looks like a transaction with an invalid signature, which should be rejected.

The strange thing is that some blocks tried to include that transaction creating chain forks:

block f3cf770a54c384ab31420096165aa36e87a554cda3edf0437d1360686e3d0385 at height 204604
block aefe494921c7f835ed8d88d1ec65ae72af133061de293464081ebb78742d399c at height 204610
block 8350ac92844dfe4d8308d06fc4ecf379a98b0657f8b6435546f620888174adcc at height 204614

And it appears that several hours later this transaction is still causing problems:

REORGANIZE
REORGANIZE: Disconnect 20 blocks; 388c5c875d1ab37ff7b9..c239f717044faa5a1628
REORGANIZE: Connect 16 blocks; 388c5c875d1ab37ff7b9..0000000000000004ab3f
ERROR: ConnectInputs() : 2d00a7349e VerifySignature failed
ERROR: Reorganize() : ConnectBlock 8350ac92844dfe4d8308 failed
InvalidChainFound: invalid block=0000000000000004ab3f  height=204629  trust=7031636846274999
InvalidChainFound:  current best=c239f717044faa5a1628  height=204633  trust=7031827283093680
ERROR: SetBestChain() : Reorganize failed
ERROR: ProcessSyncCheckpoint: SetBestChain failed for sync checkpoint 0000000000000004ab3f5f5968d116d1e488adec2c78c3cfef113eb8d76e63b

AquaTron · November 9, 2015, 5:39pm

Hmm someone trying to Hack the Peercoin blockchain and fork it? ??? Looks like the code caught it.

chemicstry · November 9, 2015, 6:04pm

I run multiple versions of ppcoind and I can confirm that older version accepts that malformed transaction without problems while newer does not.

Version of ppcoind that accepts tx: https://github.com/ppcoin/ppcoin/commit/613a559a22ba8690381e37e541854b2f36ec2c99
Version of ppcoind that does not accept tx: https://github.com/ppcoin/ppcoin/commit/5ace24f056a06e37352c0dd861be8ab195aceaf8

So the problem should be somewhere between these versions but there are only 2 commits that were introduced in between.
I don’t think that openssl update could cause this.

Totally confused.

willy · November 9, 2015, 8:15pm

Seeing this problem as well with
peerunity “version” : “v0.1.2.0-g89ca26e”,

but only on one of two machines (the other runs the same peerunity version), which is very odd.

sigmike · November 10, 2015, 1:31am

Someone crafted a signature to exploit a bug that caused the network to split. Basically there’s one side with Linux 32 bits and Windows 32 and 64 bits, and another side with Linux 64 bits. But Linux 64 bits may also be on the other side if they compiled from the source code and use OpenSSL 1.0.1k or above. The synchronized checkpoints are on the 64 bits Linux side. So if you’re on the other side you get the warning.

I wrote a quick fix in the “der_length_fix” branch in the peercoin repository. It’s not been reviewed yet so be careful. I don’t have the tools ready to build binaries.

The technical discussion is here: https://github.com/ppcoin/ppcoin/issues/100

willy · November 10, 2015, 9:43am

[quote=“willy, post:9, topic:3691”]Seeing this problem as well with
peerunity “version” : “v0.1.2.0-g89ca26e”,

but only on one of two machines (the other runs the same peerunity version), which is very odd.[/quote]

Just to add: The machine on the wrong chain has peerunity compiled from source.
Machine two, which is working on the “correct” chain, uses the official peerunity binaries.

Fuzzybear · November 10, 2015, 9:49am

I’m pretty much setup to produce Windows and Linux builds, can do MAC build but never got the signing of the MAC build sorted so if anyone can help there we can have new binaries up pretty quick.

Fuzzybear

Sent from my HTC Desire using Tapatalk 2

NewMoneyEra · November 10, 2015, 1:07pm

[quote=“sigmike, post:10, topic:3691”]Someone crafted a signature to exploit a bug that caused the network to split. Basically there’s one side with Linux 32 bits and Windows 32 and 64 bits, and another side with Linux 64 bits. But Linux 64 bits may also be on the other side if they compiled from the source code and use OpenSSL 1.0.1k or above. The synchronized checkpoints are on the 64 bits Linux side. So if you’re on the other side you get the warning.

I wrote a quick fix in the “der_length_fix” branch in the peercoin repository. It’s not been reviewed yet so be careful. I don’t have the tools ready to build binaries.

The technical discussion is here: https://github.com/ppcoin/ppcoin/issues/100[/quote]

Great Thanks to you Sigmike. Peercoin is lucky to have you

learnmore · November 10, 2015, 1:22pm

Yes, thank you sigmike!

Sunny_King · November 10, 2015, 5:49pm

Status update: sigmike has published v0.4.1 RC1 including fixes for both 32-bit nodes and for 64-bit nodes locally built with openssl 1.0.1k+ (Great job, sigmike!). We have agreed that the checkpointed blockchain fork is the supported fork. This is the blockchain fork that all linux 64 bits running official v0.4.0 builds accepted, which includes the transaction sent by the attacker, using a signature format not recognizable by v0.4.0 32 bit builds.

If you are running official linux 64-bit client, no further action is necessary. Other users should avoid sending transactions before upgrading client once the official builds become available.

Official windows build of v0.4.1 RC1 has been started. Once it is ready I will post another update.

NewMoneyEra · November 10, 2015, 8:19pm

[quote=“Sunny King, post:15, topic:3691”]Status update: sigmike has published v0.4.1 RC1 including fixes for both 32-bit nodes and for 64-bit nodes locally built with openssl 1.0.1k+ (Great job, sigmike!). We have agreed that the checkpointed blockchain fork is the supported fork. This is the blockchain fork that all linux 64 bits running official v0.4.0 builds accepted, which includes the transaction sent by the attacker, using a signature format not recognizable by v0.4.0 32 bit builds.

If you are running official linux 64-bit client, no further action is necessary. Other users should avoid sending transactions before upgrading client once the official builds become available.

Official windows build of v0.4.1 RC1 has been started. Once it is ready I will post another update.[/quote]

Thank You Sunny! You are the man. It’s a good thing to get the rare bug worked out before Peercoin has rocketed up in value.

Non-pressing question for Sigmike or Sunny:
Because Peercoin is BTC code compliant, does this mean Bitcoin is susceptible to this attack?

irritant · November 10, 2015, 9:11pm

@NME this is not a new exploit, it was discovered Tue Jul 28 14:27:18 UTC 2015 by Pieter Wuile who also patched it before disclosing the vulnerability

Bitcoin avoided the problem by making a protocol change before the bug was disclosed. We can't do that anymore so we have to make a fix.

In bitcoin, this issue was solved with BIP66. Read here for more info:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-July/009697.html
https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki

read all about it here https://github.com/ppcoin/ppcoin/issues/100

basically, it is kind of a noob attack imo, some scriptkiddy went through all the bitcoin commits/patches and tries to attack altcoins with it which haven’t patched the vulnerabilities yet

edit: maybe the question should be, are there still more known vulnerabilities like this that need to be patched?

willy · November 10, 2015, 9:15pm

I’ve sucessfully build “v0.4.1.0-g2c87899-beta” on my RPi 2.
No errors. Correct chain.

Sunny_King · November 10, 2015, 10:13pm

Update: Windows build of 0.4.1 RC1 is now available, which should allow windows node to get back to the supported blockchain fork.
http://sourceforge.net/projects/ppcoin/files/0.4.1%20RC1/ppcoin-0.4.1rc1-win32-setup.exe/download
sha256sum: c0fa41ad46ee6c27571a39e6bac4ef68d92f6e2b8c53919472ead98bc31c4bdb

Please always backup wallet before proceeding. Also note down your total balance/stake.
Uninstall version 0.4.0.
Install version 0.4.1 RC1.

jooize · November 10, 2015, 11:08pm

Is it safe for users to transact using v0.4.1 RC1 or should we wait for upgrades at exchanges before going out with such a message?