Come-from-Beyond



Offline



Activity: 2128

Merit: 1009



Newbie







LegendaryActivity: 2128Merit: 1009Newbie Nxt source code flaw reports January 03, 2014, 12:26:48 PM

Last edit: March 22, 2014, 05:44:45 PM by Come-from-Beyond #1



The code contains 3 flaws - serious, critical and fatal. The 1st person who reports these flaws will get 1'000, 10'000 or 100'000 NXT reward accordingly.



Each flaw has a small description. Here r SHA256 hashes of these descriptions:



bd34c891e9e3df9ea8b8eafc4dc3edc129f81365d42bf204ea58271e320f3ce5 - 1K reward

888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530 - 10K reward

f5236644f4306699bb0fa90a905afe2454683c0aad6995e4433d712e2fdb257c - 100K reward



The flaws must be reported before the 3rd of April, after that date they can be revealed at any moment.



If u think that u found a flaw, post here its description. Mathematical proof is not necessary, common sense should be enough. If ur guess is correct u may * get the reward, if u find a non-injected flaw then u'll be asked for more formal proof (u may get a reward too).



NB: Some guys mentioned that they would just decompile 0.4.7e binaries and compare the source codes to find the flaws. As a countermeasure against such the trick u still must explain why there is a flaw.



-------------

* - BCNext reserves the right to refuse to pay a reward without any explanation. This is an anti-troll countermeasure. Nxt source code has been released - https://bitcointalk.org/index.php?topic=345619.msg4287127#msg4287127 The code contains 3 flaws - serious, critical and fatal. The 1st person who reports these flaws will get 1'000, 10'000 or 100'000 NXT reward accordingly.Each flaw has a small description. Here r SHA256 hashes of these descriptions:The flaws must be reported before the 3rd of April, after that date they can be revealed at any moment.If u think that u found a flaw, post here its description. Mathematical proof is not necessary, common sense should be enough. If ur guess is correct u mayget the reward, if u find a non-injected flaw then u'll be asked for more formal proof (u may get a reward too).NB: Some guys mentioned that they would just decompile 0.4.7e binaries and compare the source codes to find the flaws. As a countermeasure against such the trick u still must explain why there is a flaw.-------------- BCNext reserves the right to refuse to pay a reward without any explanation. This is an anti-troll countermeasure.

Boxxl



Offline



Activity: 800

Merit: 502









Hero MemberActivity: 800Merit: 502 Re: Nxt source code flaw reports January 03, 2014, 12:41:56 PM

Last edit: January 03, 2014, 02:48:53 PM by Boxxl #7

--------------------------------------------------------

Code: new URL("http://" + address); --------------------------------------------------------

Code: new URL("http://" + announcedAddress); --------------------------------------------------------

Code: URL url = new URL("http://" + announcedAddress + ((new URL("http://" + announcedAddress)).getPort() < 0 ? ":7874" : "") + "/nxt"); --------------------------------------------------------



This should be https:// in the future..



My address:

17665579946762640918 The http:// is not a real secure address:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------This should be https:// in the future..My address:17665579946762640918 No Signature right now...

lonesoul



Offline



Activity: 308

Merit: 250







Sr. MemberActivity: 308Merit: 250 Re: Nxt source code flaw reports January 03, 2014, 12:55:57 PM #13 Quote from: luckygenough56 on January 03, 2014, 12:45:51 PM

another polemic to bring the prices down ?



how do you mean?



the code was released with the flaws so that people can see what they are working with, the flaws were added by the developer.



the flaws are in place to stop people immediately cloning the code and releasing their own version.



people will need to wait to see if all the flaws have been found before confirmation that the source is in fact in its fully working condition again.





When i first read about the code release i was a little dubious but I personally think its a great way to get the source out there for review, also gain extra interest from people because of the rewards but also the subtle way they now have multiple coders looking over their code and getting to understand it.



im assuming they aren't expecting clones to appear over night but im sure the developer realises if his code is a cut above the current code behind most of the other coins, that it will eventually take off and more "NXTLiteCoin" versions will emerge.





all in all i think its a cracking play on NXT's side and will actually help the prices rather than hurt them.



At least thats how i saw it ;-) I could have completely the wrong end of the stick - I just wish i had even the smallest understanding of the code itself so i could take part lol.

how do you mean?the code was released with the flaws so that people can see what they are working with, the flaws were added by the developer.the flaws are in place to stop people immediately cloning the code and releasing their own version.people will need to wait to see if all the flaws have been found before confirmation that the source is in fact in its fully working condition again.When i first read about the code release i was a little dubious but I personally think its a great way to get the source out there for review, also gain extra interest from people because of the rewards but also the subtle way they now have multiple coders looking over their code and getting to understand it.im assuming they aren't expecting clones to appear over night but im sure the developer realises if his code is a cut above the current code behind most of the other coins, that it will eventually take off and more "NXTLiteCoin" versions will emerge.all in all i think its a cracking play on NXT's side and will actually help the prices rather than hurt them.At least thats how i saw it ;-) I could have completely the wrong end of the stick - I just wish i had even the smallest understanding of the code itself so i could take part lol. Please click this link-> https://mcxnow.com/?r=Stuartnorth (The link is a referral link, it costs you nothing, but provides a little bonus for me if you click through to the site. Please help feed my baby. Thanks :-) )

nastybit



Offline



Activity: 42

Merit: 0







NewbieActivity: 42Merit: 0 Re: Nxt source code flaw reports January 03, 2014, 12:59:07 PM #15 Quote from: lonesoul on January 03, 2014, 12:55:57 PM Quote from: luckygenough56 on January 03, 2014, 12:45:51 PM

another polemic to bring the prices down ?



how do you mean?



the code was released with the flaws so that people can see what they are working with, the flaws were added by the developer.



the flaws are in place to stop people immediately cloning the code and releasing their own version.



people will need to wait to see if all the flaws have been found before confirmation that the source is in fact in its fully working condition again.





When i first read about the code release i was a little dubious but I personally think its a great way to get the source out there for review, also gain extra interest from people because of the rewards but also the subtle way they now have multiple coders looking over their code and getting to understand it.



im assuming they aren't expecting clones to appear over night but im sure the developer realises if his code is a cut above the current code behind most of the other coins, that it will eventually take off and more "NXTLiteCoin" versions will emerge.





all in all i think its a cracking play on NXT's side and will actually help the prices rather than hurt them.



At least thats how i saw it ;-) I could have completely the wrong end of the stick - I just wish i had even the smallest understanding of the code itself so i could take part lol.



how do you mean?the code was released with the flaws so that people can see what they are working with, the flaws were added by the developer.the flaws are in place to stop people immediately cloning the code and releasing their own version.people will need to wait to see if all the flaws have been found before confirmation that the source is in fact in its fully working condition again.When i first read about the code release i was a little dubious but I personally think its a great way to get the source out there for review, also gain extra interest from people because of the rewards but also the subtle way they now have multiple coders looking over their code and getting to understand it.im assuming they aren't expecting clones to appear over night but im sure the developer realises if his code is a cut above the current code behind most of the other coins, that it will eventually take off and more "NXTLiteCoin" versions will emerge.all in all i think its a cracking play on NXT's side and will actually help the prices rather than hurt them.At least thats how i saw it ;-) I could have completely the wrong end of the stick - I just wish i had even the smallest understanding of the code itself so i could take part lol.

The problem with releasing a fake is that you can find something really wrong and they can say "good, we already fix this / we already changed it" etc. it cannot be verified as it's not the real complete source code, kinda useless tbh The problem with releasing a fake is that you can find something really wrong and they can say "good, we already fix this / we already changed it" etc. it cannot be verified as it's not the real complete source code, kinda useless tbh