Has anyone come close to claiming this?

Discussion of the 1,000 Timekoin bounty competition.

Has anyone come close to claiming this?

Postby koinmaster » Tue Jan 26, 2016 8:26 am

Not that I am complaining, but anyone gotten close to claiming this? You need to do like Google and offer up millions for a bug bounty, that will bring them. :lol:
User avatar
koinmaster
 
Posts: 357
Joined: Mon Jun 18, 2012 8:07 pm

Re: Has anyone come close to claiming this?

Postby KnightMB » Tue Jan 26, 2016 3:57 pm

It has a long answer :D

I have 28 e-mails with keys sent to the registration address. Of those 28, 3 people claimed to found a way, so I was every interested to hear how.

First person, they hacked their own server to make 1 million, billion, etc. but when connecting back to the Timekoin network, well it didn't work.

One person was very clever, he changed Timekoin to create transactions that were so large (like the amount was 9999999999999999999999999999999999999999) in the hopes of causing an integer overflow (similar to what happened to bitcoin a few years back) and maybe cause an exploit. The issue was that Timekoin actually can't decode transaction amounts that large because they can't fit in the field for the encrypted data. :lol:

The most recent was (last year) someone created a VPS with just one server with 128 IPs all going to the same machine. The reason was to have all the Timekoin servers connect to it and then he would rewrite the transaction history to give himself a million TK for example. The problem he ran into was it the network would just DoS his server because the rest of the network thinks those are 128 separate servers, but instead all that traffic was just funneling into one server. So he rewrote his server to just ignore everything, but by doing that all the real servers were failing the "polling" checks so they would disconnect after a few minutes. Finally he got the "I have a million now" transaction created via a non-existent Public Key address. So when all the other servers start exchanging information, they rejected that transaction because there was no way to verify the data, no history exist for the ghost Public Key. Anyway, long story, his server showed he had created the "million TK to me" transaction. So I asked him to send that "million" to me and see if it works. Well, the transaction was rejected of course and none of the honest TK servers had been fooled by it, so it was a bust for him (and the money he spent to setup at Amazon).
User avatar
KnightMB
Site Admin
 
Posts: 1015
Joined: Thu Feb 23, 2012 6:03 pm

Re: Has anyone come close to claiming this?

Postby PoisonWolf » Tue Jan 26, 2016 4:13 pm

That's hilarious. I wonder if a cash price was offered, would people be more motivated in trying to break the network? Say like $100 USD?

KnightMB wrote:It has a long answer :D

I have 28 e-mails with keys sent to the registration address. Of those 28, 3 people claimed to found a way, so I was every interested to hear how.

First person, they hacked their own server to make 1 million, billion, etc. but when connecting back to the Timekoin network, well it didn't work.

One person was very clever, he changed Timekoin to create transactions that were so large (like the amount was 9999999999999999999999999999999999999999) in the hopes of causing an integer overflow (similar to what happened to bitcoin a few years back) and maybe cause an exploit. The issue was that Timekoin actually can't decode transaction amounts that large because they can't fit in the field for the encrypted data. :lol:

The most recent was (last year) someone created a VPS with just one server with 128 IPs all going to the same machine. The reason was to have all the Timekoin servers connect to it and then he would rewrite the transaction history to give himself a million TK for example. The problem he ran into was it the network would just DoS his server because the rest of the network thinks those are 128 separate servers, but instead all that traffic was just funneling into one server. So he rewrote his server to just ignore everything, but by doing that all the real servers were failing the "polling" checks so they would disconnect after a few minutes. Finally he got the "I have a million now" transaction created via a non-existent Public Key address. So when all the other servers start exchanging information, they rejected that transaction because there was no way to verify the data, no history exist for the ghost Public Key. Anyway, long story, his server showed he had created the "million TK to me" transaction. So I asked him to send that "million" to me and see if it works. Well, the transaction was rejected of course and none of the honest TK servers had been fooled by it, so it was a bust for him (and the money he spent to setup at Amazon).
User avatar
PoisonWolf
 
Posts: 183
Joined: Fri Apr 12, 2013 10:39 am

Re: Has anyone come close to claiming this?

Postby KnightMB » Tue Jan 26, 2016 5:03 pm

It should be down at the bottom of here: http://timekoin.org/index.php?option=co ... &Itemid=61

Says we will pay in check, cash, digital currency of choice, even "other" payment system provided it was legal. ;)
User avatar
KnightMB
Site Admin
 
Posts: 1015
Joined: Thu Feb 23, 2012 6:03 pm

Re: Has anyone come close to claiming this?

Postby bucket » Wed Jan 27, 2016 8:53 pm

I'll claim that second try, I thought the overflowing integer size would be a good way to attack the network but later figured out that knightmb already put some range checking in the code to prevent that, but I thought it was a good try. It worked for bitcoin after all. :lol:
User avatar
bucket
 
Posts: 32
Joined: Thu May 16, 2013 8:30 pm

Re: Has anyone come close to claiming this?

Postby PoisonWolf » Wed Jan 27, 2016 8:54 pm

bucket wrote:I'll claim that second try, I thought the overflowing integer size would be a good way to attack the network but later figured out that knightmb already put some range checking in the code to prevent that, but I thought it was a good try. It worked for bitcoin after all. :lol:


Stick around and keep trying to break it! :D
User avatar
PoisonWolf
 
Posts: 183
Joined: Fri Apr 12, 2013 10:39 am

Re: Has anyone come close to claiming this?

Postby Smarty » Wed Jan 27, 2016 11:17 pm

I always wondered if anyone did, well back when it was 1 million anyway. I guess the million was too much for most people is that why it was reduced to 1,000? :lol:
User avatar
Smarty
 
Posts: 43
Joined: Mon Aug 19, 2013 5:40 pm

Re: Has anyone come close to claiming this?

Postby koinmaster » Fri Jan 29, 2016 12:30 am

I thought or was certain there had no been any recent hacks for timekoin, but I thought I read somewhere that someone had broken it, maybe it was just someone running off on a forum somewhere, but glad to hear things are still rock solid.
User avatar
koinmaster
 
Posts: 357
Joined: Mon Jun 18, 2012 8:07 pm


Return to 1K Timekoin Bounty

Who is online

Users browsing this forum: No registered users and 1 guest

cron