KnightMB wrote:It has a long answer
I have 28 e-mails with keys sent to the registration address. Of those 28, 3 people claimed to found a way, so I was every interested to hear how.
First person, they hacked their own server to make 1 million, billion, etc. but when connecting back to the Timekoin network, well it didn't work.
One person was very clever, he changed Timekoin to create transactions that were so large (like the amount was 9999999999999999999999999999999999999999) in the hopes of causing an integer overflow (similar to what happened to bitcoin a few years back) and maybe cause an exploit. The issue was that Timekoin actually can't decode transaction amounts that large because they can't fit in the field for the encrypted data.
The most recent was (last year) someone created a VPS with just one server with 128 IPs all going to the same machine. The reason was to have all the Timekoin servers connect to it and then he would rewrite the transaction history to give himself a million TK for example. The problem he ran into was it the network would just DoS his server because the rest of the network thinks those are 128 separate servers, but instead all that traffic was just funneling into one server. So he rewrote his server to just ignore everything, but by doing that all the real servers were failing the "polling" checks so they would disconnect after a few minutes. Finally he got the "I have a million now" transaction created via a non-existent Public Key address. So when all the other servers start exchanging information, they rejected that transaction because there was no way to verify the data, no history exist for the ghost Public Key. Anyway, long story, his server showed he had created the "million TK to me" transaction. So I asked him to send that "million" to me and see if it works. Well, the transaction was rejected of course and none of the honest TK servers had been fooled by it, so it was a bust for him (and the money he spent to setup at Amazon).
bucket wrote:I'll claim that second try, I thought the overflowing integer size would be a good way to attack the network but later figured out that knightmb already put some range checking in the code to prevent that, but I thought it was a good try. It worked for bitcoin after all.
Users browsing this forum: No registered users and 1 guest