by marksamman on 2/17/17, 10:05 PM with 134 comments
by josu on 2/17/17, 10:50 PM
EDIT: u/aftbit also posted this on the thread: "They even cited the ability to detect hacks like this as a key advantage over Zcash. [1]"
by fpgaminer on 2/17/17, 11:57 PM
Meanwhile, centralized systems like credit cards are stolen en masse, identity theft abounds, anybody can file your taxes with the IRS and collect your refund, and an ACH can be initiated against your bank account using all the information helpfully printed on every check you hand to strangers... and no one bats an eye?
I don't get it.
by wmf on 2/17/17, 10:24 PM
But seriously, I'm not sure which is worse: Watching your stolen money move around the blockchain knowing you are helpless to do anything about it, or being provably unable to even tell the difference between "real" and "counterfeit" coins.
by arez on 2/17/17, 10:37 PM
by ianmiers on 2/18/17, 2:01 AM
(Just to be clear, this is about Zcoin, not Zcash/Zerocash. The two are completely different)
The fix is here. https://github.com/zcoinofficial/zcoin/commit/33796c839f7d4d... What happened?
First, some stylized facts about ZCoin:
0) ZCoin is a fork of Bitcoin that uses a 4 year old academic research library, libzerocoin, to make anonymous payments using the Zerocoin protocol.
1) Unlike Zcash/Zerocash, the Zerocoin protocol has only fixed value coins.
2) To get multiple denominations, you have completely separate instances of the anonymous currency that just happen to live on the same blockchain as the other denominations.
3) Zerocoin has its own bitcoin like non anonymous base currency. Call it basecoin.
4) You spend basecoins to get zerocoins.
5) When you spend zerocoins, you get basecoins.
6) ZQ_WILLIAMSON and ZQ_PEDERSEN are denominations, worth 100 and 50 respectively, defined in libzerocoin.
So what went wrong?
When you convert a zerocoin into 100 basecoin, the ZCoin code forked from bitcoin checked if the coin was a valid instance of ZQ_PEDERSEN (worth 50 ) not ZQ_WILLIAMSON (worth 100). So you paid 50 for the zcoin,got it into the instance for ZQ_PEDERSEN, but got back 100. Free money.
Why did this happen? Well, it looks like in order to support the multiple denominations libzerocoin offers, the ZCoin developers wrote some code for one denomination and then duplicated it for each remaining denomination. There are five in total, ZQ_LOVELACE=1,ZQ_GOLDWASSER=10, ZQ_RACKOFF = 25, ZQ_PEDERSEN = 50,ZQ_WILLIAMSON = 100.
But on the last one, ZQ_PEDERSEN was not changed to ZQ_WILLIAMSON in a few places. This caused the bug.
Caveat: I have nothing to do with ZCoin. However, I am an author of the zerocoin protocol, libzerocoin, the zerocash protocol, and am involved with Zcash.
by desdiv on 2/17/17, 10:48 PM
I took a glance at their Github bug tracker and couldn't find any references to this bug.
[0] https://github.com/zcoinofficial/zcoin/issues?q=is%3Aissue+i...
by ng12 on 2/17/17, 10:46 PM
Really wonder what this was.
by Cyph0n on 2/17/17, 11:31 PM
by hueving on 2/17/17, 10:25 PM
Does this imply this company has the power to stop all trading on the currency? If so, why would anyone ever want to use this?
by Entalpi on 2/18/17, 6:45 AM
by koolba on 2/17/17, 10:50 PM
by aftbit on 2/17/17, 10:30 PM