Verge gets 51% attacked so hard that they steal SHIELD's code and lie about itsteemCreated with Sketch.

in #cryptocurrency6 years ago (edited)

The information below is quoted for archival purposes, showing why $XVG Verge chose to steal $XSH SHIELD's code to fix their second devastating timewarp attack.

vergeDEV @sunerok and @CC66 claim in the Verge Discord that SHIELD copied Verge's drift fix. Now, is that really the case?


Let's start at the beginning.

When Verge initially got rekt by the timewarp attack, @sunerok makes the following commit (and also shows us he cant do basic maths?):

https://github.com/vergecurrency/VERGE/commit/7294e062a61f78ffb05689b562f90985463d1179
http://archive.is/EORwA

(2 * 15 = 30 seconds, not fifteen minutes...!? Anyway...)

He seems to realise there's something wrong with his maths (or maybe not, I'm not sure), but then he increases it to this (7.5mins):

https://github.com/vergecurrency/VERGE/commit/b6c380727ebe285538b9e5ac330176d9e8983f87
http://archive.is/In3qE

Note that at this point, he has changed the timedrift value AFTER an attack on the chain. This makes wallets that update to this patch STUCK and unable to sync past the attacker's blocks, as also pointed out by @ocminer here:

https://github.com/vergecurrency/VERGE/issues/679
http://archive.is/p3l59

So this attempt at an initial "fix" basically split the network in half! So to fix this, it's time for an emergency patch, right? :

https://github.com/vergecurrency/VERGE/commit/66673a508482d2eb7ccb2d32f144863cd48b43a6
http://archive.is/Z7iCr

So he reverts nMaxClockDrift back to its original value.

Then they try some messy new stuff inside the AcceptBlock() method for a fork at block 2040000, and also make oldMaxDrift:

https://github.com/vergecurrency/VERGE/commit/a3dd53f40aaedd28bd4d0fc720f034492f7ded81
http://archive.is/3ZdAR

@sunerok also tries to shrink Verge's drift time again (though I don't know why). This is also around the time SHIELD lead developer @NullFunction writes a proper timedrift patch and commits it to the SHIELD git:

https://git.shieldx.sh/SHIELD-team/Core-Projects/SHIELD/commit/c9da6eb64f670a6e0336ceb10332b2bd94498eba

@sunerok realises that by shrinking the drift size, despite the previous commit, the network is still split. So he reverts it:

https://github.com/vergecurrency/VERGE/commit/2b6faff66ecfd8b9361aa5db14ffa5019b784f4f
http://archive.is/m3QRH

All this proves a massive headache for #Vergefam when they get timewarp attacked yet again, so @sunerok looks through the code to find out what went wrong. Then he realises 'oh damn, I couldnt figure out how to fix that wretched timedrift thing, no wonder we got rekt again...'

'Wait, maybe SHIELD fixed it? I should probably go "check" their code'

Enter the copypasta (note how it is IDENTICAL to the patch shown above by @NullFunction, but made 50 days later):

https://github.com/vergecurrency/VERGE/commit/f8ca082646f9d98f5856e341097807ba06268464
http://archive.is/TZOlU
https://git.shieldx.sh/SHIELD-team/Core-Projects/SHIELD/commit/c9da6eb64f670a6e0336ceb10332b2bd94498eba

So, can you work out who patched the drift first? Was it Verge, or was it actually SHIELD?

Bonus round?

Here's Verge lead developer @sunerok in the Verge Telegram after the first timewarp attack, and before the second:

While @sunerok was sitting around calling himself a beast (for a patch that didn't work), guys on the SHIELD team not only saw the mistake, but predicted the actual attack method almost 50 days before it happened.

https://github.com/vergecurrency/VERGE/commit/80c81aef63272231fc39c2af4b8db9f3f2e9d328


https://shieldx.sh/ - SHIELD Homepage [$XSH]
https://vergecurrency.com/ - Verge Homepage [$XVG]

Sort:  

What a horrible mistakes !!
I'm wondering if they are a human beings.

Holy shit this is a joke. Thank you for exposing them with actual evidence.

This post has received a 6.67% upvote from @aksdwi thanks to: @steemium.

wow. Happy to hold some SHIELD bags. This is pathetic

This is the most ridiculous coin to date.

This post has received a 14.29 % upvote from @voterunner thanks to: @steemium. BIG NEWS: Build your passive income with daily payouts from @voterunner! Read more about earning SBD with me. Daily. The easy way!

This post has received a 9.09% upvote from @msp-bidbot thanks to: @steemium. Delegate SP to this public bot and get paid daily: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP Don't delegate so much that you have less than 50SP left on your account.

Excellent write up, and appreciate the fact you included the code commits for us wanting to read those changes. Upvoted

Archive.is also in case anyone decided to monkey around with the history.

Coin Marketplace

STEEM 0.15
TRX 0.16
JST 0.028
BTC 67628.32
ETH 2424.36
USDT 1.00
SBD 2.35