You are viewing a single comment's thread from:

RE: How Engine Works

in #steem6 years ago (edited)

I've contacted the developers of SM, and it seems that they do want to open-source the node and that they do have it on their roadmap after tournaments, but the node is not designed well to be able to be open-sourced. They could design it so that it works without having trusted nodes, but it isn't designed so that it can at the moment. Here's part of a comment in response to this post by Yabapmatt:

We would very much like to open source the steem monsters node software, and it will definitely happen at some point, but there are still some issues that we know of, and probably some more that we don't, that could cause multiple nodes to get out of sync / fork in certain situations.

We have limited resources and an unbelievably large list of changes and features, most of which are more important to keeping the business up and running than open sourcing the software, so we have to prioritize.

We are in the process of trying to raise funding now (something which is also quite time consuming) which should help us work on some of these items.


You also said:

I thought this would be solved by having to spend resource credits.

Because the computation itself is not done on the Steem nodes, you only have to pay in RC for the storage space that it takes up, not the computational power that it uses. All the Steem nodes are doing is storing the transactions on the blockchain, not computing them. Engine/steemsmartcontracts nodes are computing the transactions -- but they don't have the authority to charge transaction fees for computation.

Sorry if I didn't explain this well; tell me if you have any more questions.

Sort:  

No I think you explained it quite well I just don't really see the vulnerability. The client/server/node ignores invalid transactions and you can't spam invalid transactions forever because of RC costs... not to mention the stake it would require to do such a thing and the flags and reputation loss that would rain down on you for such an action.

No, but the difference is that in steemsmartcontracts you can define your own operations/contract functions, and things to do based on those functions. So you could define an function that, when you create the cooresponding operation, causes all steemsmartcontract nodes to go into an infinite loop or something similar.

Look at [this comment] for more details about how this vulnerability can be extended further as long as there are no computational fees.

the flags and reputation loss that would rain down on you for such an action.

You could use an account that has never posted -- even created through anonsteem because these transactions cost very little RC to avoid flags.

Ah nice thanks for clearing that up. My ignorance on the subject is great.

Not really, though. You understand a lot more than most people, and I just wasn’t explaining well.

Coin Marketplace

STEEM 0.17
TRX 0.16
JST 0.029
BTC 76256.16
ETH 2917.35
USDT 1.00
SBD 2.60