create account

SMT hard fork testing report #4 : Found an exploit, crashed the testnet by howo

View this thread on: hive.blogpeakd.comecency.com
smt · @howo · (edited)
$53.76
SMT hard fork testing report #4 : Found an exploit, crashed the testnet
<center>![image.png](https://cdn.steemitimages.com/DQmYTZUjtKtFvoSGBanjsDZzBmbEy63M1PndHkhqjsvjqH3/image.png)</center>

Hey ! 

This last week was mostly spent polishing my script to create as many smts as I could. And while I was doing that, I noticed that there was more and more timeouts in the testnet, until it completely crashed. 

<center> Success ! I found another chain breaking bug :D </center>

Here's how the logs from @drakos 's testnet node looked like :

```
    database.cpp:2989 apply_block
3515352ms db_with.hpp:125               ~pending_transaction ] Postponed 59239 pending transactions. 393 were applied.
3515426ms witness_plugin.cpp:343        block_production_loo ] Generated block #1 with timestamp 1970-01-01T00:00:00 at time 2019-12-22T20:58:33
```

At some point the chain crashed so hard that his witness re-generated a first block haha

## The exploit 

So here's what happened : there are some automated actions on every block, and there's a limit of how many you can put on a single block. And since I was creating 10 smts per block with 10 emissions (which is an automated action). At some point the maximum of automated actions per block would be reached, and the chain would be in a weird state where it can't find the automated action it needs to proceed, since it is assuming that the automated action would have been executed but it didn't since the block was full. 

An analogy would be as if you tried to make pasta, you take the pot, want to put water but postpone it, then, expecting water that isn't there (since you postponed it). You put it on the stove. Something is not going to go right 

Anyways, this exploit took a few days of spamming the tesnet. This is an extreme case, nobody will create that many smts at that rate in the real world. 

Basically by my calculations it took about 57 600 smts creation with emission to crash the testnet. Which would cost a ton for an attacker to exploit (smt have a cost of 1 sbd currently, but might very well be 10 or 100 sbd)

## Real world threat

But this is where this attack can be done for much cheaper and much quicker, the problematic part is the emission, not the creation of smt. FYI, you cannot add an emission more than once per block per smt. 

If it took me two days with 10 emission per block, it means that if I create 10 smts and emit 10 times per block, without creating more smts, the chain will crash all the same. But with a much lower cost. 

But wait there is more !  What if I create 100 smts and then emit 100 times per block ?  then the two days is now 5 hours. You get the idea. 

And emission is just one of the automated actions, there are probably ways to do this even faster/cheaper.

Good thing we caught this one in the testing phase :) 

As always you can see the code that I use for my test cases here : https://github.com/drov0/hf23-testing/

# Please consider voting my proposal and steempress as witness

The reason I'm able to do this work and allocate time to it is thanks to the funds from the sps, but I am not too far from not getting funding again, please consider voting on it or unvoting the return proposal : https://steemproposals.com/proposal/50

And finally I am also doing this as part of the witness @steempress if you like what I'm doing please consider voting on it as well. Every bit counts ! It will take you but a few minutes but will greatly help me test the network and the more we test the more steemit and the witnesses will feel confident enough to launch on the main net
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 227 others
👎  , , , ,
properties (23)
authorhowo
permlinksmt-hard-fork-testing-report-4-found-an-exploit-crashed-the-testnet
categorysmt
json_metadata{"tags":["hf","testing","report","sps"],"users":["drakos","steempress"],"image":["https://cdn.steemitimages.com/DQmYTZUjtKtFvoSGBanjsDZzBmbEy63M1PndHkhqjsvjqH3/image.png"],"links":["https://github.com/drov0/hf23-testing/","https://steemproposals.com/proposal/50"],"app":"steemit/0.2","format":"markdown"}
created2019-12-29 10:43:30
last_update2019-12-29 10:44:12
depth0
children14
last_payout2020-01-05 10:43:30
cashout_time1969-12-31 23:59:59
total_payout_value29.691 HBD
curator_payout_value24.068 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length3,523
author_reputation517,888,970,351,911
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd0
post_id93,831,799
net_rshares184,099,449,136,632
author_curate_reward""
vote details (296)
@arcange · 
Congratulations @howo!
Your post was mentioned in the [Steem Hit Parade](/hit-parade/@arcange/daily-hit-parade-20191229) in the following category:

* Pending payout - Ranked 3 with $ 57,2
properties (22)
authorarcange
permlinkre-smt-hard-fork-testing-report-4-found-an-exploit-crashed-the-testnet-20191229t170343000z
categorysmt
json_metadata""
created2019-12-30 16:04:57
last_update2019-12-30 16:04:57
depth1
children0
last_payout2020-01-06 16:04:57
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length189
author_reputation1,148,349,221,690,653
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,870,156
net_rshares0
@crokkon · (edited)
$0.12
properties (23)
authorcrokkon
permlinkcrokkon-re-howo-smt-hard-fork-testing-report-4-found-an-exploit-crashed-the-testnet-20191229t141450077z
categorysmt
json_metadata"{"app": ""}"
created2019-12-29 14:14:51
last_update2022-09-17 20:17:12
depth1
children1
last_payout2020-01-05 14:14:51
cashout_time1969-12-31 23:59:59
total_payout_value0.059 HBD
curator_payout_value0.058 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1
author_reputation81,214,366,861,104
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,836,745
net_rshares669,625,625,567
author_curate_reward""
vote details (3)
@howo · 
On the whole blockchain you can only create 10 new smts per block. As for the other limits they are the usual limit, for instance you can only comment once every 3 seconds etc.
properties (22)
authorhowo
permlinkq3a5ow
categorysmt
json_metadata{"app":"steemit/0.1"}
created2019-12-29 15:29:27
last_update2019-12-29 15:29:27
depth2
children0
last_payout2020-01-05 15:29:27
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length176
author_reputation517,888,970,351,911
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,838,681
net_rshares0
@gangstalking · 
On STEEM, EOS or BITSHARES? have crypto? Human Trafficking Included. This is on VOICE as well. The developers are helping terrorists human traffic. WARNING

Self proclaimed community watchdogs are actually hacking and stalking people.

This group https://steemit.com/@steemspeak is ran by https://steemit.com/@fyrstikken. They are hacking people that enter this discord server https://discordapp.com/invite/sqxV63P . Once you are hacked they profile you long enough to know all of your activities. They introduce workplace gangstalking visits and bring it to your attention cleverly and discretely so only you get it. They are very covert and tricky with everything they say and do in this server. Some claim to have worked for or are working with the FBI and the NSA. Mixed with decommissioned traders and coding criminals, Its a scary mix of creepy people and their intent is to drive you crazy and deplete everything you have ever acquired in life, even your freedom.

My hacking started with them introducing ransomware that has options, dump my coin or delete my system drive. They acknowledged this to me in the server as it happened. I've been following this group since before it was on discord. I joined when it was on teamspeak.

This hacking and stalking is done so they can manipulate the target to pump and dump for them. Threatening and Making victims wear head phones, so nobody in your household can hear thier dramatization towards you. In 2017 this server was side marked as a drama show for entertainment purposes only as an excuse to say whatever they want all the way down to killing a politician. They have a server side command called "hey asshole" making a prompt come up instructing everyone to wear headphones. They want everyone wearing headphones so nobody in your vicinity can hear them mess with you. Fystikken says its because of "mic feedback" but once your a target you get exactly why they make everyone wear headphones.

With headphones on they subliminally direct victims with very low suggestive whispers mixed into their radio shows music. Combine this with them being able to manipulate their own individual outputs sound volume, which they control on the server side, they can pick what individual people hear at any given time. They decide who you hear on the server and change the volume controls for them. They can make some really low or off for those trying to investigate. They control who hears what and know who is who.

This team will find absolutely everything they can about you prior to using their suggestive and threatening program. They Introduce pictures that mean something only to the target, inducing paranoia while they watch and listen thru all of your circumvented devices. They are very aware of what makes you tick. They know your work schedule and use it for work stalking along side of this. I received multiple threatening letters to my work and home addressed to my screen name from this group.

Fyrstikken tells people they are drafted like they did with Facebook at the beginning. He says Facebook was started by forced labor and V2K controlled slaves, just like he creates with his gang for steem and crypto. "Get to work bitch" he tells people once circumvented and intimidated.

Human trafficking is worse than drugs. Steemit censors important content that will expose them. Look at steemit.com/@gangstalking
👍  
properties (23)
authorgangstalking
permlinkq3bv75
categorysmt
json_metadata{"links":["https://steemit.com/@steemspeak","https://steemit.com/@fyrstikken","https://discordapp.com/invite/sqxV63P"],"app":"steemit/0.1"}
created2019-12-30 13:37:54
last_update2019-12-30 13:37:54
depth1
children0
last_payout2020-01-06 13:37:54
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length3,381
author_reputation-67,597,107,868,724
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,866,172
net_rshares1,074,938,781
author_curate_reward""
vote details (1)
@jarvie · 
Nicely done.
👍  
properties (23)
authorjarvie
permlinkre-howo-q3a6if
categorysmt
json_metadata{"tags":["smt"],"app":"steempeak/2.2.6"}
created2019-12-29 15:47:03
last_update2019-12-29 15:47:03
depth1
children0
last_payout2020-01-05 15:47:03
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length12
author_reputation388,515,652,617,149
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,839,156
net_rshares102,046,409,372
author_curate_reward""
vote details (1)
@mattsanthonyit · 
Wow. Great work

Posted using [Partiko Android](https://partiko.app/referral/mattsanthonyit)
properties (22)
authormattsanthonyit
permlinkmattsanthonyit-re-howo-smt-hard-fork-testing-report-4-found-an-exploit-crashed-the-testnet-20191229t110138901z
categorysmt
json_metadata{"app":"partiko","client":"android"}
created2019-12-29 11:01:39
last_update2019-12-29 11:01:39
depth1
children0
last_payout2020-01-05 11:01:39
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length92
author_reputation1,646,699,394,189,705
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,832,151
net_rshares0
@midlet ·
$0.04
NIce! One less post HF disaster :)
👍  ,
properties (23)
authormidlet
permlinkq3a8ze
categorysmt
json_metadata{"app":"steemit/0.2"}
created2019-12-29 16:40:27
last_update2019-12-29 16:40:27
depth1
children0
last_payout2020-01-05 16:40:27
cashout_time1969-12-31 23:59:59
total_payout_value0.019 HBD
curator_payout_value0.019 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length34
author_reputation293,267,832,592,637
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,840,410
net_rshares233,349,774,947
author_curate_reward""
vote details (2)
@novacadian ·
$0.07
>... please consider voting on it or unvoting the return proposal ...

Done and witness voted having had 3 open up with retirements. Nice work with the debugging!
👍  
properties (23)
authornovacadian
permlinkq3e9no
categorysmt
json_metadata{"app":"steemit/0.2"}
created2019-12-31 20:45:24
last_update2019-12-31 20:45:24
depth1
children1
last_payout2020-01-07 20:45:24
cashout_time1969-12-31 23:59:59
total_payout_value0.033 HBD
curator_payout_value0.033 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length162
author_reputation29,044,273,826,743
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,906,629
net_rshares390,889,365,722
author_curate_reward""
vote details (1)
@howo ·
$0.02
Thanks !
👍  
👎  
properties (23)
authorhowo
permlinkq3h1qv
categorysmt
json_metadata{"app":"steemit/0.1"}
created2020-01-02 08:47:24
last_update2020-01-02 08:47:24
depth2
children0
last_payout2020-01-09 08:47:24
cashout_time1969-12-31 23:59:59
total_payout_value0.012 HBD
curator_payout_value0.012 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length8
author_reputation517,888,970,351,911
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,945,787
net_rshares150,703,105,352
author_curate_reward""
vote details (2)
@sepracore ·
$0.15
Is it your understanding that this is an easy fix for the Steemit team? Or do feel like this could take some time to sort out?
👍  
properties (23)
authorsepracore
permlinkq3ax5x
categorysmt
json_metadata{"app":"steemit/0.1"}
created2019-12-30 01:22:45
last_update2019-12-30 01:22:45
depth1
children1
last_payout2020-01-06 01:22:45
cashout_time1969-12-31 23:59:59
total_payout_value0.076 HBD
curator_payout_value0.076 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length126
author_reputation19,899,228,680,570
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,849,754
net_rshares847,834,833,631
author_curate_reward""
vote details (1)
@howo · 
Mmh I don't think it should be too hard.
properties (22)
authorhowo
permlinkq3bga7
categorysmt
json_metadata{"app":"steemit/0.2"}
created2019-12-30 08:15:48
last_update2019-12-30 08:15:48
depth2
children0
last_payout2020-01-06 08:15:48
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length40
author_reputation517,888,970,351,911
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,859,252
net_rshares0
@sidsun ·
$0.15
Now what happens next?
👍  
properties (23)
authorsidsun
permlinkq39su9
categorysmt
json_metadata{"app":"steemit/0.1"}
created2019-12-29 10:51:45
last_update2019-12-29 10:51:45
depth1
children1
last_payout2020-01-05 10:51:45
cashout_time1969-12-31 23:59:59
total_payout_value0.075 HBD
curator_payout_value0.074 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length22
author_reputation4,013,977,365,563
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,831,967
net_rshares832,756,093,087
author_curate_reward""
vote details (1)
@howo ·
$0.02
Not much, testnet will stay down for a bit until the steemit team fixes it, then they will put the testnet back up, I'll run my test script to see if I can break it again or not and if I can't (meaning it's fixed) we'll move onto other things.
👍  , ,
properties (23)
authorhowo
permlinkq39t56
categorysmt
json_metadata{"app":"steemit/0.2"}
created2019-12-29 10:58:18
last_update2019-12-29 10:58:18
depth2
children0
last_payout2020-01-05 10:58:18
cashout_time1969-12-31 23:59:59
total_payout_value0.010 HBD
curator_payout_value0.010 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length243
author_reputation517,888,970,351,911
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,832,065
net_rshares126,946,743,155
author_curate_reward""
vote details (3)
@tts · 
To listen to the audio version of this article click on the play image.
[![](https://s18.postimg.org/51o0kpijd/play200x46.png)](http://ec2-52-72-169-104.compute-1.amazonaws.com/howo__smt-hard-fork-testing-report-4-found-an-exploit-crashed-the-testnet.mp3)
Brought to you by [@tts](https://steemit.com/tts/@tts/introduction). If you find it useful please consider upvoting this reply.
👎  
properties (23)
authortts
permlinkre-smt-hard-fork-testing-report-4-found-an-exploit-crashed-the-testnet-20191229t110117
categorysmt
json_metadata""
created2019-12-29 11:01:18
last_update2019-12-29 11:01:18
depth1
children0
last_payout2020-01-05 11:01:18
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length383
author_reputation-4,535,154,553,995
root_title"SMT hard fork testing report #4 : Found an exploit, crashed the testnet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id93,832,147
net_rshares-21,739,191
author_curate_reward""
vote details (1)
Help/Feedback