Auditing dPolls
A couple of hours ago, I have been informed that there are discrepancies on voting results between dPoll interface and the blockchain.
Before going into details, I want to thank @abh12345 for asking me the situation privately before posting the issue into the public.
The problem
dPoll uses main posts as polls, and comments as votes. Whenever you post a poll, a secret json metadata is written to the blockchain. That's the same with votes.
People may delete the comment from Steemit. This operation doesn't actually delete the comment but sends a signal that it's deleted. The comment operations still stay in the history of the blockchain, However,
get_content_repliesdoesn't return the deleted comments.People may edit the comments with alternative Steem apps. These apps may hijack the json_metadata, therefore removes the voting_data when they're used for editing.
So, if we want to verify the dPoll interface results with blockchain, we need to have lots of checks.
The solution
I have coded a verification script in Python. It's workflow is simple:
Get the dPoll results from dpoll API.
Call
get_content_replies. (Asking data to the blockchain directly.)Check each comment's json metadata to see if the dPoll vote is there. If it's not, add the missing votes into a
missing_voteslist.For each missing vote, check if the author deleted a
dpoll vote comment. If that's the case, mark the vote as correct.If the author didn't delete the comment, then check for author's account history to see any other dApp overwrites the json_metadata. If that's the case, mark the vote as correct.
After all these processes, if there are still missing votes on the blockchain, then we can say we can say we have a problem at dPoll side.
Output of the audit script
Possible discrepancies
{'Actifit': [],
'Crowdmind': [],
'Dsound': [],
'Freewritehouse': ['bennettitalia'],
'Qurator': ['p15', 'shikika'],
'Spunkeemonkee': [],
'SteemNurse': [],
'SteemitBloggers': ['steemitwitchery', 'harmonyval'],
'Team-CN': ['dolphinp',
'bullionstackers',
'sukhoi-su',
'steem4vote',
'dolphin-power8',
'vote4u',
'whalepower-guide',
'reservoir',
'the-exocet',
'seawise-giant',
'ninedragons',
'minuteman111',
'word-of-the-day',
'dolphin-power3',
'surion',
'dolphin-power6',
'dolphin-power7',
'whalepower',
'applex',
'timeblock',
'c-solstice',
'ppagoda',
'bagger293',
'globalex',
'woodside',
'tanaman',
'simpanan',
'quarantine',
'shenyang-j',
'helios',
'cairns',
'tenaga-satu',
'the-excavator',
'paul-gillbanks',
'meko200',
'solidgold',
'coonawarra',
'ballarat',
'v-1',
'balancepower',
'al-amanah',
'l00',
'prominent',
'public-advocate',
'dolphin-power9',
'worldclub',
'point-blank',
'dolphin-power10',
'mk111',
'dragon-blade',
'sky-bolt',
'storm-shadow',
'pterosaur',
'freeservice',
'author-fund',
'global-pillar',
'the-reef',
'sbd4vot',
'm85'],
'Votovzla': ['amico']}
------------------------------------------
Checking account history for comment deletions
Checking @bennettitalia
Found deleted comment by bennettitalia. (TRX id: 3beefd8b76a92d6bde77ce1ecd88a54a8a543144, block id: 29829594
Checking @p15
Found deleted comment by p15. (TRX id: a4dbc3400c3f9f5566d94027508ba3ea0aeee55b, block id: 29898356
Checking @shikika
{'parent_author': 'theycallmedan', 'parent_permlink': 'which-steem-project-should-i-delegate-10k-steempower-to-for-1-year', 'author': 'shikika', 'permlink': '200e7472-8bff-4d75-81b2-742425d008d0', 'title': '', 'body': "Voted for _Qurator_.\n\nHi,\n\nHave a good day! 😀\n\nI've been a member of Qurator a long time ago. Even though I am not active on discord, [@qurator](https://steemit.com/@qurator) never fails to support me. [@qurator](https://steemit.com/@qurator) helps me a lot grows in this platform. Hoping [@qurator](https://steemit.com/@qurator) will win coz I am pretty sure that [@qurator](https://steemit.com/@qurator) can help more and boost more quality contents.\n\nThank you and kind regards.\n[@shikika](https://steemit.com/@shikika)", 'json_metadata': '{"app":"partiko","client":"android"}'}
shikika: partiko
Found overwrite by @partiko! (TRX id: 7c4ff6eaef813754cdb9b1220a5de6a97c91a4f4, block id: 29833386
Checking @steemitwitchery
DPOLL BUG. Couldn't find any reference for @steemitwitchery
Checking @harmonyval
DPOLL BUG. Couldn't find any reference for @harmonyval
Checking @dolphinp
Found deleted comment by dolphinp. (TRX id: 1b7cae199630d636219f53aa08b19b57e8f68357, block id: 29905916
Checking @bullionstackers
Found deleted comment by bullionstackers. (TRX id: 51d892da21a316ae8fa0d73c361cd2dee7d2e574, block id: 29899419
Checking @sukhoi-su
Found deleted comment by sukhoi-su. (TRX id: 6e0380260ee763724e280d81257c18dc494e7af6, block id: 29900868
Checking @steem4vote
Found deleted comment by steem4vote. (TRX id: 247c24428e726cc0d70cd3be4e32776556dd4cc3, block id: 29900982
Checking @dolphin-power8
Found deleted comment by dolphin-power8. (TRX id: 71fffff10cedecc910f98e2aaab2becef75fb44e, block id: 29926861
Checking @vote4u
Found deleted comment by vote4u. (TRX id: 138c52301c386b0081c126f766ad961d2bb8b0db, block id: 29886008
Checking @whalepower-guide
Found deleted comment by whalepower-guide. (TRX id: d9ecde8e25ab5627354c7cee10585d1471d4c14c, block id: 29901995
Checking @reservoir
Found deleted comment by reservoir. (TRX id: 3b8513e134cca0293df1c2c0c99aa572441baecb, block id: 29902617
Checking @the-exocet
Found deleted comment by the-exocet. (TRX id: da9b640ddd1f407eb7eaddaf731e304e45a27df2, block id: 29901645
Checking @seawise-giant
Found deleted comment by seawise-giant. (TRX id: 63211eba0399a2ebd18373ced500c4772f837bb1, block id: 29906475
Checking @ninedragons
Found deleted comment by ninedragons. (TRX id: 0073519338bf68eacbe7f130e37724b745aae524, block id: 29901165
Checking @minuteman111
Found deleted comment by minuteman111. (TRX id: 2529614806644c4a448c5ad2cf9f14cfe56e7729, block id: 29901284
Checking @word-of-the-day
Found deleted comment by word-of-the-day. (TRX id: c6063c587177c56fa81f3d2e05525ac706ef2f6c, block id: 29902058
Checking @dolphin-power3
Found deleted comment by dolphin-power3. (TRX id: e1462f9491f5c278e4f4cfb7c73f19cba4edf07a, block id: 29927433
Checking @surion
Found deleted comment by surion. (TRX id: 9fe9b7c3bbbe467c5a2159d9a73f8bc2f64a4616, block id: 29902178
Checking @dolphin-power6
Found deleted comment by dolphin-power6. (TRX id: a004a8679699f4e4b12755f2a9ed8a85ea3de701, block id: 29927043
Checking @dolphin-power7
Found deleted comment by dolphin-power7. (TRX id: 49ae680ded12fcf1f45a46d31567482ffe554e98, block id: 29926941
Checking @whalepower
Found deleted comment by whalepower. (TRX id: 0200a6b234d5589d9a1f33aefb3ff328d9f23658, block id: 29901904
Checking @applex
Found deleted comment by applex. (TRX id: 34691e8906f4ecb79197d0e496729e01f0cb6e90, block id: 29902444
Checking @timeblock
Found deleted comment by timeblock. (TRX id: 119853a989b091cb6e8b815e839b2c191fd10850, block id: 29903453
Checking @c-solstice
Found deleted comment by c-solstice. (TRX id: 24323d74c062ee6e050909cef96c8c5dfa46989a, block id: 29903696
Checking @ppagoda
Found deleted comment by ppagoda. (TRX id: 1d72921004c8b82bb9de8d88d148bc62ea44a549, block id: 29905743
Checking @bagger293
Found deleted comment by bagger293. (TRX id: b7ee9e60d2505cf4228e82175883757866717082, block id: 29905817
Checking @globalex
Found deleted comment by globalex. (TRX id: c1605c45bc53db534e60cc9f43a7d4b395e10d4b, block id: 29906070
Checking @woodside
Found deleted comment by woodside. (TRX id: e55589318642df0345933e7896ed94a542a4d67d, block id: 29906322
Checking @tanaman
Found deleted comment by tanaman. (TRX id: 1365947901d8706916fffdbd936c02adc95e3c23, block id: 29908073
Checking @simpanan
Found deleted comment by simpanan. (TRX id: a663972ad741f300dd9d8be16dc73c01182a8628, block id: 29908302
Checking @quarantine
Found deleted comment by quarantine. (TRX id: adc40afe05884ce12798b426746c12b4a6b7d884, block id: 29908648
Checking @shenyang-j
Found deleted comment by shenyang-j. (TRX id: 445d2d9ab8efe00a138b14883697a05479e34b88, block id: 29910065
Checking @helios
Found deleted comment by helios. (TRX id: 955efa87d7ec9b3a7c73204cbd3cdf2d2401f08c, block id: 29910138
Checking @cairns
Found deleted comment by cairns. (TRX id: d2f6b069f9cf21f28a201f77cf136f03820bf6be, block id: 29910265
Checking @tenaga-satu
Found deleted comment by tenaga-satu. (TRX id: a4a3c93bd52dd789ec95499d546188030fe2e616, block id: 29910341
Checking @the-excavator
Found deleted comment by the-excavator. (TRX id: 048cd932667e263b827066879cdf3d23ced519b1, block id: 29910584
Checking @paul-gillbanks
Found deleted comment by paul-gillbanks. (TRX id: 7c111ead46682fcdbce3cbd122c99e7eb11dad4a, block id: 29924367
Checking @meko200
Found deleted comment by meko200. (TRX id: e16361d4bbc088a6ebdf4d5e8e166c4ba87d9e5a, block id: 29924523
Checking @solidgold
Found deleted comment by solidgold. (TRX id: b25e48795de56f94703c25248aa5640ffb67ede7, block id: 29924725
Checking @coonawarra
Found deleted comment by coonawarra. (TRX id: 12d8864e7f079ab72f860442bc32dbb2fc889de3, block id: 29924805
Checking @ballarat
Found deleted comment by ballarat. (TRX id: f2a7ad8c3a1f9ea145e32288154ca992dba4bc1f, block id: 29924931
Checking @v-1
Found deleted comment by v-1. (TRX id: d0d1709cfc2f44b66e7bc7656298293c4a74843e, block id: 29925074
Checking @balancepower
Found deleted comment by balancepower. (TRX id: e07fe4b83f7d104fdcf31c815584e08496997abe, block id: 29925320
Checking @al-amanah
Found deleted comment by al-amanah. (TRX id: 0032be00686e3a705dc4dcda6fdbed610e016037, block id: 29925381
Checking @l00
Found deleted comment by l00. (TRX id: 2d0d1820cda125256e5197487e15ba51af3342ff, block id: 29926308
Checking @prominent
Found deleted comment by prominent. (TRX id: bf0efe6709e628c4440600fa2442ccc5255cd052, block id: 29926434
Checking @public-advocate
Found deleted comment by public-advocate. (TRX id: 6b9ed8e73adc1ea3d6062d4a0982a9948bc0032b, block id: 29926802
Checking @dolphin-power9
Found deleted comment by dolphin-power9. (TRX id: 66e44a1ff3c8f6d11c290fc49b6048950d93144d, block id: 29926996
Checking @worldclub
Found deleted comment by worldclub. (TRX id: 0f3482324d0993725173e4869b66ad4c9ef8df9d, block id: 29927192
Checking @point-blank
Found deleted comment by point-blank. (TRX id: e564db07443afef14217b77cbbe3c957cb603074, block id: 29927253
Checking @dolphin-power10
Found deleted comment by dolphin-power10. (TRX id: 7b711b4c4627734abadd3ce70da9f42ca20e0892, block id: 29927305
Checking @mk111
Found deleted comment by mk111. (TRX id: 639ee845ed61a95d873dd8cea413741b1b9b993e, block id: 29927352
Checking @dragon-blade
Found deleted comment by dragon-blade. (TRX id: cdf5349809a9dd96a48dcd2a632ba37e6c804756, block id: 29927705
Checking @sky-bolt
Found deleted comment by sky-bolt. (TRX id: 2be74def060af923417187e85da7a3ecd7966bcf, block id: 29927807
Checking @storm-shadow
Found deleted comment by storm-shadow. (TRX id: d09c71b0146af2b88bcf7cb2a46deb9ef6a55435, block id: 29927868
Checking @pterosaur
Found deleted comment by pterosaur. (TRX id: 8c73471d6b5d3b202e8440de538073184405c87b, block id: 29928034
Checking @freeservice
Found deleted comment by freeservice. (TRX id: c97df9b6144e278875ce5ffaca6faf34caa391a8, block id: 29928175
Checking @author-fund
Found deleted comment by author-fund. (TRX id: ff91678504b0d710f072a0d1fea07c4392b0312e, block id: 29928244
Checking @global-pillar
Found deleted comment by global-pillar. (TRX id: 13a71822e13c55f1a9ece92f3f878926f6147de0, block id: 29928537
Checking @the-reef
Found deleted comment by the-reef. (TRX id: c8959614c978650f7f4859c18412b98320368a34, block id: 29928710
Checking @sbd4vot
Found deleted comment by sbd4vot. (TRX id: abc0756f6dc069f878a95da81d1c1513d0f3941f, block id: 29930133
Checking @m85
Found deleted comment by m85. (TRX id: 991abfb2018ea872d18b10c2235193de5b91e5c5, block id: 29941425
Checking @amico
{'parent_author': 'theycallmedan', 'parent_permlink': 'which-steem-project-should-i-delegate-10k-steempower-to-for-1-year', 'author': 'amico', 'permlink': 'cb1f698b-e692-4849-9dec-ac8ae20b14ce', 'title': '', 'body': 'Voted for *Votovzla*.\n<center> https://media.giphy.com/media/loG8NySIuPEV5C3Hns/giphy.gif </center>\nI think that the neediest are Venezuelans: I am convinced that the 10K SP delegation can really make a **HUGE** difference for them!\n\n### Greetings, my friends!', 'json_metadata': '{"tags":["dpoll"],"community":"steempeak","app":"steemit/0.1","image":["https://media.giphy.com/media/loG8NySIuPEV5C3Hns/giphy.gif"]}'}
amico: steemit/0.1
Found overwrite by @steemit/0.1! (TRX id: f5775ea4f276c0d0561911c4826bab081168a5f6, block id: 29885498
Source code of the audit script
TL;DR
Regarding @theycallmedan's 10k SP delegation poll:
There are 2 votes registered on dPoll doesn't have a blockchain reference. (@steemitwitchery, @harmonyval to
SteemitBloggers). This looks like a bug in our end. It might be related to this, I need to check the logs and update the code to behave more defensive/transactional. This will be addressed soon.There are lots of accounts deleted their comment. (mostly clustered around
TEAM-CNchoice.) This makes verifying hard. So, if you need to verify, you should also loop through the account history of missing voters.There are users edited their comment from alternative interfaces like Partiko. Some interfaces hijack the json_metadata and overwrite their values, there. So, they remove the
votes, actually. That's why an account history loop is also required here, too.
Thank you for looking into this... I am clueless about coding and all the behind the scenes of computers and technology... and as a steemitbloggers (powerhousecreatives) member... I wanted to thank you personally for all this hard work and research you did!
Thanks for the audit work, hopefully this will be of help in future Polls.
I guess the questions will come, so I'll just come right out with it.
Do you think the vote count / votes with deleted comments should stand? Or is this something for the Poll owner, @theycallmedan to decide?
Cheers!
Hmmm...seems to me that if you delete a comment that is saying "wait, no I don't want to make that vote" Other then trying to hide shady activity there is no reason to delete you comment.
That would be my take also.
Yes. Its totally up to the @theycallmedan at that point. There is a group of accounts voted for the same choice and deleted their comments. These are valid votes in app’s context.
Account based voting has some downfalls as we can see at that poll. :)
Yeah. Fair enough, let's see what happens :)
If all those accounts with deleted comments are related in other ways, would that make it quite suspicious activity?
I dont want to speculate on that topic, for me what really matters is they are valid votes in dPoll’s context and verifiable from the blockchain.
I don't understand all this technical stuff, but I'm glad you do! lol. Thanks for checking on this and breaking it all down for us!
Goodevening Emre you audit is appreciated, Thank you for the time and effort and the explanation !
We Will See what @theycallmedan , Dan decides
Gr.
Britt
I wonder if that's because I've only made a couple of comments through this account, and still haven't done my intro post yet... oopsies... LOL!
If I can help with the bug in any way, please feel free to shout out! 😊
Looks like you have used some witchery! :)
Maybe... 😉 😊
via GIPHY
And so much for maintaining an air of mystery, when I reply from the wrong account... 😂
via GIPHY
Hahaha, I've done the same thing before with my pen name!
I have done the same thing @steemwitchery and @byn on Instagram when I've posted a cat or food photo on my work/Destination McGregor account! Lol
Yeah,, @byn and @fionasfavourites, I'd like to say this was the first time I've done this, but... 😂
Back in the early days of blogging (2004), I wrote a blog for a local newspaper's website called, "Confessions of an Internet G33k." To add to the mystique, I had (with the editor's approval) an "InternetG33k" account for commenting, as well as my "Traci York" account.
Let's just say it didn't last long before I gave up, and just blogged as myself... 😜
OMG.... hahahahah
It's you!!
I knew there was something unique about that hairstyle
Yeppers, @kaerpediem! 😊
And, unique? Why does everyone keep using that word with me?
Oh, wait.... 😂
Nice work!
Posted using Partiko Android
Thank you for taking the time and energy to look into discrepancies and share your findings. Deeply appreciated BeautyFull!
Much love from the #powerhousecreatives tribe
💯🙏💕✨🙌
Posted using Partiko Android
The diligence and dedication is admirable! Thanks for doing it in this case and for the platform in general.
I don't understand the technical side of things, but it seems like you are on top of it! Nice work!
Thank you for your dilgence to this! 🙌