You are viewing a single comment's thread from:

RE: More Info About How @supercomputing Was Dominating The Mining Queue

in #steem8 years ago (edited)

she can simply recover the public key (which is needed to put into the PoW operation) with the same method used in step 6

because a transaction contains only a PoW operation requires no signature (which is another hole in the old algo which got fixed in new algo)

Good point.

That means the implementation of the exploit was actually easier than I thought because it didn't require messing around the libsecp256k1 function implementations. The existing APIs could have been used to get the active public key, and that's most likely what was used by @supercomputing.

8 years ago in #steem by
$0.00
    Reply 1
    Sort:  
  • Trending
    • [-]
     8 years ago 

    I don't know if @supercomputing was doing so with API call. But here is the code I used to compete with @supercomputing, you can see, only need one line to get the public key:

    //construct pow operation
          chain::pow_operation op;
          op.block_id = block_id;
          op.worker_account = miner;
          op.nonce = start + thread_num;
          op.props = _miner_prop_vote;

// some code omitted here to find a working sig from local db

               op.work.signature = sig;
               op.work.work = work;
               op.work.input = op.work_input();
               //calculate worker
               op.work.worker = fc::ecc::public_key( sig, op.work.input, false );

// construct transaction
...

    Coin Marketplace

    STEEM 0.16
    TRX 0.16
    JST 0.030
    BTC 59608.09
    ETH 2475.05
    USDT 1.00
    SBD 2.46