Jump to content
rippleJason

Could this be Ripple's bug?

Recommended Posts

It turns out you can set regular key to be the same account as yours.

Steps to forever lockup your account

1. AddressA set AddressB as regular key

2. AddressA sets disable master

3. AddressA sets AddressA as regular key

So now AdressA's master key is disabled since step2 and its' regular key is also itself which has been disabled.

I guess during the implementation of this function, there is no mechanism to check the address's account flag should not be set in order to be valid for regular key's role.

For me, it's really difficult to understand, why would it be allowed to set the same wallet address to be your regular key? What would be the logical explanation for this?

 

Share this post


Link to post
Share on other sites
49 minutes ago, rippleJason said:

It turns out you can set regular key to be the same account as yours.

Steps to forever lockup your account

1. AddressA set AddressB as regular key

2. AddressA sets disable master

3. AddressA sets AddressA as regular key

So now AdressA's master key is disabled since step2 and its' regular key is also itself which has been disabled.

I guess during the implementation of this function, there is no mechanism to check the address's account flag should not be set in order to be valid for regular key's role.

For me, it's really difficult to understand, why would it be allowed to set the same wallet address to be your regular key? What would be the logical explanation for this?

 

This is how you provably "black hole" a wallet. 

I think it was @ripplerm that did this back in the day while working on a market making effort. Who ever it was needed to peg an IOU's value to something... so they out a billion dollars worth of buy orders for the $1, then to prove they would not cancel the orders and steal l, they black holed the address/wallet.

I think this is it, but there is a very long thread from around the same time about this which is a great read. 

https://forum.ripple.com/viewtopic.php?t=9474&p=62156

Share this post


Link to post
Share on other sites
22 minutes ago, KarmaCoverage said:

This is how you provably "black hole" a wallet. 

I think it was @ripplerm that did this back in the day while working on a market making effort. Who ever it was needed to peg an IOU's value to something... so they out a billion dollars worth of buy orders for the $1, then to prove they would not cancel the orders and steal l, they black holed the address/wallet.

I think this is it, but there is a very long thread from around the same time about this which is a great read. 

https://forum.ripple.com/viewtopic.php?t=9474&p=62156

I think this is quite different from what I want to say. People can try to set regular key to any other address and then disable their account's masterkey then set regular key again to their original account. 

That account will be forever lost, since there is no way you can unset that disable master flag while the master key is disabled, which brings to me this question, there is maybe no mechanism in ripple to check which address is valid for being a regular key to your address.

Share this post


Link to post
Share on other sites
4 hours ago, rippleJason said:

I think this is quite different from what I want to say. People can try to set regular key to any other address and then disable their account's masterkey then set regular key again to their original account. 

That account will be forever lost, since there is no way you can unset that disable master flag while the master key is disabled, which brings to me this question, there is maybe no mechanism in ripple to check which address is valid for being a regular key to your address.

As @KarmaCoverage already told you it is infact one of the two ways of creating not-anymore-controlled accounts. There are smart ways of using it as a feature, so I don't know if it is a "bug" because it's actually doing what the user requested, but maybe it's a "not nice feature" because users can get tricked. But setting regular key and disabling master are advanced features, so I believe who is using them knows how to deal with it.

Edited by tulo

Share this post


Link to post
Share on other sites
1 hour ago, nikb said:

I believe this to be a bug. It should NOT be allowed and the C++ team at Ripple will be creating a PR that proposes an amendment to prevent this from happening in the future.  

So is there then a proper way to blackhole an account?  Is such a thing desirable?

(I think yes,   maybe...    :) )

 

Share this post


Link to post
Share on other sites
17 hours ago, rippleJason said:

It turns out you can set regular key to be the same account as yours.

Steps to forever lockup your account

1. AddressA set AddressB as regular key

2. AddressA sets disable master

3. AddressA sets AddressA as regular key

So now AdressA's master key is disabled since step2 and its' regular key is also itself which has been disabled.

I guess during the implementation of this function, there is no mechanism to check the address's account flag should not be set in order to be valid for regular key's role.

For me, it's really difficult to understand, why would it be allowed to set the same wallet address to be your regular key? What would be the logical explanation for this?

 

Thanks rippleJason for bringing this under the attention of us all and especially Ripple. Great work Nikb for fixing the problem. Awesome community is this

Share this post


Link to post
Share on other sites
1 hour ago, Picard said:

Great work Nikb for fixing the problem.

I’m in awe of the Ripple devs,   but to be pedantic and clear..  it isn’t fixed yet...  Nik says they will get on it...  it’s not a done deal as yet.  

But yeah...   Nik and Co are great and do good work.

Share this post


Link to post
Share on other sites

When somebody issue a digital asset, it is useful to disable the master key of the issuing address und set the regular key to a black hole address. So nobody can change the amount of the issued asset or freeze the token. That means the issued asset is without counterparty risk.
 

Share this post


Link to post
Share on other sites
10 hours ago, nikb said:

I believe this to be a bug. It should NOT be allowed and the C++ team at Ripple will be creating a PR that proposes an amendment to prevent this from happening in the future.  

Thank you @nikb for clarification, still the question remains, after bug fixing what will happen to the users who fell for this bug? 

Share this post


Link to post
Share on other sites
On 2/28/2019 at 12:36 AM, rippleJason said:

Thank you @nikb for clarification, still the question remains, after bug fixing what will happen to the users who fell for this bug? 

Good thread.

I am the Japanese cryptocurrency freak, and I was having trouble finding exactly the same bug last week about this issue reported by rippleJason. I think that there should be a confirmation dialog in the method of creating a black hole wallet, and I think that an error in the corresponding procedure is a kind of failure or a deficiency of the system.I have a friend who has lost control of one million XRP wallets in the parallel universe, and I hope that Ripple will do the following on this matter:

1. Add an exception to the process of trying to write the own address at SetRegularKey, and add a new error code similar to tecNO_ALTERNATIVE_KEY.

2. Create an account management ticket recovery procedure for the owner of the wallet that has lost authority by taking the corresponding black hole bug.

3. Announce this as much as possible. (If you don't want it to be considered intentional or procrastination)

For 1, it is logical to allow duplication of public keys, and even if it is allowed, it is even more strange for the disable_master flag to go on without asking the user. (It may seem like a childish mistake or trap in the composition of authority due to the failure of the development team)

As for (2), the property of my acquaintance is actually frozen and the person is confused. When I saw the Internet, a few similar problems have been posted to the forum from around 2017, practically dozens So it's no wonder you're awake enough.

As for 3, I'm glad to find that the ripple SE has reacted to this thread and that the logic circuit isn't rotten.

Thank you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...