Jump to content
rippleJason

Could this be Ripple's bug?

Recommended Posts

On 2/26/2019 at 5:07 AM, rippleJason said:

It turns out you can set regular key to be the same account as yours.

Steps to forever lockup your account

1. AddressA set AddressB as regular key

2. AddressA sets disable master

3. AddressA sets AddressA as regular key

So now AdressA's master key is disabled since step2 and its' regular key is also itself which has been disabled.

I guess during the implementation of this function, there is no mechanism to check the address's account flag should not be set in order to be valid for regular key's role.

For me, it's really difficult to understand, why would it be allowed to set the same wallet address to be your regular key? What would be the logical explanation for this?

 

I am going to prevent "step 3" from happening in my fork of ripple-client-desktop.

https://github.com/r0bertz/ripple-client-desktop

Share this post


Link to post
Share on other sites
On 2/27/2019 at 12:03 PM, nikb said:

I believe this to be a bug. It should NOT be allowed and the C++ team at Ripple will be creating a PR that proposes an amendment to prevent this from happening in the future.  

Dear nikb.

I am Japanese xrp freak.

Since last week I was investigating this issue, and I have been investigating Japanese wallet logs where it is not possible to sent the 1.4 million XRP wallet.

There is one thing I understood.

Authority is lost in  the little another process of known way.

1. Set address for regular key.

2. disable_master flag.[setflag:4]

3. Log in with the regular key.

4. Overwrite the regular key on public-address.

1FB82E46-8E76-4609-944E-30E167763F9B.thumb.jpeg.297fb91be16464546f852387b4ac138c.jpeg

 

This bug is serious because it is caused by multiple misunderstandings of users who do not understand.

This report has been formally sent to Ripple.

I am happy that you are an understanding of productdesign with true foolproof.

In Japan, there are many people with don't read reference of  XRP ledger, so many people think that it is a hack.

Whether my friend and Mr ripplejason, I think it's merciless to simply consider it a user responsibility.

I believe in the good will of the dear Ripple team.

Share this post


Link to post
Share on other sites
Posted (edited)
On 3/28/2019 at 12:15 PM, r0bertz said:

@UmebaraY 1.4 Million XRP got blackholed?

yaya,this asset is currently unretrievable due to a bug.

A man bought 2 million XRP from an acquaintance in a relative deal, and at the same time, he made a mistake using the ripplem wallet.

This guy first looked for something he could understand on Twitter without knowing what happened.

Edited by UmebaraY

Share this post


Link to post
Share on other sites

@r0bertz 

Thank you for responding to my clumsy English.

I don't know what your role is on this issue, but I'm glad if you can take this for a moment when you have time.

You are not responsible for working on this in a hurry, but I'm glad you feel sorry for him.

I'm an amateur hacker and I've invested for xrp to 2013 Q3, but I've found some people afflicted with these problems and feel a li'l sad.

If Ripple does not consider and reply to this issue, I feel that I will know the essential reasons that Mr.Jed McCaleb quit early. Σ(-᷅_-᷄๑)<omg

Product specifications and bugs, and that you have to give this rudimentary topic in the world of smart contracts. Even Google had a slogan...(๑╹ω╹๑ )

Share this post


Link to post
Share on other sites
Posted (edited)

I am just a hacker. Not affiliated with Ripple the company in any way.

Maybe they are just busy. But fortunately rippled is open source software.

In fact, I found someone already sent a pull request https://github.com/ripple/rippled/pull/2873

It looks like this amendment is going to unlock those accounts too.

Edited by r0bertz

Share this post


Link to post
Share on other sites

It is surprising that no one can solve such a simple problem!
The bug actually exists, and the developers do not really think that this needs repair.
Ripple is β test stage.

Share this post


Link to post
Share on other sites
4 hours ago, UmebaraY said:

It is surprising that no one can solve such a simple problem!
The bug actually exists, and the developers do not really think that this needs repair.
Ripple is β test stage.

🙄

A PR for this issue has already been merged. When the 1.3.0 release is ready and ships, it will be up to the validator operators to decide how to handle this issue by voting for or against the amendment that is gating the changes in that PR.

The message for the commit says:

Disallow using the master key as the regular key:

The XRP Ledger allows an account to authorize a secondary key pair, called a regular key pair, to sign future transactions, while keeping the master key pair offline. The regular key pair can be changed as often as desired, without requiring other changes on the account. If merged, this commit corrects a minor technical flaw which would allow an account holder to specify the master key as the account's new regular key. The change is controlled by the `fixMasterKeyAsRegularKey` amendment which, if enabled, will:

1. Prevent specifying an account's master key as the account's regular key.

2. Prevent the "Disable Master Key" flag from incorrectly affecting regular keys.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...