I’m seeing a bunch of double spend attempts in my logs. I guess somebody’s kicking the tires on Chia.

2021-05-05T12:54:34.574 full_node chia.full_node.full_node: WARNING  Wasn't able to add transaction with id 365622f03a8d15af93e3e82dc30d34be1bebec80f9a61f0d32a9773d16ddd13c, status 3 error: Err.DOUBLE_SPEND

You running the latest client? 1.1.4?

Yep, rebuilt from main this morning.

i read on some chinese chat group, says people try to hack the chain, they can attack the wining block to hijack the wining to their own address

Can you provide any more information shep?

what i heard is some of the big whales in china attack 8444 ports on many users, because you can see the ip address from the gui, and i did experience difficult to sync last two days, they kind of block out many ip address to sync so they get bigger chance to win the block

That is interesting, it sounds like a TCP SYN flood attack.

If this is the case then I guess relying on only port 8444 is a big issue for Chia.

at moment we dont have official pool so those 3rd party pool getting bigger, netspace grow too fast farm solo is not going anywhere …

Update to 1.1.4. The double spend is a bug. 1.1.4 should fix it.

I just spoke with some of the devs. A SYN attack like this doesn’t make sense and would hurt the whale. Transactions would slow down tremendously. How would you find enough IP addresses to actually make a meaningful attack with many many thousands of nodes? Doesn’t add up.

i’m still getting lots of “status 3 error: Err.DOUBLE_SPEND” even after upgrading to 1.1.4

from what i understand if you not synced you wont have chance wining the block also not part of the transactions

They are attacking the largest farmers not the nodes, something to do with the Chia application releasing information (IP addresses) on other users?

yeah, ip from the connection page, attack farmers stop them to sync

You can disconnect a node yourself either with GUI or CLI. And seconds later a new connection is established. If you keep doing this for a few days and collect the IP addresses you can get a list of thousands of Chia users.

In the last AMA, Bram said they were fighting fires at the moment. Maybe he meant something like this.

As long as the coin is valuable enough there will be attacks. i think it will survive but that won’t stop people from trying anyway.

What sounds like is happening here is that at some point during the filter → proof process, the users who are in contention to win the block are having their details leaked.

This then allows a shady potential block winner to SYN flood the other servers (who have proofs) so they are unable to respond as fast as they are to the nodes, which I assume result in them becoming the de-facto winner?

It sounds pretty sophisticated and extremely time-sensitive, I have no idea how this is happening, I cannot see IP addresses in the GUI. Can anyone verify what I am saying is possible with screenshots?

I just said above, I spoke with the devs, this is a dumb way to attack the network and we’d see it happening.

They aren’t attacking the network though? Just individual users?

so in theory if i use a vpn the problem goes away? ment to be for rmii

I’m locking this thread because I can tell you what’s going on:

This error is normal. It’s just someone trying to sync the blockchain with you, but they were a bit slow and someone else already gave you that data.

This theory about attacks doesn’t have enough evidence to support it and on top of that this would be lousy way to attack.