Have you gotten a CVE number for this yet?
The only thing I disagree with in the Chia team response is that this can be monitored for - I donāt see how it can be, since all the attacker needs to do is to have multiple NFTs small enough that it would take many months to determine they are behaving this way.
Iām not feeling particularly sympathetic though, on the grounds that this is being put across as if it is some new & unforseen bug; when itās apparent that itās a possibility from even a cursory reading of the pooling protocol.
I agree, with you and the Chia team. If it hurts the attacker more than the victim, it is not an āexploitā by any recognizable meaning of the term. Plus, PPS is IMO just a terribly dumb business plan, and with endless 0% feesā¦ sorry, failure was destined.
There is no area of human interaction where any person is safe from someone willing to hurt themselves more than their target. None. Someone willing to burn themselves to burn another can and will always be able to succeed one way or another. No system can rationally prevent that without rendering that system effectively useless.
@Qwinn Well, if your purpose is to shut down a pool to kill the competition youāre not hurting yourself more than them. And PPS is not a ādumbā plan per se, it just needs fees and a sizeable reserve. We have PPS as an option apart from PPLNS on 21chia and I still think it does make sense from a business perspective even though not many miners pick PPS.
Sorry to ask, but, what do you mean when saying
Is there another option for miner to choose besides the protocol a Pool uses?
Thanks
First of all Iām calling bull on this entire excuse. Asserting there is something wrong with the blockchain / pool protocol that you did not create is a huge red flag. Iām pretty frustrated because I have defended maxiopool in this very forum because I assumed a business in Australia with a liscence and everything would avoid scams and lies due to threat of legal actions. Seems I was wrong. I hope thus situation is investigated in Australia by the appropriate authorities.
That being said its super trivial to switch pools, so Iāll just do that.
Seriously what is it these people were even trying to accomplish here?
Where is the scam?
They are stopping their service, paying farmers their due and thatās that.
Like you said yourself switching pools is easy and quick.
You could argue that itās a bit sudden, and therefor might hurt some farmers. Other than that anyone is entitled to quit their own business whenever they want.
Nothing to investigate here.
Itās more about fud than money. This smells like a fud campaign from closet Bitcoin investors.
But I donāt live in Australia so thereās nothing personally I can do about it except switch pools. Iām just pissed and hope someone someday gets to the bottom of what the angle here was
- Farmers will receive any unpaid balance above 0.01 XCH tomorrow at the usual daily payout. Pool is now paying everything out-of-pocket due to the attack.
And any amount below 0.01 XCH? There are 0 transaction fees on the network. Canāt you just pay everyone out whatever they have?
I am not a poolmember, but am curious as a member of the Chia community.
Also, the pooling protocol is written in Chialisp and is entirely optional. You could create your own pool protocol and ask people to join it. This move seems a bit oddā¦
I am curious what the true cost of the attack is. Bitcoin is always at risk of the ā51% attackā and people are justified in ignoring it due to the cost.
I liked your pool and tools. Perhaps you can come back in the future, thank you.
Yeh the web app was top notch. This entire situation is so weird. Itās like they had devs that really thought they were working for a real company planning to run a pool company for years and wrote some great stuffā¦ and their bosses tossed it all in the trash because lol that was the plan all along.
Switching to findchia then. However, it is a shame that Maxiopool has decided to quit, they seemed pretty good and pretty decent. I do not know enough about the situation with the exploit to comment on it.
On 21chia you can actually choose between PPS and PPLNS (itās an option on the web dashboard), and most of our farmers choose PPLNS.
Voodooā¦ where u go. Im in space nowā¦
Ill never forgetā¦ i won my first chia thereā¦ gb maxioā¦
Hi,
Me too.
Actually i like Farm offline and Payout notifications.
I am close to .01 XCH are my shares still contributing towards the payout at Mid-day AEST? I.e is there any point waiting until the payout before moving ?
When they could not make enough profit they closed the shop and left us high and dry.
I will self pool for a while and see if there is a better and reliable pool.
I donāt know why you bother to give any reason for your shut down here since thereās nothing in your statement that would benefit the community at all unless you explain it in detail.
Please, if you canāt disclose the exploit you found, Iām on Space pool, can you use this exploit to shut them down? This way, the chain will be more secure in the future.