Where to download a Synced V2 DB from?

I had to reinstall and stated with the latest version but its using a V2 sqllite db file. Can someone point me to where I can download a copy for a full node instead of waiting days for the sync to complete. My farmer is just running at 100% CPU trying to catch up. TIA!

I would strongly recommend not downloading a db from anyone unless you trust them 100%

Just wait the few days, not worth the risk

Is there a way to migrate a V1 database to V2? I still have it.

I don’t trust (for sure not 100%) any of the peers my node connects to, especially those coming from Russia. So, what should I do??? (just a rhetorical question)

You know that I have a lot of respect for you, and this is not an attack on you, but rather a big difference in opinions. You helped countless people (me included), and your posts are always balanced.

Please, name one potential vector of attack that such download may use. (Of course, downloading a corrupted / not usable db is a nuisance, but not really a threat as some other people would like to frame it.)

For me, the main problem with slow sync is a bad code in full node process, and for more than a year Chia has done zilch to get it improved (basically nothing got improved by switching to v2). It looks to me that this problem is not directly affecting the state of the network (thus Chia business side) plus it would require to rewrite a lot of code; therefore, it is really low on the list of priorities for Chia. As long as they don’t take an action and improve it, I really don’t think that we should be considering some purity tests like what is best from decentralization point of view, but rather help each other to get up to speed faster. Rather, I would like to see more pressure from other members to push Chia to get it done faster.

As you mentioned, you can run “chia db upgrade” and that will convert your v1 db to v2. If you do this offline, it will take about 30 mins (if you have a good CPU/NVMe).

If you search this forum, you can find few sources that were used for download, and so far, there was no one post that would suggest any problems with those (I think).

  1. chiadownload.net/ This is provided by @chiameh and I know it means not much, but I can vouch for him
  2. sweetchia.com Provided by SweetChia pool. I would assume that if they intended to screw people over, it would be much more effective for them to just shave off a bit of earnings from their pool members. This would also not require any additional resources, where by providing db for downloads, they need to cover both storage and bitrate costs.

With trust 100% I mean your buddy that is also farming Chia who you have known since high school.

No worries mate, same goes to you.

Honestly, I’m just repeating thing I see for instance Chia devs say. (they even even ban DB downloads from fro instance reddit).

I’m not a coder myself, so I can’t really comment on anything about good or bad code. My experience is that it takes 2-4 days to sync, so really not a big issue unless you are making coins every day :sweat_smile:

I think the main reason people warn not to download db is because it is an easy trap to set. “you need a DB? just click here”.

1 Like

Thank you! I agree there must be something up with the code when it requires 100% of your CPU for days. I only have a couple Chia to loose at this point if there was a malicious issue with the DB but I would be more concerned with having to download executable code.

Yes run .\chia db upgrade

Just to let you know that I have had machines that took 4 days to sync from scratch, for testing other versions.

Not really. Depending on your CPU, the low end ones more or less saturate all cores (as the code that crunches blocks is really slow). The high end CPUs choke just one core (dispatching process), and the other cores are just hanging around waiting for something to do. Also, having db on a fast NVMe helps.

There are no malicious issues with db at all. A potential problem could be if all of the sudden most of the people would download a poisoned db, thus rewriting the history. Feasibility of that is zilch.

Trust, but verify :slight_smile: Any time you see such statement, ask when improvements are coming, ask what threats they can name. They are devs, aren’t they :slight_smile: This is just FUD running rampant, and so far no one named one threat (I think).

My plotter takes around 30 hours to sync (or at least 1 month ago that was the case), doesn’t matter v1 or v2.

So far, I didn’t have to download such db for myself, as I was lucky enough to start keeping backups before it was corrupted for the first time. So, I would really advise everyone to keep backups, but if shit happens, just go for the well know downloads. Also, if someone will download, and it works fine, I would suggest to write a note about it, as that validates such places.

So, that has two different issues. If the link doesn’t really provide db, but links to a malware, sure one is screwed (this basically implies that no browser should be used on a node). The second is that db is not an active code, so really cannot do much to start any attacks. The only problem is if most of the network would switch to one poisoned db.

On the other hand, the RPC code is basically an open door to get your mnemonics, regardless whether you keep your setup protected by password or not. This means that any downloaded script can have basically a handful (less than 5) of lines to get your mnemonics, and start screwing with the wallet. (I think that you have also noticed the overwhelming response you got from Chia about how secure are plots if mnemonics are leaked.) All the nonsense about securing your mnemonics somewhere, adding password protection are just distraction, as long as that RPC code is not tightened up. If you ask me, this is the biggest fuckup with chia and possibly not that much exploited yet as XCH is borderless worthless for now.

Although, glad that we are all good!!!

2 Likes

I’m working on a Python script that will allow anyone with their own copy of a v2 database to be able to verify the integrity of a download, such as the one provided by me or SweetChia. Hopefully any concerned parties will regularly audit database downloads they are suspicious of.

The fears about a database download site serving malware is a bit unfounded. That could be any website on the internet, nothing special here. The sqlite file is cross-platform file full of data. It is not executable. The only potential attacks any of us can even fathom right now, is giving a copy of a database with an altered chain.

As far as any of us plebs know, (and I don’t think Chia Network has specifically mentioned any actual exploitation vectors), the only attack here would be to serve a download with an alternate chain. But, if one person downloads this database, the software (p2p network) should immediately recognize it as invalid so I’m not sure this is practical at all. I think the only way to alter the chain would be to rewrite block winners. I think that can only be done at a fork point, so I guess the majority of the network would need to be using the same altered database.

1 Like