There was a bug in a previous version where one specific block wouldn't sync, I don't know the details exactly.
Читать полностью…> "The problem affects all implementations, but doesn't affect the LN protocol, as it's perfectly stated by the article."
"All versions of all LN implementations, even today, are vulnerable to a theoretical version of the attack that depends on natural variations in estimated onchain transaction fees; however, current-generation LN implementations have tightened their bounds to limit the maximum vulnerable amount per channel. Eliminating all variants of the vulnerability depends on changes to both the LN protocol and the Bitcoin P2P transaction relay protocol."
I might misunderstand here something, but this is really offtopic.
What I sent is the code for the protocol. No vulnerability was found there, it would be a very big deal.
You can see an article here that does things correctly: https://delvingbitcoin.org/t/disclosure-irrevocable-fees-stealing-from-ln-using-revoked-commitment-transactions/1314
The problem affects all implementations, but doesn't affect the LN protocol, as it's perfectly stated by the article.
Anyway as you mentioned the case is closed, you made communication in a way that I felt unfair (especially considering who was the code owner at the time the vulnerability was introduced) and harming Wasabi using fake headlines and false sensationalism just to sell your product. As a result I do not wish to provide free advertisement for an entity like yours.
Note how I made no statement using Wasabi's account.
Your accusations are unacceptable.
A copy of a website is really easy to do, especially for a static website like our landing page and..... especially when the code is open source!!!!!!! Phishing is a societal problem, and it is delusional to think that we can fix it. It is also ridiculous to suggest to domain-squat every TLD to avoid scammers, there are thousands of TLD and we are not even a business.
However, we are doing everything we can to improve this problem by lowering the reputation of the phishing websites. Our actions, even if limited, reduced drastically the amount of reports we receive from basically 1 per week to 0.
You can see an example of such action here: https://github.com/phantom/blocklist/pull/883
Hello, I want to solve import a wallet issue. It said “Invalid has of the base 58 String”
Читать полностью…@Carl_Lundstrom feel free to help to improve it yourself tho. We just don't spend much time on it as it's a game of whac-a-mole
Читать полностью…I suppose it's the same argument I have against securing all the variations of spellings for every other platform. For example, I could have taken the name "@Kruvved" on Telegram to reserve it and keep it out of the hands of imposters. But, no matter how much effort honest actors put in to try to reserve and renew credentials for all the possible combinations of phishing and imposter sites, it will never actually stop scammers from taking money from gullible people.
Читать полностью…Well, that is out of scope of the previous discussion.
Such scam websites have been around since forever.
Unfortunately there is not much we can do about that. We've reported them many times, sometimes they get removed.
About it looking the exact same, anyone can copy our website. So it's not something done "from the inside".
All bitcoin wallets have scam websites.
It did. That went well. What I meant was that usually a vulnerability gets disclosed, then a journalist might read it and decide to go write about it.
Now the "journalists" were clearly informed beforehand as they published the articles at the exact same time as the vulnerability disclosure. Not that it really matters, but it shows the incentives.
Uppercase letters for QR codes is the standard. The wallets who are unable to recognize addresses formatted in uppercase are the ones who need to update, unfortunately.
Читать полностью…I have three different word sequences loaded in Wasabi (3 wallets). When I try to open them, only two open, the third one downloads blocks forever and does not open. How can this be? Is this normal ?
And on another computer the same story - this wallet downloads blocks forever.
Is this a known problem?
P.S. I do not answer to private messages
Again, nobody takes away the fact that you _tried_ to make a serious protocol, but you left that road long ago.
Nobody would be able to implement the current "WabiSabi protocol" without either by forking from Wasabi OR a very heavy reverse engineering of the current working coinjoins.
The best you can say, that Wasabi is _based_ on that paper you mentioned.
I write the following here only once, everyone can think about it.
Yes, you are right this was a software vulnerability, not a protocol issue, BECAUSE there is no such thing as "WabiSabi protocol".
If there was such thing then there would be a big documentation on what to implement and what to check/test like an USB protocol, if you do that, it needs to work. And there would be no possibility to instantaneously close out numerous coordinators with a single decision like minimum input, free/not free and so on ... since that's part of the protocol, doesn't it?
But it happened, since there is _exactly_ one implementation and that can be faulty, not the protocol of course...
When a game network code leaks out and turns out it has vulnerability issues, they just fix it, and never ever seen the excuse "well it was a coding issue, the protocol was right". It's just awkward.
Was the vulnerability there? Yes, it was. Fixed? Yes, it's fixed. Case closed, nobody really interested in "protocol" excuses when there is a single implementation without exhaustive description.
For the record, I removed GW from LiquiSabi because this entity is spreading FUD (lies basically) in the goal to harm Wasabi's reputation. Basically what SW was doing.
Specifically: A Vulnerability in "WabiSabi"
I read this everywhere, including in litterature written in-house by GW, but it's extremely incorrect and misleading: GW hasn't found a vulnerability in WabiSabi. Semantic is extremely important here, a vulnerability in the protocol would require an immediate hard fork and be an extremely big deal. A vulnerability in the client (what it really was), is not a big deal, requires a progressive update as it was done and that's it.
As a result, I don't want to provide free advertising on my personal project to an entity acting like this. Personal project that is BTW open source, you are free to run the code, so I really don't see the problem
I don't see how the fact that I cherry pick MIT code that you write is relevant here.
Feel free to contact me privately if you need further information, this will be my only public statement
One member of the team successfully got the .is phishing site blocked automatically for users of the metamask browser extension. This proactive move probably saved some BTC from falling into thief hands.
Читать полностью…That's no reason to be passive while people get robbed. What's your argument against securing the .is name?
Читать полностью…How about securing the situation by buying all similar domains? If someone refuses to sell or requires extra $$ there is a dispute mechanism where you will get the domains for just the cost that the squatter had actually had, plus of course a fee for the paperwork
Читать полностью…Those who worry about the reputation of Wasabi Wallet should start by weeding out the events around the scam site wasabiallet.is
It went up and down during a long time and was (or is) such a perfect copy of the real site that probably many suspect it to have been the work of someone on the inside. At least I would have treated that event as a major emergency
Meh. Journalists are incentivized to write hit piece clickbait no matter what. And the two journalists in particular who wrote about it have their own personal battles with Wasabi.
Читать полностью…Ginger Wallet has never intended, nor does it currently intend, to tarnish the reputation of Wasabi Wallet, and this will remain the case in the future. Beyond the technical aspects, we have no influence over the article in question.
I must agree that every project is free to do as it wishes. However, I find it contradictory and puzzling that @Turbolay , on the one hand, integrates code from Ginger into Wasabi, and on the other hand, labels us as adversaries and removes us from Liquisabi.
Wasn't the vulnerability responsibly disclosed with enough notice? This is what allowed the bugfix to already be 2 versions deep by the time the journalists published their pieces. I didn't compare all the pieces closely, but the main problem with the writing is that it describes the issue as a protocol vulnerability rather than a client bug. This doesn't specifically make Wasabi look worse compared to other clients who inherited the same bug.
Anyways, as you mentioned, Liquisabi is a personal project so it's entirely up to the decision of its maintainer.