The current market cap of Zcoin is 1,538 BTC [0], so this person created 1/4 of all the coins in circulation (410 BTC), and these guys are saying: "We knew we were being attacked when we saw that the total mint transactions did not match up with the total spend transactions". It took them way too long to realize that they were being outsmarted.
EDIT: u/aftbit also posted this on the thread: "They even cited the ability to detect hacks like this as a key advantage over Zcash. [1]"
Well yes, they were not wrong to cite the ability to detect hacks like this as a feature over zcash. This same class of error could exist in zcash and we would never know. We know it happened here because of the ability to audit.
You are completely right, I hadn't considered that. This is what Zcash has to say about it:
Since the value sent between shielded addresses is private, how can we determine the number ZEC in circulation?
Currently, we know that every miner validates every transaction, and each transaction comes with a zero-knowledge proof that it doesn't violate conservation-of-money (i.e. a proof that the money coming out of the transaction is ≤ the money going into the transaction).
This reasoning depends on the soundness of the zero-knowledge proofs. If someone could get the miners to accept a transaction that created new money — if you could somehow forge a zero-knowledge proof or defeat the zero-knowledge-proof-verifier software in the miners — then you could counterfeit money.
We are investigating options for the future which would enable accounting for all ZEC in existance(sic). Stay tuned to our blog for any proposals on this matter.
This type of challenge is implicit in any cryptocurrency with strong confidentiality (i.e. which conceals the amount being transferred from public view) unless you trust the "inputs-equal-outputs" proving mechanism (which, in Zcash's case, is the zk-SNARK that accompanies a shielded transaction).
One potential solution is to periodically require that all coins be unshielded (i.e. sent to a t-address) and passed through a turnstile mechanism (thus allowing them to be counted). After a reasonable amount of time, a new consensus rule kicks in that prevents coins from being spent unless/until they've been put through the turnstile. That would effectively allow for a full audit of the monetary base without compromising privacy.
What? This is totally incorrect. It is perfectly possible to build systems that verify total issuance while concealing amounts. Blockstream's Confidential Transactions does this, for example.
As much as the elliptic curve discrete logarithm problem can be trusted to be intractable, yes.
For which bitcoin has some billion dollar in bounties:-)
The crypto used in Confidential Transactions, or any implementation of it, does not only rely on ECDLP. There's plenty of scope for potential protocol or implementation errors. (The Zcoin issue, remember, is an implementation error.)
The CRYPTO relies only on ECDLP. That word, as it is usually used as a term of art, indicates the underlying mathematical assumptions. to say "it does not only rely on ECDLP" is to indicate that there are other trusted mathematical security assumptions, such as harness of EC pairing or the knapsack problem. This is not the case with confidential transactions, whose Pedersen commitments and Back-Maxwell rangeproofs rely on the exact same cryptographic assumptions as any bitcoin signature. It even uses the same library to create and check these commitments, with a minimal amount of new code.
Is there scope for new implementation errors? Yes, but only in the fully generic sense of it involving _some_ new code. Anything that is different involves changes, and any change brings the possibility of an implementation error. However Blockstream has tried to keep confidential transactions as close to the underlying bitcoin code base as possible to minimize that error, and unlike other solutions CT has been subject to academic review and external security audit.
But at the insistence of Malcolm, Arnold tries different ways of counting the animals on the computer. The count reveals that there are 292 animals in the park, much higher than the official figure of 238. Malcolm concludes that the animals, including the deadly velociraptor, are breeding. Wu cannot believe it, because all the dinosaurs are female.http://www.novelguide.com/jurassic-park/summaries/iteration3
Seems very unlikely since it would inevitably cause many to lose faith in the currency. If they really want to cash out, they can just do what almost every other upstart cryptocurrency founder does and make it clear they're taking some of the pie.
Let me get this straight. Zerocoin has a bug, money gets stolen, the bug is fixed. Everyone in the comments lose their shit and call doom and gloom for all cryptocurrencies. The experiment is failed, centralization was right all along!
Meanwhile, centralized systems like credit cards are stolen en masse, identity theft abounds, anybody can file your taxes with the IRS and collect your refund, and an ACH can be initiated against your bank account using all the information helpfully printed on every check you hand to strangers... and no one bats an eye?
Fiat financial security is based on monitoring, paper trails, and legal consequences for fraud. Yes, you can initiate a fraudulent ACH knowing only the numbers printed on a check you received, but you'll probably end up in jail for it. It's far from perfect but it mostly works.
Cryptocurrency intentionally doesn't have any paper trails. Anonymity is the selling point. If you find a bug in the code and exploit it, the anonymity protects you and you likely won't be caught. That means that security depends entirely on the code (and the theory!) being correct.
So yes, when bugs in fact lead to massive amounts of money being lost... some point are going to argue that cryptocurrency may not be a good idea.
(Note: My personal opinion is mixed.)
> Zerocoin has a bug, money gets stolen, the bug is fixed.
You say this as if it isn't a big deal. Sure, the bug is fixed, but the attacker essentially stole 25% of everyone else's zcoin (via inflation), and fixing the bug doesn't bring any of it back. That seems like a big deal to me.
Actually the whole point of the distributed blockchain is that there's a very public paper trail. The only hope for anonymity is obfuscating the movement of value through the blockchain, which can be accomplished to varying degrees depending on the sophistication of who is trying to track you. If your theft is high profile enough then you'll have a good deal of trouble liquidating your funds anonymously.
it's the ultimate irony. It feels like anonymity because you decouple the "get a bunch of BTC" from "cash out to USD", so it's the worst of both worlds.
It's anonymous at first, so fraud can't easily be reversed. But it's "eventually completely public", so people who might want to use it for anonymity are sitting on a ticking time bomb. Eventually, their identities will be revealed.
Indeed, but people just don't seem to get this. As long as people are converting fiat to crypto at the front end, and then crypto back to another fiat at the back end, then there is no anonymity. There may be a lot of obfuscation in the middle, but ultimately the guy who converts back to fiat will be asked the question by his government, "Where did this money come from?" Then he needs a provable paper trail.
Maybe someday enough goods and services will be available to be purchased by cryptocurrency that fiat use will be diminished or eliminated. But at that point, the companies that are accepting cryptocurrency as payment for services will have to keep their own accounting in order to show their governments where their money is coming from. And then again the anonymity breaks down. The customer records, with email, ip, and shipping addresses are part of the audit trail.
Yes, the security of the traditional financial system is largely based around the ability to reverse transactions.
One time I was transferring money from one of my accounts into a trading institution. Except by mistake, I was looking at one of my parents' checks instead of my own. I typed the wrong account number. Only after my parents noticed the unexplained withdrawal of a five figure sum, and called the bank to reverse it, was the mistake detected.
What's better that stealing magic Internet money? Creating anonymous magic Internet money out of thin air, then selling it. Brilliant.
But seriously, I'm not sure which is worse: Watching your stolen money move around the blockchain knowing you are helpless to do anything about it, or being provably unable to even tell the difference between "real" and "counterfeit" coins.
I mean sure, maybe they will. But people have been saying this for at least 6 years. When will this happen exactly, and why? Bitcoin may never achieve the status its proponents hope for, but interest from investors and the financial sector in bitcoin and it's underlying technology suggest it's unlikely to suffer this fate anytime soon.
Unlike HYIP, which are a malicious scam, and LR, which essentially only existed for money laundering and had a single point of failure, bitcoin is at least some kind of innovation.
This position isn't really better than the knee-jerk "bitcoin will replace the Federal Reserve". Both are based on feelings or ideology rather than research, and both fail to acknowledge the great uncertainty that clearly surrounds the future of bitcoin and blockchain technology.
Or the Chinese, Venezuelans and Indians are buying BTC because either somebody else is in control of their currency or their currency is out of control.
Considering programmers almost exclusively deal in abstract ideas, and even their manifestation is in the realm invisible to the naked eye, it's surprising how hard it appears for many to grasp concepts such as "law", "culture", or "trust".
So here we have a bunch crypto-anarchists with their usual "fiat is fiction"-spiel. Let me ask you to put your worthless paper money[0] where your mind is: I have drawn this wonderful $1 note, and will add as many zeros as you wish, giving you a 10-for-1 payout for useless US treasury fiat.
oh well. At least every time one of these great new ponzi schemes finds a new way for provable-secure technology to be insecure, we can enjoy the knowledge that another $100mill is in the hands of a more worthy owner.
[0] most of it isn't even paper, but apparently paper is a better symbol for evanescence than "electric charge" or "a linen/cotton-blend"
I think it's because it's difficult for even programmers to deeply grasp the slippery nature of the small scale abstractions we use in software projects. This is why design patterns are so easily misused. It's tricky stuff.
The large scale, society-level abstractions and shared fictions, such as money, are a whole different beast.
I don't think the principle of money is actually that difficult. We've all had that moment in middle school where we realised that money would be worthless if everyone stopped caring about it.
It's just that some people stopped running around wide-eyed telling others about this revelation a few days later.
I guess we did get lucky in that the object of obsession they chose wasn't the law. Please don't tell them that murder is only a crime because enough people believe it to be or they'll throw us all in blockchains.
> money would be worthless if everyone stopped caring about it.
Sure, on the surface this is easy to understand. But what might it look like for such a process to unfold? How do the fundamental dynamics and primary characteristics of a money system change over time, and why?
Honestly, I can't really answer those questions in any kind of sophisticated way. A lot of discussions involving the Fed and broad macroeconomic policies feel fairly hand-wavy to me.
Sure, the basics of runaway inflation caused by reckless money printing is not too hard to understand. But that's just one of many scenarios.
Well money wouldn't really work without trust. A currency without confidence is worth nothing. So if Zerocoin got hacked and someone created money out of thin air, confidence drops and zcoin is now worth less. The principle is the same as with state backed fiat.
Ethereum takes the record for paying out $53 million dollars (943 BTC X 53 = lots). Technically, it wasn't even theft or a bug since Ethereum & DAO proudly claimed "Code is Final Law".
I almost feel like cryptocoin and blockchains are set out to do 1 thing really well-show how superior centralized systems are and how easy it is to trick people with pseudo academic jargon-just read Vitalik's writing peppered with superficial pseudo-academia-charlatan pendant language it's zealots gladly eat up-with little to know effort to dissect and analyze fact from fiction.
While I don't feel that your argument generalizes (e.g. Bitcoin actually probably is the best extant value exchange mechanism in many ways), the whole Ethereum thing was embarrassing. People fell for the mumbo-jumbo and then the whole project rendered itself pointless by going back on its "code is law" principle.
In a way, they did actually prove that code is law - but they proved that "currently consensus-agreed-upon code is law."
That old buggy code was law until the new code became law and changed the rules :). But of course its redundant to say "current code is law" because it's obvious by the logic of how consensus works.
The confusion for people was their belief that code at one point in history would forever remain "the law".
"code is law" and "currently consensus-agreed-upon code is law" are not the same though, not even close. One allows for human intervention and the other one doesn't.
Moreover, consensus means that it's possible that >50% participants can one day to decide and take the money from the other participants. By declaring them hackers / evil / etc, for example. Which is basically what happened.
Yes, consensus does mean that the group "in power" can change the rules in ways that can harm those outside the consensus.
This is kind of scary, but on the other hand I think it won't be exercised in too strong a way - or at least in a way that harms a large number of people. The reason it won't happen is that aggressive moves that harm too many players threaten the whole game. So those in power have to consider whether their actions could ultimately undermine their own value, since the value is agreed upon by a larger market than just the people with consensus.
Now, if you have a pile of nerds with more interest in ego or "correctness" than in financial value, then wild changes can occur. I don't mean to suggest that's always a bad thing either. It's a bit like choosing when to evolve in a backward compatible way or when to make changes that are good for the long term but which annoy or frustrate some people in the short term.
For me, the takeaway of most interesting events in the blockchain world is that it's still quite young. There's a lot to learn, and it will take time to stabilize and become boring and reliable (or at least more predictable).
The truth is that people always agree that there are limits to the law and that the law at some level has to be aligned with common sense and the interests of the community... except in the case when saying "LOL CODE IS LAW!" gives them an opportunity stroke their smug egos.
Tell us? Because around here, I saw a huge number of bank fraud basically unpunished. "Yes those guys duplicated your SIM and stole all your funds. Too bad for you since we're not going to even try to catch them."
Centralized systems might be efficient but the rule is, they don't care about you, so it's not your problems that they're going to solve. At least I can have some faith in the code, which is the final law.
For one, a theft on banks is extremely hard and rest of the system hums along. Mt Gox and DAO however resulted in catastrophic failure where everyone was collectively punished.
On a personal level, there are good channels to get your money back where in a decentralized market, there's zero chance. It's better to have other humans keeping check on each other than code watching other code because it will not take into account the "spirit of contract".
"a theft on banks is extremely hard and rest of the system hums along. Mt Gox and DAO however resulted in catastrophic failure where everyone was collectively punished."
Not "everyone" was punished. Only users of Mt Gox. And only investors of the DAO. Also both Bitcoin and Ethereum survived these incidents very well.
With legacy financial systems (banks, cash) there are plenty of scenarios where you may never get your money back, eg.: lose your wallet/cash, 2016 Bangladesh Bank SWIFT hack where $60M was never recovered, etc.
Someone steals my credit card, and if I notice within 2 months, I can get everything back. Another advantage is that it doesn't take several hours (and huge amounts of wasted electricity) for a transaction to go through. My bank hasn't been siphoning my funds either. I wouldn't trust any cryptocurrency exchange with holding even 10% of my monthly salary.
Sure, governments can get my bank records. But my bank records aren't literally inscribed on a public ledger! I don't have to make a bunch of fake bank accounts to protect my privacy from the random data scientist with the blockchain, because if I use my main account and my identity gets leaked from some random service I used, then now everyone knows who I am.
It doesn't matter if they don't care about me. Nobody cares about me. But the incentives are partially aligned: systems with higher trust require less friction. And things like credit cards prove that you can build protections.
And "code is law" is not really extendable across society. We have contracts, of course. But almost all contracts include a "Use common sense"-style clause, which is the whole point lawyers and judges exist in the first place.
How can you build "force majeur" clauses into code without some third party arbitrator?
Of course, having a decentralized backbone is neat. A long time ago, anyone could make gold coins! It wasn't like some evil cabal was like "Oh, we shall unify all the currencies and CONTROL EVERYTHING!" Centralization happened because it was kinda useful.
Half of cryptocurrency stories are "techies discover why banks do the things they do". For example: I imagine more and more exchanges will partner up to do off-chain transactions. At one point, a lot of stuff will happen off-chain. Question: what do you think Visa does?
I do not see a decentralized currency ever becoming big enough to be a real fraction of economic transactions without it becoming what most of what we have. Competition is good! But I think some cryptocurrency enthusiasts are in for disappointment if they want critical mass
>And "code is law" is not really extendable across society. We have contracts, of course. But almost all contracts include a "Use common sense"-style clause, which is the whole point lawyers and judges exist in the first place.
I would characterize the development of law and contracts as something meant to protect parties from common sense. If all we needed was common sense, every contract would just say (a la Raikoth)
>In all situations, the parties will take the normatively correct action.
...and nothing else. Law is essentially shaping common sense into something predictable and useful. So, why wouldn't it be possible to take something deterministic, and shape that into something predictable and useful? It doesn't need to be perfect - it just needs to be better than what already exists.
"Another advantage is that it doesn't take several hours"
You hold a common misconception of how transactions work. Bitcoin transactions are transmitted/notified instantly (like credit cards). Transactions will be confirmed and spendable by the recipient within 10min on average (with CCs it takes 1-3 days until the merchant gets the money). Finally transactions are considered irreversible/definitely non-fraudulent after 6 blocks or 60min on average (with CCs it takes 60 days since charge backs are possible for 60 days).
So if you compares apples to apples, Bitcoin is always faster than credit cards.
that argument about bitcoin mining not being wasteful just shows it's not wasteful compared to other decentralized, trustless currencies. It still loses out to traditional payment methods.
"It will only use 1% of the world's electricity consumption". We can only do that for 100 things. Does "decentralisation of currency" belong in the top 100 things to devote electricity generation to?
EDIT: do you have a link to a fuller explanation about transaction speeds? I do not understand how transfers can happen so quickly without introducing a risk of double spend
Why would the argument be only valid when compared to other decentralized, trustless currencies? The benefits indirectly extracted from Bitcoin mining ($1B invested in 729 companies, thousands of jobs created, etc) exist precisely because Bitcoin has advantages over other traditional payment systems.
"Does "decentralisation of currency" belong in the top 100 things to devote electricity generation to?"
I think so. If (big if) Bitcoin ever becomes so successful that 1% of the energy is spent on it, think about the massive scale of positive social and economic changes it means it will have brought: freeing people from economic censorship and persecution, reducing international payment friction hence increasing economic trade, etc.
But I think neither you nor I can envision the scale of such potential social and economic changes. It is like asking a random person from the 1890s how much do they think automobiles will change the world, and almost nobody would have predicted automobiles are a major enabler of the economic expansion of the 20th century.
Transaction speeds: zero-conf txs are at risk of a double-spend, but in practice this happens extremely rarely.
>No. You may still be liable for $500 if you fail to report it within 48 HOURS
"may" is much different than "are". I've had it happen 3 different times and didn't realize until many days later and was never asked to pay for any of it.
Guess how much you lose if someone steals $50,000 of bitcoin from you and you don't notice for 48 hours?
>Transactions will be confirmed and spendable by the recipient within 10min on average
Almost nobody gives two shits about how long it takes for the recipient to be able to spend it in the majority of credit card transactions.
>Finally transactions are considered irreversible/definitely non-fraudulent after 6 blocks or 60min on average (with CCs it takes 60 days since charge backs are possible for 60 days).
Worse for the consumer, better for the merchant. But again, nobody cares about the merchant in these cases. Merchants already hate credit cards so you don't need to convince them. You need to convince consumers, who drove the credit card adoption in the first place.
Which is why I corrected the poster who made it sound like credit cards "always" protect you, when it's not true. "Often" and "mostly", but not "always".
"Guess how much you lose if someone steals $50,000 of bitcoins"
Hardware wallets solve the theft problem. To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets.
Credit cards as they are implemented will NEVER solve the theft problem without constant anti-fraud efforts. Bitcoin uses cryptography to authorize a specific transaction. Credit cards rely blindly on the merchant's good will and security to charge for the right amount and to prevent the CC info from being stolen. The more you transact the more merchants the CC info circulate through, and the higher the risk of fraud. Which is why CC fraud has been rising and rising for many years.
"Almost nobody gives two shits about how long it takes"
Listen, I was just pointing out people who say "CCs transactions are quicker than Bitcoin transactions" are wrong. Accepting a zero-conf Bitcoin transaction is similar ("as risky as") accepting a CC transaction after swiping/chip-and-pin. Therefore that's what should be compared, and both Bitcoin and CC transactions are just as fast as each other (seconds).
I actually agree that the immutability of a Bitcoin transaction is a negative for the consumer. (But I don't think it is a cons big enough to seriously hamper Bitcoin's adoption.)
>Which is why I corrected the poster who made it sound like credit cards "always" protect you, when it's not true. "Often" and "mostly", but not "always".
This is a distinction irrelevant in the real world where the status quo (at least in the US) is that companies protect you. Bitcoin has to compete with what exists, not a potential strawman based on what the laws say.
>Hardware wallets solve the theft problem. To date there have been no verifiable incidents of Bitcoins stolen from hardware wallets.
Can hardware wallets be stolen? If so, you just lost $50k regardless of the attacker gaining access to it. If not, it means you have keys backed up somewhere that can be stolen.
>>"Almost nobody gives two shits about how long it takes"
>Listen, I was just pointing out people who say "CCs transactions are quicker than Bitcoin transactions" are wrong.
Don't quote out of context. The rest of my sentence clearly shows I'm referring to the speed for the consumer. From a consumer perspective, the transaction is done right when the credit card machine returns (a.k.a within seconds).
>Accepting a zero-conf Bitcoin transaction is similar ("as risky as") accepting a CC transaction after swiping/chip-and-pin.
No it's not. A zero-conf transaction someone can double-spend against and the merchant has no recourse and the consumer has no risk. Merchants will be forced to wait for confirmation unless they have other leverage against the consumer to use on bad behavior.
In CC transactions, the risk to the merchant is a chargeback. A consumer can only lie about these a few times in their life before they get caught by a combination of the credit card company and a merchant and they will be arrested for credit card fraud.
Until the government steps in and writes laws making double-spending fraud, CC will be safe than zero-conf transactions.
I am not 100% sure, but my understanding is that the bank is liable for those losses unless they can prove gross negligence on your part. I've heard that legal argument, at least. [0]
Though this is not worse from your cryptocurrency. If they get a hold of your private keys, you lose everything. At least in the classical banking system you have some legal recourse.
"they get a hold of your private keys, you lose everything."
Hardware wallets solve this (Trezor, Keepkey, etc.) This makes Bitcoin more secure than cash. Most people accept the (imperfect) level of security of cash, so they would be OK with the higher level of security of hw wallets.
They would be okay with higher security, but not higher risk of it breaking. Cash doesn't rely on advanced circuitry so I don't have to risk losing $50,000 because of some static electricity.
Hardware wallets can be backed up. You can even have 2 hardware wallets using the same cryptographic seed and both able to spend the same BTC. You won't lose any BTC if a wallet gets destroyed.
Your private keys have limited attack surface, especially if they're in cold storage.
However, your banking account has unlimited attack surface. It's on some remote information system that you do not control and never will.
As I already said, I'm not a big believer in "legal recourse", it's as well to be used to take money from you as to return them back.
At least in the US, you cannot lose much money because of fraudulent electronic funds transfers, unless you ignore the fraud for more than sixty days. https://www.federalreserve.gov/boarddocs/supmanual/cch/efta.... See section V "Consumer Liability and Error Resolution."
0) ZCoin is a fork of Bitcoin that uses a 4 year old academic research library, libzerocoin, to make anonymous payments using the Zerocoin protocol.
1) Unlike Zcash/Zerocash, the Zerocoin protocol has only fixed value coins.
2) To get multiple denominations, you have completely separate instances of the anonymous currency that just happen to live on the same blockchain as the other denominations.
3) Zerocoin has its own bitcoin like non anonymous base currency. Call it basecoin.
4) You spend basecoins to get zerocoins.
5) When you spend zerocoins, you get basecoins.
6) ZQ_WILLIAMSON and ZQ_PEDERSEN are denominations, worth 100 and 50 respectively, defined in libzerocoin.
So what went wrong?
When you convert a zerocoin into 100 basecoin, the ZCoin code forked from bitcoin checked if the coin was a valid instance of ZQ_PEDERSEN (worth 50 ) not ZQ_WILLIAMSON (worth 100). So you paid 50 for the zcoin,got it into the instance for ZQ_PEDERSEN, but got back 100. Free money.
Why did this happen? Well, it looks like in order to support the multiple denominations libzerocoin offers, the ZCoin developers wrote some code for one denomination and then duplicated it for each remaining denomination. There are five in total, ZQ_LOVELACE=1,ZQ_GOLDWASSER=10, ZQ_RACKOFF = 25, ZQ_PEDERSEN = 50,ZQ_WILLIAMSON = 100.
But on the last one, ZQ_PEDERSEN was not changed to ZQ_WILLIAMSON in a few places. This caused the bug.
Caveat: I have nothing to do with ZCoin. However, I am an author of the zerocoin protocol, libzerocoin, the zerocash protocol, and am involved with Zcash.
Just to clarify, the code that was duplicated per denomination is not part of libzerocoin itself, it's in main.cpp. I'm not sure who wrote it; it may or may not have been part of the academic prototype Ian refers to. In any case, this amount of duplication (in security-critical code, no less) should never have passed the necessary code review to release a cryptocurrency. Also note that there are still unexplained differences between the copied code branches after the security fix.
(In contrast, Zcash did have duplicated code in the prototype we inherited, but we rewrote that entirely well before the Zcash launch.)
[Edit: I confirmed that the duplicated validation code in main.cpp was not present in libzerocoin. Some of the code in main.cpp including some stale comments, appears to have been pasted from https://github.com/Zerocoin/libzerocoin/blob/master/Tutorial... , but that tutorial code does not have the bug. So it appears that it was introduced by the Moneta/Zcoin developers.]
Any idea why they would describe the code error as "a single additional character in code"? It looks like about 10 characters or so based on your link. There are also some other code changes associated with that commit
Another major bug caused by copy+paste. I seem to remember a security researcher article months (years?) ago that identified this theme, showed a way to grep a codebase for likely c+p errors and found a load of bugs in real production code that had remained hidden for years. I think I landed there from HN, but my google-fu is failing me now, can anyone else remember it?
Probably not what you mean, but this (https://news.ycombinator.com/item?id=12853211) submission about the PVS-Studio static analyzer also shows a bunch of copy+paste errors being found.
This isn't a subtle or difficult-to-find case. It's a case of "why the heck would anyone write code like that, in any language, in the first place?" The only language-level abstraction needed to avoid this particular kind of duplicated code, is a loop.
I rather actually see a real comment if there is no time to create a unit test.
Why does changing ZQ_PEDERSEN to ZQ_WILLIAMSON fix the bug?
Having meaningful named constants would make much more sense.
Edit: On full view of the code, the bug could be avoid if they broke out the if <demoninationX> blocks into their own function, and to prevent "typo" errors, it would be good to have a local variable named current_demoniation = demoniationX, and then reference that local variable instead of referencing the constant everytime.
Every owner eats a tiny bit of it with the downward pressure on value caused by the artificially increased supply. Also, decreased trust reduces demand pressure further lowering value for everyone.
"In a decentralized economy, one person's mistake must be distributed to the collective."
Hackers rob the mortgage downpayment you made with Bitcoin, said platform gives everybody an haircut because platform provider won't take responsibility and claim it's the cost of decentralization without really understanding the responsibility of the platform still falls upon the main facilitator.
What a great new thing decentralized economy is, everyone will be dying to get in on the action!
If estimates are accurate that 25% of all Zerocoins in existence were artificially (I mean, even _more_ artificially) fabricated, then that dilutes the value of everyone else's legit coins by about 33%.
Hearing the 410BTC value estimate of those 25% is a bit surprising. I wouldn't have imagined them having such market capitalization so quickly.
Hmm, I know about Zcash and Monero, but I haven't read much about Zerocoin. I'll be staying away, especially after a 410 BTC hack. They even cited the ability to detect hacks like this as a key advantage over Zcash.
EDIT: u/aftbit also posted this on the thread: "They even cited the ability to detect hacks like this as a key advantage over Zcash. [1]"
[0] https://coinmarketcap.com/currencies/zcoin/
[1] http://blog.zcoin.tech/zcoin-and-zcash/