Posts

FileCoin API fumble resulting in SiaCoin turnover! 🏈

avatar of @anthonyadavisii
25
A Wretch Like You
@anthonyadavisii
·
·
0 views
·
3 min read

Looks like somebody dropped the ball...

Recently, FileCoin, a major cloud-storage cryptocurrency, had an issue due to a critical flaw in their API that resulted in a Binance validating a deposit twice. This isn't a double spend in the traditional sense but nevertheless was a big deal on /r/CryptoCurrency.

https://www.coindesk.com/filecoin-double-deposit-on-binance-exploit-open-other-exchanges

FileCoin's Response

I read through it and it did pretty much shift the blame to Binance but that isn't exactly fair when you look at it more deeply. The pull request on Github gives us a bit more details as to why.

    So, basically, the FileCoin documentation needed clarification so they added it. The results of StateGetReceipt could be ambiguous for gas-repriced messages. That was the flaw that resulted in the double deposit that has since been rolled back. To suggest that this was solely a result of Binance's negligence is a gross oversimplification when considered in that light.

Re: tl;dr -- Binance devs fucked up

Not entirely. FC team did admit that part of their code was counterintuitive.

API Usage Misunderstanding. The confusion is that when StateGetReceipt is called on the two similar messages (one of which is executed, and the other of which is skipped), it will provide the same result: both corresponding to the message that was executed. This is admittedly counter-intuitive, but intended, behavior. The primary use-case of the StateGetReceipt method is in the event handler used by the Lotus Miner and deal-making process. In the event of a replaced message, these modules do not care if the returned receipt corresponds to the original message, or a replacement one — they simply want to know if the message successfully executed on chain. We have added clarification to the documentation here: https://github.com/filecoin-project/lotus/pull/5838.

I don't think we can fully put the blame on Binance. Having ambiguity in the code seems like a recipe for user error.

    So, at the end of the day, we can see how important having clarity in one's code and documentation but, on the other hand, we should be able to expect a top exchange to be able to flesh out these sort of scenarios during testing assuming they are diligent and comprehensive in the process. Binance clearly "screwed the pooch" in that department.

    In contrast to FileCoin, SiaCoin doesn't use variable gas for their transactions in which we would need to consider repricing. Instead they use a dynamic transaction fee which applied depending on the size of the transaction and how busy the network is. This removes the guesswork and, in my experience, transactions are confirmed within a reasonable timeframe for a PoW coin (about an hour for 6 confirmations).

Screensnip of SUI-GUI

Yes, I am bullish on SiaCoin and have been since before the 2018 cryptocurrency crash.

    In case you haven't been paying attention, SiaCoin has broke 0.02 cents from it's ATH of a dime. I think it is definitely possible to reach that point again and some folks even suggest it could reach $1. I don't know about that considering the high supply but strange things can happen in a bull market. Time will tell.

    Besides the investment aspect, I have been experimenting with running SiaCoin hosts and also have recently updated my SkyNet WebPortal which is currently inactive. The use case I have in mind is a Hive-exclusive webportal using nginx's auth_request module. This may present an exciting opportunity to onboard new Hive users by providing the incentive of cloud storage. A blockchain symbiosis if you will.

Thanks for stopping by! Have a spectacular weekend. $Hive, $SC, $Leo, $Cub to the 🚀🌕!

Posted Using LeoFinance Beta