01:05:28 <tobtoht[m]> Challenge: I deposited 0.25 XMR into the wallet for which the secret spend key is 0. The first person to recover it gets to keep it. There is a hint in #feather:monero.social
01:10:49 <tobtoht[m]> There's actually 0.26336 XMR up for grabs (0.01336 XMR had been sitting there for a while).
07:26:32 <recanman[m]> <tobtoht[m]> "Challenge: I deposited 0.25..." <- Doesn't that mean it is a view-only wallet?
07:30:17 <recanman[m]> * view-only wallet? I don't see the hint, but if the hint is the public address, then that should make it straightforward.
07:55:32 <sech1> tobtoht[m] I claimed it. The amount of hackery was literally just 1 line of changed code :D
07:55:59 <sech1> Transaction https://p2pool.io/explorer/tx/517c4cf6c599358bae4c5459df256d97e2c50958593924f4e8e167ce9f79b01b
07:59:58 <sech1> I'll leave the remaining 0.01336 XMR there so others can play
08:18:51 <rbrunner> Is that again some "abbey abbey abbey" wallet stuff? Where you just have to neuter some assertion in case of a zero spend key, and there you go?
08:19:23 <recanman[m]> I think so
08:19:25 <recanman[m]> I am trying now
08:19:32 <recanman[m]> I have never went into Monero's innerworkings
08:20:00 <sech1> yes it is
08:20:27 <rbrunner> We had the same challenge about 2, maybe 3 years ago. Maybe with some clever googling one can even find the code line in question
08:20:38 <recanman[m]> I think I know what it is
08:20:44 <recanman[m]> I think it is in simplewallet.cpp
08:20:44 <rbrunner> Go for it :)
08:21:00 <rbrunner> Hmmm .. wouldn't think so, but what do I know
08:21:20 <recanman[m]> Where would it check for the spend key being 0
08:21:26 <recanman[m]> In the place where the wallet code is?
08:21:42 <rbrunner> You can't fail basically; if you don't crack the address and get the funds, you still learn some more about Monero code base, which is nice
08:21:54 <rbrunner> Well, should I tell you, or try to get the funds myself? :)
08:22:28 <rbrunner> Well, you have to construct a transaction. Ask yourself where in the code it does that.
08:22:49 <recanman[m]> This is my first time ever looking at source code
08:22:54 <recanman[m]> In monero*
08:23:06 <recanman[m]>     else if (ring_size == 0)
08:23:13 <rbrunner> Oh the excitement then
08:23:23 <rbrunner> No, the ring size shouldn't be any problem
08:24:01 <recanman[m]> [wallet 41fJjQ]: sweep_all 0
08:24:01 <recanman[m]> Error: Ring size must not be 0
08:24:29 <rbrunner> Ok, maybe I am wrong.
08:25:59 <sech1> sweep_all won't work if you scanned everything
08:26:09 <sech1> some inputs are already spent, but wallet can't see it
08:26:16 <recanman[m]> Then would it be sweep_unmixable?
08:26:17 <sech1> you have to pick inputs one by one
08:26:32 <sech1> (after you've fixed the C++ code)
08:27:51 <recanman[m]> I get Error: RPC error: failed to get output histogram but I have no idea what that means
08:28:04 <recanman[m]> https://github.com/monero-project/monero/blob/0a1eaf26f9dd6b762c2582ee12603b2a4671c735/src/simplewallet/simplewallet.cpp#L6731
08:30:20 <recanman[m]>   Send all unmixable outputs to yourself with ring_size 1
08:30:24 <recanman[m]> If I make the ring size 0 
08:30:28 <recanman[m]> Maybe that would work
08:31:40 <sech1> It had nothing to do with ring size, and you can't change it because of consensus rules
08:31:57 <recanman[m]> Right, that's what I thought
08:32:08 <recanman[m]> I'm "grasping at straws"
08:33:30 <recanman[m]> I'm not sure what the Error: RPC error: failed to get output histogram is
08:37:42 <rbrunner> Possible hint: If you have a view-only wallet, it has a spend key that is zero
08:37:57 <rbrunner> (probably)
08:38:02 <recanman[m]> I know that, but I don't know about the math
08:38:32 <recanman[m]> I'm not sure where the secret spend key is checked for
08:38:58 <rbrunner> Well, maybe if you can tell the wallet to go ahead nevertheless despite normally it would think it can't because it's a view only wallet
08:39:45 <recanman[m]> I wouldn't know where the check for that is
08:40:08 <recanman[m]> I'm searching through cryptonote_basic/account.h
08:40:12 <recanman[m]> I don't think it's here
08:40:19 <rbrunner> Cold :)
08:40:40 <recanman[m]> https://github.com/monero-project/monero/blob/0a1eaf26f9dd6b762c2582ee12603b2a4671c735/src/cryptonote_basic/cryptonote_format_utils.cpp#L326
08:40:43 <rbrunner> If anybody else is reading along they might well be faster than you ...
08:40:58 <rbrunner> Life is unfair
08:41:02 <recanman[m]> It's 0.001xmr or something lol
08:41:08 <recanman[m]> I just wanna understand this
08:41:21 <rbrunner> That's the spirit
08:42:05 <rbrunner> Just thinking, if we don't publish the solution too prominently, we can repeat this challenge any number of times in the future
08:42:20 <rbrunner> After somebody sent in new funds of course
08:42:49 <sech1> that bring a question, do we have an actual burn address in Monero?
08:42:50 <recanman[m]> Yeah, I would assume most users only understand the definition of output in a way to explain it to a five year old, not know the math behind it
08:43:00 <recanman[m]> * of output and other basic terms in a
08:43:22 <recanman[m]> Monero to test on? There is the test net I believe
08:43:27 <rbrunner> I would guess not, but not sure
08:43:37 <rbrunner> (regarding burn address)
08:43:59 <recanman[m]> I'm only seeing crypto::null_skey in multisignature stuff
08:44:39 <rbrunner> Yeah, that's nice code written by koe probably. Older key checks for zero keys in much more hacky ways
08:44:49 <rbrunner> *older code
08:44:59 <recanman[m]> Oh
08:45:55 <rbrunner> We don't want to make it too easy, do we?
08:46:39 <rbrunner> The people to complain about "off topic" are not yet here it seems ...
08:46:58 <recanman[m]> Jannies are asleep
08:49:25 <rbrunner> Burning would be possible by using the same stealth address more than once, if I remember correctly. https://web.getmonero.org/2018/09/25/a-post-mortum-of-the-burning-bug.html
08:50:24 <sech1> right
08:52:45 <recanman[m]> <rbrunner> "Yeah, that's nice code written..." <- Is it just `key == null`??
08:52:46 <recanman[m]> s/`??/`?!/
08:52:52 <recanman[m]> I don't see anything
08:57:06 <rbrunner> You will probably have to find the method that builds txs first, and then scan that visually. Just speculating, I don't know the *exact* solution myself
08:57:18 <sech1> Still "Balance: 0.013360040000, unlocked balance: 0.013360040000"
08:57:22 <sech1> where is my popcorn :D
08:57:24 <sech1> you're close
08:58:01 <rbrunner> Yeah, wonder how many people lurk and try now
08:58:18 <recanman[m]> I only see build_tx in hardware wallet stuff
08:58:59 <rbrunner> We probably should indeed repeat that to motivate people to read the source code, and for some general fun
08:59:26 <sech1> until someone sets up modified monero-wallet-rpc and a crontab script to sweep_all :D
08:59:35 <recanman[m]> I agree, this is intriguing 
08:59:50 <recanman[m]> sech1: It's in the rpc?
08:59:56 <sech1> no
08:59:58 <recanman[m]> I'm not looking there
09:00:03 <recanman[m]> oh ok
09:00:11 <sech1> I used monero-wallet-cli to claim the reward
09:00:23 <sech1> but monero-wallet-rpc will work too
09:01:07 <recanman[m]> sech1: I'm using that now
09:01:31 <recanman[m]> tx is in wallet.cpp 200+ times
09:01:39 <recanman[m]> Not sure where the tx is built
09:02:15 <recanman[m]> Maybe it is in unsigned_transaction.cpp
09:02:27 <recanman[m]> I would assume that is where they "build" the transaction
09:11:11 <rbrunner> Pretty sure I remember that last time it was luigi who claimed the funds which I found a tad unfair
09:12:46 <recanman[m]> I'm about to fall asleep, but I want to understand the problem
09:12:58 <recanman[m]> This is because the monero wallet does not allow a null spend key, right?
09:13:02 <rbrunner> The tx building code hides in the most hideous mass of code that we have in our codebase
09:13:05 <recanman[m]> And the modification is removing that check?
09:13:53 <recanman[m]> How convenient
09:13:57 <recanman[m]>  * How convenient (I am joking)
09:14:30 <kayabanerve[m]> 0 has a 0 key image which is banned iirc
09:15:08 <recanman[m]> Could someone explain key images to me again?
09:15:22 <recanman[m]> I have a small understanding but completely forgot
09:19:30 <recanman[m]> s/have/had/
09:22:30 <bridgerton[m]> <MrTerminat0r> BRO
09:22:30 <bridgerton[m]> FRЕЕ GIFТ DISСОRD NIТRO - https://cutt.us/take-discord
09:24:57 <recanman[m]> I will go to sleep now, I will try later. Very interesting challenge
09:27:40 <sech1> kayabanerve[m] no, IIRC the key image was 01000....000
09:28:51 <recanman[m]> Is that the public spend key?
09:29:48 <kayabanerve[m]> sech1: That's the encoding of identity. The identity key image isn't allowed IIRC
09:30:27 <sech1> Then how did I manage to spend it 🤷
09:30:35 <sech1> all incoming tx had this image in that wallet
09:31:17 <sech1> or maybe I can't spend what I received in my wallet, I didn't check yet
09:31:56 <kayabanerve[m]> https://github.com/monero-project/monero/blob/master/src/ringct/rctSigs.cpp#L884
09:32:34 <kayabanerve[m]> You can't spend anything with a 0 output key under CLSAG. Seraphis explicitly bans 0 linking tags.
09:33:03 <kayabanerve[m]> A 0 spend key with a 0 view key will always produce a 0 output key. Even if it was spendable, it'd only be spendable once.
09:33:16 <sech1> but I think the view key isn't 0 there
09:33:31 <tobtoht[m]> Gratz sech1, I can confirm the 0.25 XMR has been claimed.
09:33:45 <tobtoht[m]> yes, view key isn't 0
09:34:07 <rbrunner> I hope these pesky cryptographers don't spoil all the fun :)
09:34:39 <kayabanerve[m]> Ah, for a non-zero view key, then yeah, it's claimable.
09:36:27 <sech1> So how do XMR end up in that wallet? Someone sending it on purpose, or some wallet bug?
09:36:51 <sech1> there are not that many transactions there
09:39:41 <rbrunner> I once sent in a little amount just to test whether you can transfer in normally without problems, which I think is the case. But no idea in general who sends there
09:39:53 <tobtoht[m]> There is a 9+1 XMR deposit (and subsequent recovery) attributable to a seed library bug.
09:40:43 <sech1> it was 9.08589+1 XMR, someone left 0.08589 XMR behind
09:40:58 <sech1> which was claimed ~10 days later
10:09:45 <tobtoht[m]> I think both those withdrawals were me. When I raced to recover the funds I went by what the person said they had deposited. I did send them back the full amount.
10:11:36 <tobtoht[m]> I kind of expected someone to have an autosweeper for this wallet, so I was surprised to find the remaining 0.085 still there when I opened the wallet 10 days later.
11:40:21 <plowsof11> <sech1> "So how do XMR end up in that..." <- a user was... packaging featherwallet ? and did something wrong? and created a version that would create a wallet with the exact same characteristics as the abbey 24x wallet, tobtoht can explain this is just from my memory 
11:43:53 <plowsof11> "So far, it looks like something with the way Feather was built for Fedora caused the monero-seed library to generate invalid seeds with null spendkeys." (release builds where never effected) and appears to be an isolated incident 
11:47:24 <plowsof11> and somewhere in this PR it was fixed https://github.com/feather-wallet/feather/pull/17/files 
14:05:35 <tobtoht[m]> IIRC, they/their package build system had removed an undesirable linker flag from our CMakeLists which caused some memory to not get initialized properly inside the monero-seed library. It produced valid looking mnemonic seeds, but encoded a null spendkey. Learned a valuable lesson about the importance of runtime tests that day.
14:12:03 <plowsof11> does anyone know anything about Glitter finance https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/396
14:36:46 <rbrunner> Hmmm. Googled and read a bit. Don't know. Begs the question, if they could rise USD 7.2, as per text, why do they need XMR 445 from us?
14:37:22 <plowsof11> indeed, they are very rich and sucessful 
14:40:13 <ofrnxmr[m]> singke handedly raisd 7.2m for this leaking faucet, i mean, money sink
14:40:18 <ofrnxmr[m]> Wheres the moolah
14:40:56 <ofrnxmr[m]> rbrunner:  my sentiments exactly
14:41:01 <ofrnxmr[m]> Also, the service is a joke if its just another privacy harming houdini condom tunnel
14:41:56 <plowsof11> https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/396#note_21685 i preemptively added your feedback ofrnxmr 
14:42:02 <ofrnxmr[m]> People need to learn, -100+100 with never = 💯
14:42:54 <ofrnxmr[m]> Much appreciated 
14:50:07 <MajesticBank> from wallets listed on https://www.getmonero.org/downloads/#mobilelight
14:50:21 <MajesticBank> only edge have trackers inside the android app
14:50:26 <MajesticBank> https://reports.exodus-privacy.eu.org/en/reports/co.edgesecure.app/latest/
18:38:57 <ComplyLast> geonic, is there any way/place to watch your short right now?
22:20:17 <geonic> it’s not released yet
22:21:02 <geonic> https://twitter.com/markofdistinctn/status/1662592776087953408?s=20
22:21:17 <geonic> this teaser has all the Monero bits in the movie
22:22:02 <geonic> and this is the official trailer: https://twitter.com/markofdistinctn/status/1634723732186071041?s=20