Potentially Huge Bug On Steem Blockchain
@heartsgoldcrown is a new user on Steem. They were telling me about some trouble posting on Steemit. They were being told they were out of RCs.
Clearly, the account has plenty of RCs, so I didn't believe @heartsgoldcrown when they told me they were having this error. Must have been something else.
So I got the posting key and logged in myself. To my surprise, the bug was described in full accuracy. This account can't post to the Steem blockchain despite having more than enough RCs to transact.
At this point I was wondering if this was somehow a bug with Steemit. Rather than ask for the active key I added @heartsgoldcrown's posting key to my busted @drugwars bot.
"Account: heartsgoldcrown has 33880174314 RC, needs 93126633 RC. Please wait to transact, or power up STEEM."
So the account needs 93 million RCs but it has 33 BILLION?
Neat... super cool.
I feel like I don't have to explain how serious of an issue this is.
This is hands down the worst bug I've ever seen on the blockchain by a huge margin.
It leaves me wondering: How does the network decide if someone has enough RCs or not? Is it centralized? Is this an easy way to censor users from transacting on the blockchain?
It also leaves me wondering if there is some kind of problem with Steemit delegations to new users (or perhaps delegations in general) 100% of the RCs on the account are from the standard 15 coin Steemit delegation.
The plot thickens
hm... nope Steemit isn't the one delegating to this account. It's @lyndsaybowes. Wow this is so much worse.
@lyndsaybowes is an avid supporter of @fulltimegeek and vice versa. In the wake of @fulltimegeek's bot-war with @berniesanders, we saw that Steemit was more than willing to start deleting @fulltimegeek's presence from the platform:
steemit-shadowbans-fulltimebot-net
Needless to say, it looks bad if accounts made by users who are fighting with the established powers are no longer allowed to transact on the blockchain. That would completely undermine all the censorship resistance we claim to have.
Delegation Incoming
I just delegated 5 SP to @heartsgoldcrown. The transaction worked.
Delegation Removed
It appears that this solved the problem. The account is now able to transact on the blockchain using the original delegation. Very weird.
Conclusion
I fully expect that I am completely out of my element here and there is some logical explanation as to why this has happened (other than users actually being censored). If not, I have some tough power-down decisions to make.
Seriously though, I demand to know how the network decides that an account has enough RCs or not. Shouldn't the transaction be broadcast regardless and it's up to the witnesses whether to process it or not? I am very concerned.
There are many things here I can not answer regarding technical issues, but there are a few things I can answer.
FullTimeGeek was not banned from the blockchain, SteemIt.com decided to stop displaying his posts. Those are very different things.
The witness do not review blocks before signing them. I do not believe they have the ability to decide what they will and will not include in a block they just sign the block. ;) As I am sure you are aware it is a rotating list of many people and it moves forward every three seconds, if they were not signing blocks based on what is in the block we would see that.
The problem with this post is only that it confuses so many issues.
I am curious why the account couldn't transact
Here are a few things that come to mind as potential issues: With zero investigation.
Steemd.com was displaying incorrect RC credits. Or there is a bug in the actual code with checking for RCs.
I'm unclear on how to test it, but the Lindsay part makes no sense when you speak in terms of injecting information into the blockchain.
Steemd.com (and Steemworld.org) were showing the correct number of RCs.
The problem was fixed when I delegated 5 coins and then undelegated those 5 coins.
Never said that he was, in fact the link that I posted to the original topic is more than clear.
I'll I'm saying is that this is a potentially very serious centralization issue that needs to be addressed. Witnesses aren't even the ones checking to see if users have the RCs to transact on the blocks they are creating? Ridiculous.
I will admit I get a bit sensationalist with the whole conspiracy angle.
Well the only thing about it is, at first I was interested in the bug and was going to try to escalate it..
But after the rest of it, it was hard to take seriously. (for me, I'm sure many who don't understand the tech will jump on board and call it a conspiracy)
Well, if the RC's from @lindsaybowes were correctly reported, then there's some issue connected to the source of the RC's, since @edicted's delegation solved the problem. Regardless of uninformed speculation based on those facts, this is an issue that needs to be understood - if only to forestall further speculation and the FUD that inevitably generates.
Thanks!
Centralization conspiracy?
Posted using Partiko Android
It might be that @fulltimegeek delegated the 15 SP using @steemit?
Steem had so many potential. Sadly, the whales and their lazy and greedy ways pretty much condemned this site to be an eternal niche. I seriously doubt we'll ever become mainstream... and that's fine for me. Because every time a site becomes mainstream, I leave.
Honestly we only need like 10 programmers here who don't limit their development to short-term ROI projects.
If any of those programmers create a decentralized foundation for other developers to get paid to help, that app could easily go viral.
I like what the eSteem team has been doing. If the ESTEEM tokens start having value, the new points system from eSteem will be a good incentive for people to engage more and to auto-upvote less. 😊
I feel that this is caused by the hack that steemit.inc did to "fix" the problem of RCs when they introduced that hardfork.
They basically multiplied everyone's RCs. Which works just fine accept for the very bottom.
I feel this because it is the exact same problem new accounts were having back then.
So.... something like, you need 93 million, and you really only have 33 million (not billion) for this single transaction.
It's a bad bug :/ I noticed it in testing with an account for KURE. Witnesses don't have any contronl over block by block processing on the chain. It's only validating blocks and keeping them flowing.
Do you have a nominal understanding of the particular mechanism that Steemit nodes deploy to single out the accounts they do not display? I am aware of the unredeemable list on github, but not how that list is used. Could there be some knock on effects on other accounts from that particular mechanism, or is the account you noticed it happening to unrelated to that censorship mechanism?
Also, it may be time for KURE. I've seen you are really achieving full functionality. Does KURE also feature that censorship engendered by using Steemit nodes, or are there other options? I hope MIRA quickly enables many more nodes to come up. I'd like to see KURE enable accounts themselves to prevent the spam Steemit has chosen to censor at the node level, and this compromises the utility of Steemit nodes at a very basic level.
I don't even know it that's possible except other nodes are available, and have no clue whether that would be a tall order for you to program. I hope it's not, because if users themselves can make use of the unredeemable list to stop the spam it would provide a viable alternative to centralized censorship that is beginning to be effected on the Steem blockchain, and I would hate to have to predict how that will eventually turn out. KURE could prevent that from happening on Steem, if it can be done, by putting that power in the hands of the community, where it belongs.
Thanks!
It's just the site Steemit and the condenser code that has that list of accounts they block. It's a frontend thing, not a blockchain thing.
The account I tested was new, I didn't delegate anything to it or just 15 SP, and was getting a resource denied for a post attempt, but it was saying I only had X when it needed X-5000 for example. So i had enough. That's the bug.
KURE doesn't use the Steemit list, or any list. It's not nodes, it's just the site. @edicted mentioned that a while back, to allow accounts to block people on their page, I think it was. Enabling that functionality is part of the plan in the future ;)
Well, my information was provided by @a-non-e-moose who is my source regarding nodes. I note that Steempeak also features the censorship, and not Steemit alone. I have been told Busy also does, but less so, as there seem to be other nodes they use also.
Steemit.com can't censor Steempeak.com, nor Busy.org, so something off the website itself is part of the mechanism.
Edit: I'd like to be able to censor certain automated comments that are blowing up my notifications. That would be great!
Sounds like the entire blockchain is being bottlenecked through a single Steemit server on the East Coast. Cool.
As for your conspiracy, I see where you are coming from. The question I have is if there was that centralized decision, why would Steemit delegate the SP to the account in the first place?
It does have the ability to remove SP from accounts (which I understand it does in the case of non-use).
The original delegation did not come from Steemit, but from @lindsaybowes.
You do mean Steemit can undelegate their own funds from unutilized accounts, and not take funds inactive accounts possess, right? I'd appreciate clarification on that point, as those are two very different matters.
Thanks!
thanks for getting my account back up and running sir
you have a great afternoon
peace
You may have discovered a bug in Steem RC and any bugs in the code need to be addressed properly. As far as I'm aware Steem doesn't currently have a bug bounty system (please correct me if I'm wrong) but I think that perhaps there should be one.
Yes, I got the same problem w/ another account can't transfer money out.
Did you try posting without you SP delegation through another interface?
Did Busy or Steempeak give you the same problem?
yeah i tried posting using the dsteem API.
My old broken drugwars bot
same error
Sometimes a bug of this kind is like rebooting your PC to fix it.
Posted using Partiko Android