Posted on

GRAFT Wallets are Safe and NOT Affected by Double Counting Bug

As you probably know, most exchanges recently took offline all CryptoNote wallets (including Monero) due to Double Counting Bug. We tried to reproduce an exploit of the double counting bug with GRAFT master (current GRAFT version) to prove that GRAFT is not affected. In order to do that, we have prepared a special testing branch with the exploit: https://github.com/graft-project/GraftNetwork/tree/double-accounting-exploit, where we duplicated the “add_tx_pub_key_to_extra” call inside “construct_tx_and_get_tx_key(…)” method in cryptonote_core/cryptonote_tx_utils.cpp. The destination wallet with the bug was supposed to show the wrong (doubled) balance after the transfer from the exploited source wallet.

The destination wallet (GRAFT master, private testnet) before the test transfer shows 20 GRFT balance:

Now, we are transferring 10 GRFT from the exploited source wallet (private testnet), trying to “trick” the destination wallet:

The destination wallet after the transfer shows the correct amount (30 GRFT):

Here is the destination wallet log:

So this case is already handled in current Graft version (1.2.1), which is based on Monero v11, and the bug seems to be introduced in Monero v12, where subaddress functionality was implemented.

Therefore, current GRAFT wallets are safe for all users including exchanges.

Posted on

GRAFT Development Status Update June 2018

Supernodes and Real Time Authorizations

Let’s start from implementation of full supernode, which is essentially an implementation of real-time authorizations (RTA). Although we are close to the finish line, we do not release it yet to public alpha. We need more time for optimization, fine-tuning, and QA testing. One of the main reasons for the delay is an issue with communication. Unlike other two-layer cryptocurrency networks which use a separate mechanism for communication between their second-layer nodes, we reuse the existing peer-to-peer network as a basic transport. Our original algorithm finds the shortest and fastest routes between the supernonodes by maintaining a set of P2P tunnels through the network of cryptonodes. The main difference and greatest benefit of using the same communication base for two layers (both cryptonode and supernode networks) is not exposing the authorization sample’s supernodes – because in our design they are not required to have a public IP. Such design is the major difference and significant improvement comparing to other layer two implementations such as Dash masternodes.

Remember that one of GRAFT’s key differentiators and goals is absolute privacy initially provided by underlying CryptoNote blockchain protocol, which is the first layer of GRAFT platform. The fact that the auth sample supernode does not require a public IP attached to it makes GRAFT even more private and decentralized, because the supernodes are less dependant on regulated hosting providers. Without public IP the supernodes are “hidden” behind the large, distributed, and complex P2P network, which makes them less vulnerable to DDOS attacks. At the same time, the hosting and maintenance are less complicated and less expensive for supernode owners. (Note that wallet/POS proxy supernodes, which typically belong to service providers and large merchants, still require public IP address in order to be able to serve wallets and POS/payment apps).

However, such great benefits do not come for free. Along the way we found several issues in existing CryptoNote/Monero P2P communication implementation, which we are fixing in order to make it more efficient, stable, and suitable transport for our purposes. With that said, we anticipate the public alpha of supernode with RTA to be released by the end of July. Meanwhile, we will start a private alpha release for testing in a coupe of weeks, so if you are interested in helping us with preliminary testing please contact us at dev@graft.network.

While working hard on RTA implementation and getting ready to its production launch, we realized that hosting a supernode, either full (authorization) or proxy/gateway, requires a special DevOps skill set, so we are working through making arrangements and building relationships to provide turnkey solutions to supernode owners and merchant service providers.

Payment Apps

We are continuously working on improving the Verifone terminal app so it will be fully polished for production by the time RTA is released. As Verifone have written on their merchant marketplace website, where GRAFT app is listed as the Featured Apps Partner, “Our app partners are working around the clock to help empower our merchants with applications that enrich the customer experience and provide business productivity.” This is absolutely true statement, there is not much to add. Since the Verifone certification was achieved last month, we have done several improvements such as UI redesign (in both terminal app and our wallet), enhanced configuration utility for merchants, integration with CoinMarketCap for real-time exchange rates, and some bug fixes. Also, we are working on Ingenico terminal app integration into their marketplace.

One of important and promising features we are planning to develop is using NFC (Near Field Communication) for initial engagement between the mobile wallet and terminal app, so instead of scanning QR code displayed on payment terminal the buyer will just wave the phone (the same technology is used by contactless payment cards and Apple Pay). Implementation of such a feature will help improve both buyer and merchant user experiences and reduce the overall transaction time. We will keep you posted about our progress in this area.

We just finished design and now are ready to start implementation of the payment gateway which will facilitate GRAFT payments on online shopping platforms. Once implemented, integration with GRAFT payment gateway, among other features, will bring to online merchants and buyers a unique combination of absolute privacy and instant transaction confirmations (using RTA) – something they have never seen before. Plus, after we finish RTA and move to accept broker implementation, they will be able to accept various cryptocurrencies, while keeping the same benefits of privacy and transaction speed.

Wallet Apps

We finally redesigned the app downloads page on our website, so now it’s easier to find all our apps, including wallets, and their releases for various mobile and desktop operating systems: iOS, Android, Windows, Mac OS X, and Linux. In recent wallet releases, we fixed some bugs and added new configuration options. The upcoming wallet release will support purchases with real time authorizations using full supernodes (currently it supports a limited version of RTA on testnet only).

CryptoFind App

As our app for discovering and listing crypto-friendly merchants is gaining more popularity among crypto enthusiasts, we periodically release new features and bug fixes. In recent CryptoFind version, in addition to bug fixes, we added a possibility to take a picture of the GRAFT sticker on the merchant’s window so the users can earn better bonuses.

Happy Grafting!

Posted on

New Element of GRAFT Ecosystem – Stable Value Payout Token

Designing Payout Tokens and Real Time Decentralized Exchange

As we’re working on the design and development of the features defined in the original GRAFT white paper, we are monitoring industry trends, listening to the community, and constantly looking for new ways to enhance and extend functionality of GRAFT network and its applications. Currently, we are in a process of refining several sections of the white paper, adding new features that will help GRAFT become an even more comfortable place for both merchants and buyers. In order to do that, we are designing two very important ingredients: a payout tokens and a real-time decentralized exchange. These two new features will enable optimal flow of funds, either crypto or fiat between GRAFT users on both sides of retail payment transaction. We will publish information about those new elements of GRAFT ecosystem in this blog, in two different posts, before it goes to the next version of the white paper. The first article below describes payout tokens, and the second one, which will be published soon, will describe real-time DEX using atomic swaps on network of GRAFT supernodes. The product roadmap will be also updated along with the publication of the updated white paper.

GRAFT Merchant Token Platform:

Introducing Payout Token

Although recent version of the GRAFT white paper provides pretty detailed definition of merchant token concept, it does not contain (yet) some important details which are described in this article. In addition, we introduce a concept of payout token – a special type of a merchant token that will be used to facilitate merchant payouts in local fiat currency. Before we move to payout token definition, let’s refresh our memories to recollect the concept of a GRAFT merchant token, which is a foundation of GRAFT payout token. Here is the definition from the GRAFT white paper:
In addition to fast and inexpensive transactions, merchants place high value on customer loyalty and branding. This functionality will be enabled by the token layer of the GRAFT currency. The token represents domain (merchant) specific GRAFT use, and offers smart contract-backed functionality like loyalty point accumulation and use, reward points, sale discounts, spending discounts, competitor discounts, coupons and store credit. Merchant token is a predefined smart contract that allows creating a private token that belongs to its owner. Unlike some other smart contracts and token platforms, creation of GRAFT merchant token does not require any programming and can be done by anyone.
Note that merchant tokens are not equivalent to “open” smart contracts: we do not try to build another Ethereum platform. Unlike Ethereum-like smart contracts that can be unpredictably customized through programming, flexibility of merchant tokens is limited to their necessary features, which makes them simple and inexpensive but powerful tool accessible to a merchant of any size – from individuals and small businesses to large retail chains. In addition, the main features of each particular merchant token type will be supported by supernode DAPI and GRAFT wallet and point of sale apps. Thus, those features are going to be available for merchants and buyers “out of the box”.

Stable Value

Since Graft tokens (GRFT) are tradable, when they are used for merchant payouts directly, volatility may become a problem. We cannot ignore the fact that many merchants would like to be able to accept cryptocurrencies but prefer to get paid in their local fiat currency. This is their reality: merchants still need to pay for restocking, utility bills, and employee salaries in fiat. At the same time, they don’t want to be involved in cryptocurrency exchange business, and they need to be isolated from the financial details of the crypto business. In order to finally fill the gap and connect the two worlds – cryptocurrency transactions and fiat currency merchant operations – we have created a concept of a payout token, which represents a local currency and can be transacted on GRAFT blockchain in real time using the supernode tier of the blockchain. Payout token is based on GRAFT merchant token technology, similar to gift, rewards, and other merchant token types.

Underwriting

The main goal for creating payout token is providing an easy and reliable way for merchants to get paid in stable local fiat currencies while avoiding usage of centralized payment processors. Payout tokens are issued and maintained by responsible token underwriters (such as banks). When someone (payout broker, for example) is buying payout tokens from the token underwriter, the company generates a necessary amount of tokens and transfers them to the buyer in exchange to an equivalent amount of fiat currency. When someone (merchant or payout broker on behalf of merchant) is selling payout tokens back to the token underwriter, the company destroys the tokens and pays an equivalent amount of local fiat currency to the seller. Thus, payout token is always backed by sufficient amount of fiat currency, and its price always remains the same and equals to the corresponding fiat currency float. For example, 100 USDG can be always bought or sold for US$100. Payout tokens will be issued by licensed token underwriters only in exchange to equal amounts of fiat currency. Furthermore, the rights to handle particular payout tokens can be delegated (licensed) to local commercial banks or even national governments. At this point, we’re open to partnership inquiries from financial institutions interested in underwriting payout tokens tied to the local currency. Please email info @ graft.network or contact us through other means if you represent an organization that wants to get involved.

Details

VChain name for all payout tokens is always “GRAFT”. Each payout token subtype matches a particular local fiat currency. For example, GRAFT.USDG token (ticker: USDG) matches US dollar. Payout Token Naming Format GRAFT.[Currency Ticker]G Examples:
GRAFT.USDG GRAFT.EURG
 

Vlog Version

Special shout-out to Jose D for making this wonderful video version of this important blog post, making our ramblings little easier to digest. Thanks Jose!!!
Posted on

GRAFT Development Status Update May 2018

It’s time for another status update! Y’all are busy people, so let’s not waste any time and get right to the point.

Payment Apps

Let’s start from really good news – our Merchant Marketplace app just received certification from Verifone – big step towards GRAFT acceptance by brick-and-mortar merchants and a product of 6 months long development cycle in close communication with Verifone. We are working on improving this application as well as building apps for other major players in the area of hardware payment terminals such as Ingenico.

Also, we just started designing the online shopping cart integrations – the first implementation is going to be an integration with Shopify, one of the most popular online store platforms. While it’s not within GRAFT’s charter to produce all the integrations, we take it upon ourselves to provide reference integrations with few leading platforms, paving the way for the independent software developers to take GRAFT to all other platforms.

Blockchain

It’s not a big secret that GRAFT has been forked from Monero – in order to be able to reuse the best (as of today) implementation of Cryptonote protocol, which is the most secure blockchain protocol so far, at least for people who care about their privacy. The idea was (and still is!) to take the open source Cryptonote technology and use it as a tier-1 foundation of the future 2-tier application platform, when the 2nd tier consists of the network of full supernodes (please read the white paper for more details). So the GRAFT dev team was supposed to be mostly focused on design and implementation of the tier 2 from the beginning. Unfortunately, sometimes our plans diverge reality in unpredictable ways, and we admit that it was naive assumption. Instead of working on core development tasks, significant part of the team had to address several problems caused by network difficulty and timestamp manipulation attacks. As a result, we switched to more efficient difficulty adjustment algorithm, which is already used by a few other blockchains, and even managed to improve it. We also followed the majority of Cryptonote community and implemented ASIC-resistant code.

We appreciate a concrete help we receive from the community, including individual contributors zawy12 and jagerman – thank you guys! It’s also worth mentioning that our full time core dev team has been growing as well – we have added two senior core developers and project/product manager.

We are working on another potential modification – Cryptonote Heavy hash algorithm. Although the code change is ready, we are still testing, and haven’t made a final decision when (if at all) to switch to Heavy. We continue monitoring the situation in order to find the best time for changes that require major network update.

Real Time Authorizations (RTA)

Our top-most development priority right now is RTA and we’ve been hard at work doing the R&D and laying the foundation to meet our delivery timeframes. For those of you who are interested in details, here is the “10,000 foot view” of RTA – simplistic, optimistic sequence diagram of the RTA flow: Note that every line of text in this diagram correspondents to hundreds or even thousands of lines of the source code, so this diagram just demonstrates interactions between the main players, without going deeply into the details such as auth sample selection, fee distribution, message broadcasting, etc. We are working on various modules of the RTA so we could compile the full picture: supernode-ng server framework, porting DAPI/business logic into a new framework, and authorization sample communication, which includes both super-fast UDP-based direct communication protocol (for “urgent” messages) and “unhurried” protocol (for regular message transmissions) based on existing P2P implementation.

CryptoFind

Although CryptoFind was not designed to be the core product, its popularity recently skyrocketed, and so now we cannot imagine GRAFT without CryptoFind, which becomes the most comprehensive worldwide database of businesses that accept crypto. We have implemented some new features and improvements in CryptoFind since the last update: added a text search function, which allows you to find nearby points by name or type (cafe, store, refueling, etc.), enhanced the user interface, and created statistics page.

Network Monitoring

Also we are internally monitoring multiple parameters of GRAFT servers using special tools such as CloudWatch and Nagios, we thought that the community should be able to know about the basic status (“up/down”) in real time as well, without the need to ask and repeat the same questions on forums. So we have created a simple public network status monitoring page – don’t forget to check it out!

Happy Grafting!

Posted on

Verifone Certification Status Update

After working closely with the Verifone team over the last six months on developing and certifying GRAFT Network integration using Verifone’s brand new Connect application platform, we’re proud to announce passing of the main phase of the rigorous certification process as of the end of last week, making GRAFT one of the first applications on the platform and first one to enable cryptocurrency payments using Verifone’s interactive series payment terminals.

The integration app is running on the RTA Testnet, so not yet compatible with the Mainnet (pending Full Supernode release), and some of the configuration options are pending Verifone platform updates. However, merchants and other eco-system participants can start testing things out in preparation for the launch on Mainnet.

Overall, we’re very happy to be partnering with Verifone, excited about the push into enabling alternative methods of payment and other interactive applications on their formidable new terminal platforms.

The payment terminal space is quickly emerging and going through a transformation of its own, both on the device level with a “Single Unit” (POS/Terminal) conversion and on the software level with application platforms, opening up greater possibilities for innovation!

Posted on

GRAFT Major Network Update 1.2.1 at Block 68000

We just released a major network update 1.2.1. This update is intended to mitigate recent attacks on GRAFT blockchain and improve the stability of the block intervals. There are two major changes included in this release: timestamp manipulation prevention and improved difficulty adjustment algorithm. The major network update will be triggered at block 68000.

The block timestamp manipulation allows a miner with significant hashrate power to generate an alternative chain of several blocks and add it to the main chain. The corresponding code fix will disable this possibility.

The original LWMA-based difficulty adjustment algorithm used the same adjustment rate to increase and decrease difficulty. As the result, it was taking significant time to restore after a peak, leaving users suffering from a higher difficulty. In our novel approach, we introduce an adaptive adjustment rate, making return to a normal difficulty level faster. The mechanism detects a failing edge of the difficulty curve and change the rate accordingly, using the following formula:

The major network update is scheduled for block height 68000. Each GRAFT network node must be updated to the new software version before that block, otherwise, the node that wasn’t updated is going to be on the wrong version of the blockchain. Major network update means that if you are running the GRAFT network node (graftnoded daemon), you must upgrade it to the current software release as soon as possible. If you do not install the updated node before the block 68000, your node will be blocked by other nodes. Note that the users of GRAFT mobile and desktop wallets (GUI wallets) are not affected by the upcoming network update and don’t need to do anything – as long as they are still connected to the default proxy supernodes (if you are connected to your own supernode, however, do not forget to upgrade the underlying network node).

The source code of the version 1.2.1 is now released and available for download from master. The binaries of the new release are located here:

Ubuntu: https://s3-sa-east-1.amazonaws.com/graftbuilds/graft-1.2.1-20180422-release.tar.gz

Windows: https://s3-sa-east-1.amazonaws.com/graftbuilds/graft-1.2.1-20180422-win-release.zip

In order to check whether you are running the right version of GRAFT network node, launch graftnoded daemon in terminal window (in interactive mode) and type help command. If you are running the right version you should see Graft ‘Beta Lyrae’ (v1.2.1-release) in the first line of the help result.

Posted on

GRAFT Network Major Update 1.1.2 at Block 64445

We decided to make the major network update even sooner due to the problems with ASIC and difficulty the nertwork has been experiencing over the past several days. The source code of the patch version 1.1.2 is now released and available for download from master. The binaries of the new release are located here:

https://s3-sa-east-1.amazonaws.com/graftbuilds/graft-1.1.2-20180417-release.tar.gz (Linux)

https://s3-sa-east-1.amazonaws.com/graftbuilds/graft-1.1.2-20180417-win-release.zip (Windows)

The major network update itself is rescheduled for block height 64445.

Each GRAFT network node must be updated to the new software version before that block/date, otherwise, the node that wasn’t updated is going to be on the wrong version of the blockchain. This release contains the ASIC-resistance changes in the hashing algorithm and enhanced difficulty adjustment algorithm, which are supposed to protect GRAFT blockchain from most hashing attacks and stabilize the block intervals.

As another reminder, major network update means that if you are running the GRAFT network node (graftnoded daemon), you must upgrade it to the current software release as soon as possible. If you do not install the updated node before the block 64445, it will be disconnected from the mainnet after block 64445.

In order to check whether you are running the right version of GRAFT software, launch graftnoded daemon in terminal window (in interactive mode) and type help command. If you are running the right version you should see Graft ‘Beta Lyrae’ (v1.1.2-release) in the first line of the help result.

Note that the users of mobile and desktop wallets are not affected by the upcoming network update and don’t need to do anything – as long as they are still connected to the default proxy supernodes (if you are connected to your own supernode, however, do not forget to upgrade the underlying network node).

Posted on

Patch 1.1.1 Has Been Released – Major Network Update on Block 65110

We decided to make the major network update sooner in order to minimize the possibility of hashrate attacks. Patch version 1.1.1 is now released and available for download from master. The major network update itself is rescheduled for block height 65110, around April 14th.

Each GRAFT network node must be updated to the new software version before that block/date, otherwise, the node that wasn’t updated is going to be on the wrong version of the blockchain. This release contains the ASIC-resistance changes in the hashing algorithm and enhanced difficulty adjustment algorithm, which are supposed to protect GRAFT blockchain from most hashing attacks and stabilize the block intervals.

As another reminder, major network update means that if you are running the GRAFT network node (graftnoded daemon), you must upgrade it to the current software release between now and April 14th. If you do not install the updated node before April 14th, it will be disconnected from the mainnet after block 65110.

In order to check whether you are running the right version of GRAFT software, launch graftnoded daemon in terminal window (in interactive mode) and type help command. If you are running the right version you should see Graft ‘Beta Lyrae’ (v1.1.1-release) in the first line of the help result.

Note that the users of mobile and desktop wallets are not affected by the upcoming network update and don’t need to do anything – as long as they are still connected to the default proxy supernodes (if you are connected to your own supernode, however, do not forget to upgrade the underlying network node).

Posted on

GRAFT Community Mining Pool – Required Miner Configuration Change and Software Update

IMPORTANT UPDATE April 12 – PATCH 1.1.1 HAS BEEN RELEASED – MAJOR NETWORK UPDATE ON BLOCK 65110

GRAFT Community Mining Pool (http://grftpool.com) has been updated to comply with the upcoming major network update which will change the hashing algorithm on April 14 (block 65110). In order to continue mining (even now, before the network update took place) you should update your miner’s configuration (and software if necessary) to be compliant with the recent changes. The new version of the miner with the new configuration is supposed to continue working after the network update as well, without additional changes.

You should change the current mining algorithm setting from “graft” (if you use XMR-Stak miner) or “cryptonight” (for other miners) to “monero7”. If your version of miner doesn’t support this algorithm, you need to update it to the latest version. Almost all popular miners already support “monero7” algorithm.

Posted on

GRAFT 1.1.0 ‘Beta Lyrae’ Has Been Released

IMPORTANT UPDATE April 12 – PATCH 1.1.1 HAS BEEN RELEASED – MAJOR NETWORK UPDATE ON BLOCK 65110

We are excited to announce the release of major GRAFT network update version 1.1.0 ‘Beta Lyrae’ to the master / mainnet! Multiple tests are passed, and all the seed nodes are updated. The major network update itself is scheduled for block height 67850, about a week from now on April 17th. Each GRAFT network node must be updated to the new software version before that block/date, otherwise, the node that wasn’t updated is going to be on the wrong version of the blockchain. This release contains the ASIC-resistance changes in the hashing algorithm and enhanced difficulty adjustment algorithm, which are supposed to protect GRAFT blockchain from most hashing attacks and stabilize the block intervals.

As another reminder, major network update means that if you are running the GRAFT network node (graftnoded daemon), you must upgrade it to the current software release between now and April 17th. If you do not install the updated node before April 17th, it will be disconnected from the mainnet after block 67850. In order to check whether you are running the right version of GRAFT software, launch graftnoded daemon in terminal window (in interactive mode) and type help command. If you are running the right version you should see Graft ‘Beta Lyrae’ (v1.1.0-29ae686) in the first line of the help result. Note that the users of mobile and desktop GRAFT wallets apps are not affected by the upcoming network update and don’t need to do anything – as long as they are still connected to the default proxy supernodes (if you are connected to your own supernode, however, do not forget to upgrade the underlying network node).

And finally, we would like to thank everyone from GRAFT community who contributed to the first major GRAFT network update by providing their feedback! We appreciate your support! We look forward to working together on our next major milestone – alpha and beta releases of RTA (real-time authorization) functionality of full supernodes. Stay tuned!