pull down to refresh

What do u think about exploiting a bug in a protocol/piece of software rather than disclosing it?
Im not sure if thats what happened here but it smells like it!
super_testnet is a developer himself and i believe one of his apps was exploited rather than having the bug responsible disclosed. But i could be wrong.
But if thats how things work it may just be a sign of the times
i believe one of his apps was exploited rather than having the bug responsible disclosed
The guy who exploited anigma.io responsibly disclosed the bug in a private dm. I didn't know how to fix it at the time and I didn't want to learn how because I was tired of the project, so I put up a warning banner that the software is compromised and called it a day
I did not responsibly disclose the off-by-one bug, in fact I didn't know if there was a bug or how the ord software would handle my weird transactions. I just thought "These will probably crash their block explorer" and then tried them on mainnet to see what would happen.
Also, their block explorer did not immediately appear to be broken in any way. My transactions were mined at midnight and nothing seemed wrong when I checked the ord explorer website, it seemed to be working fine and in the ordinals discord no one noticed anything weird immediately. So I went to sleep thinking nothing meaningful happened. It was only this morning that someone linked me to an issue on the ord explorer github page about my weird transaction, and I discovered I unknowingly introduced an off by one error into their software (or rather exploited an existing vulnerability that I didn't realize was there). Off by one errors are notoriously nefarious in that they are not usually immediately obvious but then something breaks horribly later on.
Also, even though my transaction didn't crash ordinals.com, it did crash other ordinal indexing software that other people wrote, including one by unisat that is the basis of ordinalswallet.com.
reply
You rock
reply