Tag: android

Careful when using Cross-Platform cryptocurrency code!

Fortune

Using the same wallet on your all your devices sounds brilliant, doesn’t it? Not having to wonder how a software wallet differs from what you’re used to or if it’s safe and does what you want is a good way to simplify your life. Also converting a stranger to Bitcoin or other cryptocoins is much more likely to happen by showing off a mobile wallet than from sitting the person in front of a PC for minutes. Not only are you likely to have your phone on you when ranting about Bitcoin, but there’s also the convenience of always-synced SPV wallets that hides the terrible weight of downloading the blockchain when booting your core wallet. So should you work out a way to use the same wallet on your mobile and your PC?

The first problem is that there’s actually very few cross-platform wallets; because there are few cross-platform technologies that work well for this kind of software; any sort of middleware to make the user interface work on all platforms without re-coding anything probably doesn’t work well at all if you code to PC first and then try to cram the UI on a tiny smart phone screen.

So let’s assume you choose a wallet that was coded first for your mobile phone; then running it on Windows should at least get you a workable experience since since the screen and mouse can replace the touchscreen.  That means your wallet was coded with the few cross-platform technologies that are workable right now, for example Java, JavaScript or some other virtual-machine based system.

There are platforms like Meteor to do this, which basically wraps up and packages a web app inside a bundle compiled for the target platform.  It might work, but how much of the security model is respected while using something as kludgy as node.js and lots of glue on your cell phone?  How much of the same standard code is being reused on both machines? I don’t really know, but I think the only reason we don’t hear about hacks on this stuff is because they’re not yet practical enough to be in widespread use.

There are no guarantees a specific JavaScript engine will respect all the math functions a wallet requires. Unless the engine or the wallet itself have been thoroughly tested and certified to run flawlessly on both engines you’re using then a single difference in a floating-point operation could “corrupt” your wallet.  So although you CAN pick a cross-platform wallet and there are a few notables that have spent a lot of time and effort making sure they work correctly, it’s simpler to use a technology that has standard maths in the first place, for instance using the same standard Virtual Machine on both platforms or VM Containers to ensure there really is no difference in what code you are running. For all practical purposes, right now this comes down to either using Java technology or a Docker or similar Container.

After you’ve spent ours searching for options, gave up and decided to use an Android wallet in a virtual machine like BlueStacks with a Java Core that can be run in a standard Java VM for more serious server applications, you will probably want to export/import the private wallet key to all those platforms to have instant access to the same wallet on all your machines.  And guess what, it works!  But only if you’re using a certified VM/language and the wallets use HD ecdsa keys (Core 0.10+).  Otherwise when you generate a new receiving address on one of the wallets,  you won’t have it available on any other platforms.  Meaning you will lose money if it’s sent to an address you can’t reproduce.  You should test beforehand to see if you the public/private subkey generators work in the same way on all your machines and how well you can import/export them before using them for any amount of money. You’ll be glad you tried it before putting too much money on the line.

 

What happened to Worldcoin HD Android wallet

Fortune

One problem when working with coins that are out of ICO is that it’s difficult to stay motivated and developing for very little reward or investing time and money without any kind of support from the community. TLDR; that’s what happened to the Worldcoin HD wallet.

In 2013 we released the first full Worldcoin wallet on Google’s Play store.  It was based off the very popular Bitcoin android wallet by Andreas Schildbach and associates, with the Scrypt hashing code reused from another Scrypt wallet. This was a major step forward for Worldcoin because there were few cryptocoin developers with Android experience at the time.

The app worked very well and we had very few problems with it. Meanwhile the Bitcoin wallet received important updates to security and features, including things like highly-deterministic addresses, support for multi-signature and pay-to-script-hash transactions and the serious denial-of-service bugs from versions previous to 0.8.3.  This all sounded like great ways to improve Worldcoin so a new wallet version was made that included all the updates and more.  Sadly because of an incompatibility between Java’s and Android’s keystore tools, the old wallet couldn’t be updated directly.  A new app was created instead called Worldcoin HD and the old wallet was labelled obsolete in the store.

The HD wallet had features that were not even officially supported by the Worldcoin Core yet. so we also updated Worldcoin Core to 0.10+ with all the DOS issues fixed, but that was never officially released.  While we were working on getting support for an official Core release, we discovered that new seed nodes lists were needed in all wallets and that a net split had gone unnoticed for a while. Updating the seed nodes should have been trivial but we discovered that the 0.10 Core wallet would no longer validate the whole blockchain after fork was resolved.

Someone had used the net split to poison the blockchain with some of those DOS issues that were going to be fixed in the 0.10 Core.  Since only one pool was using the 0.10 Core with the stricter validation code, these DOS-causing transactions had made it through for weeks after the code update was available. For example one bad block has so many tx-out that even with a large amount of RAM and a SDD, the 0.10 Core takes forever to validate.  The old Worldcoin Core just ignores the problem and muddles on through.

With no one asking for the 0.10 update and a fork that couldn’t be rolled back, all work on 0.10 and HD wallets was simply abandoned.  The Worldcoin HD code probably still works and Core could be upgraded to 0.10+ with enough miner support in the future but we haven’t done any of the work or expenses necessary to even keep the app listed on the Play store. If anyone would like to simply add new seed nodes and upload the code to a new app entry on the Play store, the code is still available on the.Worldcoin github.

I think it’s safe to say that the real value of a cryptocoin isn’t in the technology or the economic wizardry, but in how strong a community can be built around it.