Please login or register.

Monero Tracking Challenge #2

XMR500.26

funded of XMR500.00 target

9 individual contributions
100.05%
100.052% Funded
0 payouts
XMR500.26 balance available
0% Paid Out

Special Note on Fraud Prevention

In order to guarantee that prize funds are not distributed until the community agrees that the contest was indeed conducted fairly, we should store the funds in an n-n-multisig wallet held by prominent members of the Monero community.

What

Crowd fund the next Monero Tracking Challenge prize. Round #1 has ended and been judged (no solutions were submitted via the publicly auditable submission method. See the site for details).

In this 2nd iteration, in order to attract high quality contestants, we would like to raise a substantially greater prize (round 1's prize was 23 XMR).

If there is no contest winner, the prize will roll over into whatever funds are raised for the 3rd contest.

Proof-of-Fairness:

  • As with last round, solutions are publicly submitted for all to see, so that the contest judge cannot hide submissions from the public.

  • After the contest end time, all viewkeys and key images will be published, so that the public can audit the "hidden" funds and ensure there was no cheating.

  • Contestants who submitted a correct solution wlil be required to:

    • Demonstrate the methodology used to link the two addresses together in sufficient detail to convince at least 2 of the 3 judges (judges appointed prior to ffs approval, they should be trusted community members) that the integrity of the protocol was indeed compromised.
    • The panel will have x days (however long they request, will have to coordinate ahead of time) to review each eligible submission.
    • All panel findings shall be publicly published
    • Prize funds are under sole control of panel (most likely in the form of a multisig wallet).

Who

  • Riiume - A senior software developer with a bachelor's in pure mathematics from MIT (see signatures); creator of the "Monero Tracking Challenge" and the tool (from before Segwit was locked in) SegwitPoolsData.

  • Other devs who would like to contribute in some way,

    • e.g. Setting up an n-n-multisig wallet to host the prize funds (the "hidden funds" will be a separate, smaller amount that participants must track). Excellent opportunity to showcase this new feature of Monero.

Why

Last round brought a lot of publicity to Monero (link, link, link, also the reddit views on /r/cryptocurrency, /r/monero, /r/xmrtrader).

Several community members have suggested that the contest would garner more & stronger participants if we increased the prize pot, and that the subsequent media coverage would likewise be larger.

Milestones

  1. Update http://monerotrackingchallenge.com for round 2, including specifying the exact start and end dates of the round.

  2. Create Wallet_Alpha_2 and Wallet_Omega_2 for round 2, along with one or more intermediate wallets.

  3. "Launder" the target XMR (different from the prize pot XMR) from Wallet_Alpha_2 to Wallet_Omega_2 before the start time of the contest.

  4. Publicize the contest via reddit and twitter.

  5. Judge the contest once it ends. Publish all necessary keys for auditing.

  6. Publicize contest results.

Expiration

Contest shall kick off no later than April 5th, 2018, 18:00 UTC.

Sigs:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

MoneroTrackingChallenge #2 proposal, 2017/08/18 11:25 UTC
This is /u/riiume ([email protected]) ([email protected])
PGP fingerprint 1: 394CCBC67B0EC0AA519AB6E62C2EBB579DD637C8
PGP fingerprint 2: BE9209A6C773FBF91E4ED2E425C33539331B6406
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZls8CAAoJECwuu1ed1jfIL+MH/3ddzuxVUQtHwrCkarNgQ7/y
pjkhqOrU4yXbqXIlryhHI7949+iX/ISEmAJM9o8VM53MMZL6EStuxnuumc8SNqSr
G1/U4cyDoUUx3BCs0eafQNmvyUxemJnjZHdfHzTEBc/s8w6TVK0UT2jNJdUTJsal
Uor1eziIlejIH6WyKV4Lt13C3vfxdnkrtgW6/4pExb/wohdsoysfRUuViWiKW3Wd
gDQr+Wq98gjI1HFt2KQ5LMSTW88b6p6bs/8MPHRyubS368iBnV49ieV+1200C+Th
37AtFskunahijCgraevUBpza4sntjTkgcNzEEFJ1zdtq9lTlz3MCi4Xqw9aFsbk=
=HSSq
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

MoneroTrackingChallenge #2 proposal, 2017/08/18 11:25 UTC
This is /u/riiume ([email protected]) ([email protected])
PGP fingerprint 1: 394CCBC67B0EC0AA519AB6E62C2EBB579DD637C8
PGP fingerprint 2: BE9209A6C773FBF91E4ED2E425C33539331B6406
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZls8sAAoJECXDNTkzG2QGNsgH/0zM+fdE7O2JVF0iG8tNo1mH
OH92FK44MTpHg2OEB6jOXQo2pDcg+dJkVu8nFZ8Frzmh0p/j5cHhd7IGA0TVQzbb
T9tJfBReR5IVjxUdeXmhRo2Nw0fmjQ3Bl5dnOwPzuHa/ruo3U8Rodoc/buRb7Gq8
UMzAdQ9mKAQp11nd7NNGNZp0JLqgBr58drUAll03aCVG1DTASW+AFq3VuehsI1B9
Reu5E2X8jwSZh98MFg8oxHqeWAJDviu7gJH9ILvbIo2UZB/QuWnj5heFiyhSyUWj
d6CCJuhkPNZtvUJzkoS02G/OhjaPXCJ87WW3M1x9GLxwjkpQ9alNrlTAtFwjFxE=
=gBvS
-----END PGP SIGNATURE-----
Replies: 10
JollyMort edited 5 days ago Replies: 2 | Weight: 0 | Link [ - ]

I will quote what bigreddit machine posted here:

>The challenge in a sense has a "trusted setup," meaning that creator (in this case /u/Riiume) could at any point submit the correct answer. The rules require only that the final destination address be submitted, which the creator (whoever that may be) would know. When the challenge is funded by the creator, the only motive to cheat and submit the correct answer (under a pseudonym) would be as an attempt to FUD Monero's unlinkability. But, if the funds are coming from anyone other than the person doing the setup, that person could submit the correct answer and win the money. Of course there the Catch-22 associated with the fact that a correct answer would likely lead to a drop in the price of XMR, but free money is free.

So, we have all the good reasons to suspect that the 1st challenge was a just a farce to make the community buy into the fundraising. The author of the 1st challenge was at 0 risk of losing his funds, since you can't really determine the address from an output. For more info, look here.

I believe the author is fully aware of this, otherwise he wouldn't offer his funds for the 1st "game", and it was just the first step of a sophisticated scam.

Judge for yourself. The only way for someone to determine the address is if the game creator leaks some info or is hacked.

Reply to: JollyMort
riiume edited 5 days ago Weight: 0 | Link [ - ]

JollyMort, I only created this FFS at the behest of numerous members of the community (link, link, link, link).

Do you have any additional technical mechanisms by which we can ensure the contest is conducted fairly?

Note: if you will consult the submission procedure from the previous contest, you will see that I am already requiring the solutions to be posted publicly via cryptograffiti.

If it is technically impossible to make this contest #2 work then I will happily withdraw it and not waste any more of my time or money.

> Good reason to believe the 1st challenge was a farce.

No you don't; it's WITHIN THE REALM OF POSSIBILITY but you don't have "good reason". All solutions were PUBLICLY SUBMITTED FOR ALL TO SEE. If someone had submitted a correct solution, there would have been no way for me to hide that fact.

Furthermore, I published ALL VIEWKEYS and KEY IMAGES, so you can fully audit everything that went on during the contest.

Also, I'm the guy who raised a bounty for an Android lightwallet (and the bounty is still in effect, i posted the auditing keys).

It's a theoretical possibility that I'm a scammer, but to say it's "likely" is beyond bullshit. Fuck you.

Reply to: JollyMort
riiume edited 5 days ago Weight: 0 | Link [ - ]

I made some updates to the terms that should probably increase transparency and community control over the project.

anonimal edited 5 days ago Replies: 1 | Weight: 0 | Link [ - ]

Hello Riiume,

Though this tracking challenge is an interesting and fun idea, Monero has an official Vulnerability Response Process and HackerOne account; both of which are used for responsible disclosure of Monero exploitation. We also currently have a bounty amount of 500+ XMR.

As the others have noted, there are flaws in the design of this tracking challenge but perhaps the rules can be amended to work in favor of our VRP?

Reply to: anonimal
riiume edited 5 days ago Weight: 0 | Link [ - ]

Yup I'm open to any additional procedures that would preclude even the possibility of fraud.

Holding the prize funds in a multisig wallet is a good first step-- this way the prize will not be disbursed unless there is total consensus that the contest was conducted fairly.

JollyMort edited 5 days ago Weight: 0 | Link [ - ]

Sorry man, if you're honest - I appreciate the effort. If you're a scammer - then fuck you, too! :)

Problem is, we can't really tell which is the case until it's over, and it's really the game maker who decides when it will be "over".

>Do you have any additional technical mechanisms by which we can ensure the contest is conducted fairly?

Yes. I make wallets Alpha and Omega and keep the knowledge of the right solution all to myself.

See the problem now? You'd have to trust me not to attempt to use that info to claim other people's money. And even with a "committee", I see it going wrong as someone could come with the right solution but bullshit invented way he got it - wasting everyone's time and energy and making room for a lot of FUD. And it would all depend on me keeping the solution to myself. Problem is, that fairness requires "proof of not knowing", which is impossible to produce.

You say you're a math bachelor. Then you should be well aware that it's impossible to get the right address without the game maker leaking the info. If A+B+C = X, and I tell you the X, can you find A and B? Didn't think so. To determine the address is basically the same kind of problem.

As long as you offer only your money, I see no problem with the game. And there's no way you can lose the money unless you get hacked or leak the solution for whatever motive. Good PR, that's all.

>All solutions were PUBLICLY SUBMITTED FOR ALL TO SEE. If someone had submitted a correct solution, there would have been no way for me to hide that fact.

That's not the problem I point out. That "someone" could be you or your assistant - and that's the real problem. If it's your money in the reward pot, it doesn't matter. If it's community money, that risk is another story.

>It's a theoretical possibility that I'm a scammer, but to say it's "likely" is beyond bullshit. Fuck you.

Ok, I understand why you might be angry. However, emotions don't change the facts and facts are:

  1. On the first challenge, it was only the game maker funds at risk and he was at 0 risk of losing them, considering how stealth addresses work.

  2. The whole way the 1st game is set-up is overly complicating what the game essentially is: I tell you the output, you tell me the address it was sent to. Sure, thanks to all the gimmicks it made a good PR impact among many who don't understand technical details of how Monero works. Even if the author revealed the final TX it would still be impossible, but then the game would not look as interesting.

  3. Nobody submitted the answer to the 1st game (well, of course - since it's impossible).

  4. Game maker now tries to raise money from other people, propping up useless (useless for this purpose, not in general) gimmicks like GPG signatures and multisig, all to make people feel more safe, while avoiding to deal with the real liability here: him being the one who knows the right answer.

  5. For the 2nd challenge, it would be a big pot of money which could be claimed by whomever gets the info from game maker. Since it's not anymore only his money, game maker has monetary incentive to collude with someone and claim the reward himself.

  6. The panel/judges may be able to prevent someone from taking all the money, but at the expense of potential drama if someone who claims the reward comes up with some BS invented explanation and then the discussion drags forever and generates a lot of FUD.

Yes, I say "sophisticated scam" because it's impossible to tell it's a scam until it's over. And with rolling reward it would only build trust while making the prize bigger and bigger at the same time.

xmr_eric edited 5 days ago Weight: 0 | Link [ - ]

I share the concerns of those below, and will not be donating.

kenshi84 edited 5 days ago Weight: 0 | Link [ - ]

I can't help but share the concern with JollyMort and anonimal; this doesn't seem like a proper way to hunt down potential vulnerabilities in Monero.

fluffypony edited 5 days ago Replies: 1 | Weight: 0 | Link [ - ]

Donated 50 XMR from the general donation fund

Reply to: fluffypony
riiume edited 5 days ago Weight: 0 | Link [ - ]

Thank you!