Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
To understand what Zold cryptocurrency is about you may want to watch this video first. Then, you may want to read this blog post. Then, you have to read the Green Paper (just four pages). In a nutshell, Zold is a cryptocurrency with the following features:
More details you can find in the White Paper.
You can also find us at the Bitcointalk forum.
Join our Telegram group to discuss it all live.
You can try the web wallet here, but the best way to use Zold is through the command line tool, which has all the features and should remind you Git, if you are a programmer.
First, install Ruby 2.3+, Rubygems, and the gem. Here is how.
To make sure it's installed, try:
$ zold --help
You will need RSA private and public keys in ~/.ssh
.
If you don't have them yet, run this in order to generate a new pair
(just hit Enter when it asks you for a password):
$ ssh-keygen -t rsa -b 4096
Then, create a new wallet (instead of 5f96e731e48ae21f
there will be your
personal wallet ID, use it everywhere below):
$ zold create
5f96e731e48ae21f
Then, push it to the network:
$ zold push 5f96e731e48ae21f
Then, give this ID to your friend, who is going to pay you.
When the payment is sent, ask him or her for the ID of the wallet
the payment has been sent from and then fetch that wallet
(let's say it is 5555444433332222
):
$ zold fetch 5555444433332222
5.00 ZLD added to 5f96e731e48ae21f: To my friend!
Now, you have the money in your wallet!
Next, you can pay your friend back:
$ zold pay 5f96e731e48ae21f 5555444433332222 2.50 'Here is a refund'
-2.50 ZLD added to 5f96e731e48ae21f: Here is a refund
Finally, you have to push your wallet to the network so that your friend knows about the payment:
$ zold push 5f96e731e48ae21f
That's it.
You also can contribute to Zold by running a node on your server. In order to do that just run (with your own wallet ID, of course):
$ zold node --invoice=5f96e731e48ae21f
Then, open the page localhost:4096
in your browser
(you may need to open the inbound port at your
IP firewall).
If you see a simple JSON document, everything is fine.
Next, hit Ctrl+c and run it again, but with --nohup
:
$ zold node --nohup --invoice=5f96e731e48ae21f
Now you can close the console;
the software will work in the background, saving the output logs to zold.log
.
The software will update itself automatically to new versions.
The software will never stop, even if it crashes internally with any error.
In order to terminate it forcefully, do:
$ killall -9 zold
Grateful users of the system will pay "taxes" to your wallet for the maintenance of their wallets, and the system will occasionally send you bonuses for keeping the node online (approximately 1 ZLD per day).
If you are lost, run this:
$ zold node --help
You can run a node in a docker container also, using yegor256/zold built from this Dockerfile.
docker run -d -p 4096:4096 yegor256/zold /node.sh --host=<your host IP> --invoice=5f96e731e48ae21f
To store zold data between container restarts create a volume or bind a directory from host:
docker volume create zold
docker run -d -p 4096:4096 -v zold:/zold yegor256/zold /node.sh --host=<your host IP> --invoice=5f96e731e48ae21f
You may find this blog post useful: How to Run Zold Node?
At the moment, the file system is utilised too aggressively and if you like to calm this process down and have a bit of spare memory, you may find the following approach handy (directly applicable to FreeBSD OS).
The application data can be moved to a memory-backed memory disk
with a periodical syncing of farm
, zold.log
and .zolddata
to the
hard disk.
The /etc/fstab
entry:
md /usr/home/zold/app-in-mem mfs rw,-M,-n,-s512m,-wzold:zold,-p0755 2 0
The /etc/crontab
entry:
*/10 * * * * zold /usr/local/bin/rsync -aubv /usr/home/zold/app-in-mem/farm /usr/home/zold/app-in-mem/zold.log /usr/home/zold/app-in-mem/.zoldata /usr/home/zold/app/
Is there a configuration file?
Any command line flag can also be put in the ~/.zold
file, one per line, e.g.:
--home=~/.zold_home
--verbose
Where are my RSA private/public keys?
They are in ~/.ssh/id_rsa
(private key) and ~/.ssh/id_rsa.pub
(public key).
Make sure you have a copy of your private key in some safe place.
If you lose the public key, it's not a problem, since your wallet has it.
But the private key is your personal asset.
Anyone can use your wallet if they have the private key.
Keep it safe and secure!
How to use my RSA private key from https://wts.zold.io?
Retrieve the key via https://wts.zold.io/key. It can then be used with
the command line flag --private-key
(e.g., for the pay
, node
and
taxes
commands).
If you need the public key, you can generate it with
ssh-keygen -y -f .ssh/zold_key > .ssh/zold_key.pub
. It can then be used
with the command line flag --public-key
(e.g., for the create
command).
What is the best way to check the balance of the rewards collected by nodes?
You just do zold pull <Wallet_ID>
and the rewards (taxes) will be visible there.
Can I setup multiple nodes with one wallet address?
Yes, you can run many nodes with the same wallet ID.
Is there a way to increase the number of threads in order to maximize computing power of multiple core machines?
Yes, you can use --threads
command line argument for your node
and the number of threads will be as big as you wish.
When you open up the front web page of your node, you will see a JSON document with a lot of technical details. Here is the explanation of the majority of them:
version
is the current version of the running software.
The node is supposed to update update itself automatically (if you run it via zold-nohup
)
every time it discovers another node with a higher version.
network
is the name of the network the node belongs to.
The production network's name is zold
.
For testing purposes you can start a node in a test network, using --network=test
.
score
is the current score your node is exposing to the network now.
All other nodes are using this information in order to decide how much
they can trust your node with the information it provides, about wallets.
The higher the score, the better.
value
is the amount of suffixes the score contains; this is the
number all other nodes rely on.
host
is the host name of the node, it must be equal to the public
IP or domain name of the node; it is provided in --host
command line
option of zold-nohup
.
port
is the TCP port number, which usually is equal to 4096;
it is provided in --port
command line option.
invoice
is the address of your wallet, where the system
will send you rewards for keeping the node online and some
users will pay taxes; it is provided in --invoice
command line option.
time
is the ISO-8601 UTC date and time of when your node
started to calculate the score.
strength
is the amount of tailing zeros the hash contains.
hash
is the SHA-256 hash of the score text.
minutes
is the age of the score, in minutes since the moment
it was created.
pid
is the Unix process ID of the running software.
cpus
is the amount of CPUs detected on the server.
threads
is the amount of running threads vs. the total amount of
threads in the Ruby process. If the second number is over 100 there
is definitely something wrong with the software.
wallets
is the total number of wallets managed by the server.
The bigger the number, the better. When the server starts, the number
is small and it starts growing when other nodes are pushing wallets
to your node.
remotes
is the total number of remote nodes your node is aware of.
The bigger the number, the more "connected" your node is to the
network. You can see the full list of nodes at /remotes
URL of your node.
farm
is the score calculating software.
threads
is the amount of threads this software module is using.
This number is configured via the --threads
command line option.
The bigger the number, the more intensively the software will use
your CPUs. It is recommended to make this number equal to the
number of CPUs available.
pipeline
is ... something not important to you.
best
is the list of scores known to the farm at the moment (with their ages in minutes).
entrance
is the place where all new wallets arive and get merged and pushed
further. The health of this point is critical to the entire node. Some
numbers it includes must be watched carefully.
To be continued...
date
is the current date and time on the server.
hours_alive
is the time in hours your server is alive without a reboot.
Well, maybe it's not purely RESTful, but each node has a simple set of HTTP entry points, which you can use to retrieve information about wallets, node status, log details, and some other things. Here is a more or less complete list of them:
GET /
: returns the JSON explained above
GET /score
: returns the text presentation of the current Score
GET /version
: returns the version of the software
GET /protocol
: returns the protocol ID
GET /wallet/ID
: returns the JSON with wallet details
GET /wallet/ID/balance
: returns wallet balance in zents (text/plain)
GET /wallet/ID/key
: returns wallet public RSA key
GET /wallet/ID/mtime
: returns ISO-8601 time of wallet file modification
GET /wallet/ID/size
: returns the size of the wallet file in bytes
GET /wallet/ID/age
: returns the age of the wallet, in seconds
GET /wallet/ID/txns
: returns the amount of transactions in the wallet
GET /wallet/ID/debt
: returns the tax debt of the wallet in zents
GET /wallet/ID/digest
: returns SHA-256 digest of the wallet file
GET /wallet/ID/mnemo
: returns the mnemo short string of the wallet
GET /wallet/ID/txns.json
: returns the full list of transactions in the wallet in JSON document
GET /wallet/ID.txt
: returns the text presentation of the wallet
GET /wallet/ID.html
: returns the HTML presentation of the wallet
GET /wallet/ID.bin
: returns the entire wallet file
GET /wallet/ID/copies
: returns the list of copies of the wallet
GET /wallet/ID/copy/NAME
: returns the entire content of a single copy of the wallet
PUT /wallet/ID
: accepts a new content of the wallet, in order to
modify the one stored on the server (PUSH operation)
GET /wallets
: returns the list of all wallets maintained by the node,
in plain text, separated by EOL
GET /remotes
: returns the list of remote nodes in JSON
GET /ledger
: returns the list of recently visible transactions
GET /ledger.json
: returns the list of recently visible transactions, in JSON
There are a few other entry points, which exist most for debugging purposes, they may not be supported by alternative implementations of the node software:
GET /pid
: returns the process ID of the software
GET /trace
: returns the entire log of the node
GET /farm
: returns the statistics of the Farm
GET /metronome
: returns the statistics of the Metronome
GET /threads
: returns the statistics of all Ruby threads
GET /ps
: returns the statistics of all currently running Unix processes
GET /queue
: returns the statistics of the node queue
GET /journal
: returns the journal, in HTML
GET /journal/item?id=ID
: returns the content of a single journal entry
There could be other entry points, not documented here.
Here is how you use Zold SDK from your Ruby app. First, you should
add zold
gem
to your Gemfile
or just:
$ gem install zold
Then, you will need a directory where wallets and other supplementary data will be kept. This can be any directory, including a temporary one. If it doesn't exist, it will automatically be created:
home = '/tmp/my-zold-dir'
Then, you need to create three objects:
require 'zold/wallets'
require 'zold/sync_wallets'
require 'zold/remotes'
wallets = Zold::SyncWallets.new(Zold::Wallets.new(home))
remotes = Zold::Remotes.new(File.join(home, 'remotes'))
copies = File.join(home, 'copies')
The first step is to update the list of remote nodes, in order to be properly connected to the network:
require 'zold/commands/remote'
Zold::Remote.new(remotes: remotes).run(['remote', 'update'])
Now you are ready to create a wallet:
require 'zold/commands/create'
Zold::Create.new(wallets: wallets, remotes: remotes).run(
['create', '--public-key=/tmp/id_rsa.pub', '--skip-test']
)
Here --public-key=/tmp/id_rsa.pub
points to the absolute location of
a public RSA key for the wallet you want to create.
You can also pull a wallet from the network:
require 'zold/commands/pull'
Zold::Pull.new(wallets: wallets, remotes: remotes, copies: copies).run(['pull', '00000000000ff1ce'])
Then, you can make a payment:
require 'zold/commands/pay'
Zold::Pay.new(wallets: wallets).run(
['pay', '17737fee5b825835', '00000000000ff1ce', '19.99', 'For a pizza', '--private-key=/tmp/id_rsa']
)
Here --private-key=/tmp/id_rsa
points to the absolute location of the private RSA key of
the paying wallet.
Finally, you can push a wallet to the network:
require 'zold/commands/push'
Zold::Push.new(wallets: wallets, remotes: remotes).run(%w[push 17737fee5b825835])
By default, all commands will work quietly, reporting absolutely nothing
to the console. To change that, you can use log
argument of their constructors.
For example, Zold::Log::Verbose
will print a lot of information to the console:
require 'zold/commands/push'
Zold::Push.new(wallets: wallets, remotes: remotes, log: Zold::Log::VERBOSE).run(['push'])
Also, all commands by default assume that you are working in a test
network.
This is done in order to protect our production network from your test cases.
In order to instruct them to deal with real data and real nodes, you should
give them --network=zold
argument, for example:
require 'zold/commands/push'
Zold::Push.new(wallets: wallets, remotes: remotes).run(%w[push 17737fee5b825835 --network=zold])
If anything doesn't work as explained above, please submit at ticket or join our Telegram group and complain there.
It is a Ruby command line gem. First, install Ruby 2.3+, Rubygems, and Bundler. Then:
$ bundle update
$ bundle exec rake
The build has to be clean. If it's not, submit an issue.
Then, make your changes, make sure the build is still clean, and submit a pull request.
If some test fails and you need to run it individually,
check the logging configuration inside test__helper.rb
and make
sure the Verbose
log is assigned to $log
. Then, run, for example:
$ ruby test/commands/test_node.rb
If you need to run a single test method, do this:
$ ruby test/test_wallet.rb -n test_adds_transaction
FAQs
Unknown package
We found that zold demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.