Players who have come into contact with dog leash inscriptions should know that DRC20 so far has two protocols and three indexes. Among them, the cardinals protocol unielon will not be mentioned here. It has been proven for a long time that it is not inscribed on the dog leash, so Claiming to be a DRC20 user is just a waste of popularity. The orthodox DRC20 only has the doginals protocol, but the doginals protocol also has two indexes, one is dpal wallet, and the other is verydogelabs.

Regarding the development process of DRC20, I heard an explanation from an old player:

First of all, the dpal wallet has been in operation for more than two years, and it is engaged in dog leash payments. After BRC20 became popular in May this year, then the dpal wallet opened the mint function of the dog leash inscription. Several big Vs on Twitter posted about it. Regarding this matter, a large group of people who missed BRC20 came over to install the dpal wallet and started mint dog chain inscriptions. There was no index at this time, it was all blind typing, and the protocol was doginals. Then everyone discovered that there was a doginals protocol in March, which was released at about the same time as ordinals. Moreover, when the doginals protocol was released, several inscriptions were deployed, and they had been deployed for a long time. After being defeated, the players didn't care so much at this time. They were all crazy about deploying new inscriptions. There were many newly deployed DRC20 inscriptions every day, until one day someone deployed dogi. Everyone said that this was the leader, but dogi This name was deployed back in March and was used as a node by several addresses. Then everyone felt that such a good name should not be given to those few Mouse Barns in vain. Everyone started to play wildly, and 210,000 cards were played in three days. However, everyone felt that it was still not fair enough. They all believed that playing inscriptions was fair. Because some scientists who know how to use nodes can do it much faster than retail investors, they all called on the dpal wallet developers to kill the witches, those nodes. Finally, they killed the witches in early June and released 20%. Everyone started to fight like crazy again, and that day After finishing all the fighting, in order to distinguish it from the mouse warehouse, the display was changed to dogim, but the chain was still dogi. Later, verydogelabs came out and made a drc20 index. They supported dogi but not dogim, and dpal supported dogim but not dogi. This is why many people suspected that the people behind verydogelabs were the people in Mousecang.

This is the balance of one of the dogi addresses displayed when drc20 was first indexed.

In every market that uses the verydogelabs index, you can search for the warehouse records of those rat warehouse addresses. Some addresses have been divided into warehouses thousands of times.

The sub-warehouse record of one of dogi’s mouse warehouse addresses

After finishing most of the inscriptions, verydogelabs took the lead in making a full index, copying the open source indexing method of brc20, and preparing to build a pending order trading market. However, the dpal wallet has not yet made a full index, but temporarily connected to a third party. The index provided by ordifind, because there are many security issues in this index, the first is the double-spending problem that also existed in the early days of brc20, and the second is the recently discovered vulnerability that controls the packaging of inscriptions at any address. These are all vulnerabilities at the bottom of the index. Normally, you should first Solve the indexing problem, then go to the market and list on the exchange. However, precisely because there are two companies competing for the same protocol, verydogelabs does not care so much. It has been anxiously looking for various big Vs to promote, market, and connect with exchanges. Until now, this vulnerability has been exposed, but now there is no room for recovery. In the end, it is only the players who bear the losses. On the other hand, the developers of another dpal wallet have been looking for solutions, and finally launched a new indexing method in September, which perfectly solved the double-spending problem and all index-level vulnerabilities, and developed the first inscription swap: https://www.dogex.me/swordpool, this swap trading market has been running for more than 3 months, and the transaction volume has exceeded 1 billion Dogecoins. There have been no bugs, which shows the importance of deep cultivation of technology, and verydogelabs’ kind If you copy the indexing method of brc20, you can't do swap, so they can only go to the law firm. Currently, they have gone to gate and an unknown small law firm. But now that this vulnerability is exposed, I really don't know how they will end up in the future.

This index vulnerability was exposed by a technology expert a long time ago and the code was open sourced on GitHub, but not many people paid attention to it. After it was discovered recently, someone tested it, and I also tested it several times and consulted with people around me. Friends who know technology agree that this is a vulnerability at the bottom of the index, which cannot be repaired unless the entire index is redone, and this affects all inscriptions under the entire index, including dogi, fiwb, oink, musk, bm2k, and dcex. Etc., among the several pending order trading markets currently indexed by verydogelabs, doggy has the largest traffic. It can be seen that doggy will be the most affected in the end.

The verydogelabs vulnerability whose code was disclosed as early as two months ago

Test steps:

1. Download the latest version from nodejs.org and install it.

2. Open the GitHub public code URL: https://github.com/zpunk0306/rchack, download and unzip it

3. Open the unzipped folder, click on the address bar at the top, change the address to cmd, and then press Enter

4. After entering the black and white operation interface, enter npm install and wait for it to run.

5. Close the black and white screen operation interface, open the config file in the folder with Notepad, enter your operation wallet's twelve mnemonics in the first line of quotation marks, separated by spaces, enter your operation wallet in the second line of quotation marks Operate the wallet address, enter the free node string in the quotation marks on the third line, go to nownodes.io to apply for free, and finally save and exit. (It is recommended to create a new Dogechain wallet and put a few Dogecoins for gas)

6. Repeat the previous operation to enter the black and white screen interface, copy this line, and paste it in, node index.js --tick=inscription name --amt=quantity --receiver=the address you want to package

7. Finally, press Enter and wait for the operation prompt. Several lines of hashes will appear, which means success.

If you understand it, you can test it yourself and you will know clearly. This vulnerability is that anyone can package his inscription to any position address in the verydogelabs index, and if he does not know that his inscription has been packaged by others, If you trade or transfer Dogecoin, there is a certain chance that its inscription will be lost as gas. Again, this is all the inscriptions in the verydogelabs index, and this is a vulnerability at the bottom of the index that cannot be repaired! If you control someone else's wallet address to package all his inscriptions, you only need a gas of 0.03 Dogecoin!

After someone discovered this vulnerability in the past two days, I found that many inscriptions and addresses with top positions in the verydogelabs index have been packaged, especially dogi, which must include the address of the exchange. In other words, if others have been watching These top-ranked addresses are constantly being packaged, and there is no way to withdraw coins from the exchange. In the end, the exchange can only delist, and other exchanges dare not connect with them anymore, and there is no way to trade in the trading market.

This is the ranking of dogi holding addresses. The ones at the top have been packaged. The left side of the red box is the available balance, and the right side is the packaged inscription.

Retail investors, wake up, don’t be hurt by these cancers in the currency circle anymore. They haven’t even done the most basic indexing yet, so they are rushing to open the market and spend money on exchanges. They just want to cut leeks and don’t care about the safety of players’ funds. This loophole In a rat's nest full of dangers, would there still be a fool running to give away money? The evidence of Mouse Warehouse is right there. You can find the warehouse records by just looking for a website that supports the verydogelabs index, and you can also calculate the original quantity. The chips are all in the hands of Mouse Warehouse. Inscriptions are playing fair. Go and run. Send money? Just because he was deployed first? When the double-spend problem was exposed before, many people didn’t care. Now it’s such a major security flaw, and it can’t be repaired. If there are fools who continue to send money, no one can save them! ! !