Lessons for Pedro that he likes to skip

Lessons for Pedro that he likes to skip


Andrii Pasichnyk

I, pasichDev, am a Flutter/Dart developer who created the Dart ecosystem for the NOSO protocol and also the author of projects such as NosoSova, SovaRPC, and NosoDart. In this post, I want to share details about the recent attack on the NOSO project network and highlight the background that led to it.


1. Background:

Over the past six months, I have had some issues with Pedro regarding his role in the project and the quality of the code he was developing. His approach was that if he didn't think about something, it was automatically considered wrong. Because of this, I, like the other developers, decided to leave the project, which led to my being blocked.


The main reasons for my leaving the project:

  • Lack of code documentation: For six months, Pedro ignored his responsibilities to document his own code, which made it difficult for the team to work together.
  • Unfulfilled promises: He failed to implement protocol updates and release promised products such as SharedNode and Nobiex.
  • Failed legal steps: Pedro claimed that he spent six months trying to legalize the NOSO project, but to no avail. As a result, he proposed to fork NOSO into a new project.
  • Inconsistent statements: At first, he claimed to have all the necessary updates, but later said he would not release them for the current network. This is the reason why NosoLite is still not working.
  • Insufficient competence of the team: Currently, the project is overseen by @Estripa and @Bermelo. However, @Estripa in particular lacks sufficient programming skills and relies on tools such as ChatGPT, which is reflected in unfinished and incomplete products such as NosoCppWallet.

I have repeatedly warned the team about vulnerabilities and flaws in the code, but my comments have been ignored. (I am not publishing screenshots because there were statements by various important people. )


2. The first attack attempt (August 26, 2024):

The first attack was a test and was intended to test the network's resilience. Using a Dart script, approximately 5,000 transactions and more than 40,000 requests were sent to network nodes. As a result, the network temporarily froze, and the number of working nodes decreased from 347 to 127. Although the network eventually recovered, the incident highlighted numerous vulnerabilities and flaws in the code that I had previously warned about.



3. Massive attack (August 31, 2024):

The second attack was more extensive and had more serious consequences for the NOSO network.


Attack methodology:

  • Information gathering: First, the script connected to the network and obtained a list of available nodes.
  • Continuous requests: Then, in a chaotic sequence, numerous requests were made to the network, exploiting vulnerabilities in data processing and validation.
  • Consequences: The attack caused the network to be significantly out of sync: the difference between the first and last block was over 2000 blocks. This revealed critical problems in the architecture and security of the network, including the lack of effective mechanisms to counter DDoS attacks and the outdated code.




4. The team's reaction and accusations against NosoSova:

After the attack was discovered, the team kept this information secret for more than 10 hours. Subsequently, it was claimed that the NosoSova app contains backdoors and was allegedly the cause of the attack. These accusations are unfounded, as NosoSova is an open and secure application whose code is available for anyone to check. The team also hid the app's repository and blocked me to prevent me from refuting their claims.


https://github.com/pasichDev/NosoSova

https://github.com/Friends-Of-Noso/SovaWallet


5. Conclusions:

This situation highlights the shortcomings in the management and technical implementation of the NOSO project. Lack of proper documentation, unfulfilled promises, and neglect of critical vulnerabilities have led to serious problems in the network's operation.

If the exchanges resume trading and avoid delisting, I recommend that they carefully assess the risks associated with this project.


Sincerely, pasichDev




Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org