Purk Wallets are NOT affected by double counting bug in CryptoNote code

Recently a lot of exchanges took CryptoNote wallets offline due to a double counting bug found in CryptoNote code. We were aware that PURK would not be affected by this bug, but for transparency reasons, we created this quick report so our users know that they‘re PURK is safe and business can continue as usual.

We have reproduced the exploit to show that PURK wallets are not affected by duplicating the “add_tx_pub_key_to_extra” inside “construct_tx” method in currency_core/currency_format_utils.cpp. If the bug is present the receiving wallet will show a doubled balance once a transfer is received from the exploited wallet.

We tested the exploit on private testnet and can confirm that PURK wallets are not affected by this issue. These are the results of attempting to send a transaction with an additional public key:

As you can see, PURK wallet checks for duplicate keys and we are unable to send the transaction from the “exploited wallet”:

Here is the log from Simplewallet:

All PURK wallets are safe from the double counting issue present in many other CryptoNote based coins. PURK is forked from BBR, which is forked and highly customised from an earlier version of BCN. This seems to be a bug that was introduced in Monero v12 - therefore neither coins are affected.