Michael Gronager aka coinslayer, a developer of libcoin, announced today a fatal flaw in the code of NameCoin while he was analyzing it during his work of implementing NameCoin to the library. Read the full annoucement at BitcoinTalk. Here I quote just some really *palmface*-ish fragments of his discovery (emphases added by me). UPDATE: A hard-fork is planned, the only option to fix the issue.
„…when you look in the ConnectInputs method you find rules enforcing a fee, rules enforcing the 12 blocks, but NO RULES ENFORCING THE HASH! [namecoin.cpp line 1874-1907] ]. So any name_new can be used as input for ANY name. This means that the domain reservation is not enforced at all leaving namecoin completely open for domain opportunists…“
„…take an already registered name and update that with a new value. Now you would expect some code enforcing that only an input of that name can be update to another value – but NO! Again there is no enforcing of the core ruleset. So you can in fact update the value of any name in namecoin by any other input name. And after that you own it, or well, as much as you can actually own a name who anyone can update.“
…The final test was to try it out – (sorry) – I might had overlooked something, so, I changed the name_update algorithm to enable such takeovers, and did a: ./namecoind name_fakeupdate d/postmortem d/bitcoin „Namecoin died October the 15th 2013, coinslayer“. Try name_history on d/bitcoin and see for yourselves – there is no enforced integrity of the key value pairs in namecoin. So namecoin looses its entire purpose. The problem is that there is no fix to this – it is similar to being able to randomly take ownership of other peoples money, all the value is gone.“
UPDATE: A hardfork is planned in the near future, see details on the dot-bit forum for details.
Discussion with Namecoin dev’s continues also here http://dot-bit.org/forum/viewtopic.php?f=2&t=1295