This recent question asks how to fix a tool for scanning for duplicate R values. There are two major purposes for a tool like this:
- Researching how common a security vulnerability is, and
- Exploiting that vulnerability to steal money.
Based on the context, it does seem like the latter is more likely. However the response to him seems needlessly hostile. Ideally, we'd just point to a policy on meta, close the question, and suggest that they make a new post on meta if they feel that the closing was unwarranted.
I do think we should have a rule against questions like this. In the interest of having an explicit rule, though, I have two questions:
- Should we favor an intent based test? This has the advantage of being simpler, but is pretty subjective. (For example, I think the asker here wouldn't have been questioned about the purpose of the code if they wrote fluent English.)
- Should we have a rule against posting code that exploits or scans for a vulnerability?
Related: meta.security: What determines if a question should be considered Blackhat?
Close reason
When closing a question because of this, you can use this close reason:
I'm voting to close this question as off-topic because it asks how to exploit a real-world system, and fails the three part test talked about [here](https://bitcoin.meta.stackexchange.com/a/685). (completeness, potential for evil, potential for good)
This recent question asks how to fix a tool for scanning for duplicate R values.
My issue there was the simplicity of solving the issue; it was the BCI API not returning large UTXO counts in full. Given the same user solely posted about duplicater
values, I'm inclined to lean towards a stern but fair stance on posts from newb black hats who also show no interest in what SE is all about