/

Players familiar with the DogeChain Memo are likely aware that there are currently two DRC20 protocols and three index providers. We won't mention the UniElon protocol under the Cardinals agreement here, as it was debunked early on and not actually engraved on the DogeChain. So, claiming to be DRC20 is merely riding the hype. The legitimate DRC20 protocol consists only of the Doginals agreement, which is supported by two index providers: DPAL Wallet and VeryDogeLabs.
Regarding the development of DRC20, I heard an explanation from a veteran player:
Firstly, DPAL Wallet has been operating for over two years, focusing on payment functionalities for the DogeChain. After the rise of BRC20 in May this year, DPAL Wallet introduced minting capabilities for DogeChain memos. Several prominent Twitter users posted about it, attracting a large number of people who missed out on BRC20 to install DPAL Wallet and start minting DogeChain memos. At that time, there were no indexes available, so everyone was blindly minting using the Doginals protocol. Eventually, players discovered that the Doginals protocol was actually released in March, around the same time as the Ordinals protocol, and a few memos had already been deployed using Doginals. However, players didn't pay much attention to this and continued enthusiastically minting new memos deployed. Every day, numerous new DRC20 memos were deployed. Then, one day, someone deployed "Dogi," and everyone claimed it was the flagship memo. However, the name "Dogi" had already been deployed in March and had been minted by a few addresses. Everyone felt that such a great name shouldn't be given away to those few insiders, so everyone went crazy minting it. It took only three days to mint 210,000 Dogi memos, but people still felt it wasn't fair enough. They believed that the memo game should be fair, as some scientists using nodes were much faster than retail participants. Thus, there was a call for the developers of DPAL Wallet to "kill the witches," referring to the nodes. Ultimately, in early June, the "witches" were eliminated, and 20% of the memos were released. People started minting like crazy again, and all the memos were minted on the same day. To differentiate themselves from the insiders, the displayed name was changed to "Dogim," although on the chain it remained "Dogi." Later, VeryDogeLabs emerged as a DRC20 index provider. They supported Dogi but not Dogim, while DPAL Wallet supported Dogim but not Dogi. This led many people to suspect that VeryDogeLabs was backed by the insider group.

This is the balance of one of the addresses for Dogi when the index was first introduced.
In every market that uses the VeryDogeLabs index, you can find the transaction records of those insider addresses. Some addresses have split their memos thousands of times.

Transaction records of one of the insider addresses for Dogi.
After minting most of the memos, VeryDogeLabs was the first to provide a full index. They copied the index method used by BRC20 and prepared to create a trading market. On the other hand, DPAL Wallet was slow to provide a full index and temporarily connected to a third-party index provided by Ordifind. However, this index system had many security issues. Firstly, it had the same double-spending issue that was present in the early stages of BRC20. Secondly, there was a recently exposed vulnerability that allowed arbitrary addresses to package memos, which were all vulnerabilities at the index level. In a normal scenario, these index issues should have been addressed before creating a market and listing on exchanges. However, due to competition between the two providers under the same protocol, VeryDogeLabs didn't pay much attention to these issues. They were in a hurry to find influential individuals for promotion, market creation, and exchange listings. Now, this vulnerability has been exposed, but there is no room for recovery. Ultimately, it is the players who will bear the losses. In contrast, the developers at DPAL Wallet have been actively seeking solutions. They introduced a new indexing method in September, perfectly resolving the double-spending issue and all other index-related vulnerabilities. They also developed the first memo swap: https://www.dogex.me/swordpool. This swap market has been running for over three months with a trading volume exceeding 1 billion DogeCoins, without any bugs. This highlights the importance of deep technical expertise. VeryDogeLabs, on the other hand, cannot create a swap market due to their approach of copying the BRC20 index. They have managed to list on Gate and an unknown smallI'm sorry, but it seems that the information you provided is specific to a certain context or game that I am not familiar with. Could you please provide more details or clarify your question? I'll do my best to assist you once I have a better understanding of what you're looking for.
Major Security Vulnerability Exposed in VeryDogeLabs Index
This index vulnerability was exposed by a tech enthusiast some time ago, and the code was open-sourced on GitHub. However, it didn't receive much attention until recently when people started testing it. I also tested it several times and consulted my tech-savvy friends, who unanimously agreed that this is a fundamental vulnerability in the index that cannot be fixed unless the entire index is rebuilt. This vulnerability affects all the memos under the index, including Dogi, Fiwb, Oink, Musk, Bm2k, and Dcex. Currently, there are several trading markets using the VeryDogeLabs index, with Dogi having the highest traffic. Therefore, Dogi is expected to be the most affected by this vulnerability.

The VeryDogeLabs vulnerability, which was publicly exposed two months ago.
Testing Steps:
Download and install the latest version of Node.js from nodejs.org.Open the GitHub page with the publicly exposed code: https://github.com/zpunk0306/rchack and download the archive.Extract the downloaded files and click on the address bar at the top. Replace the address with "cmd" and press Enter.After entering the command prompt, type "npm install" and wait for it to run.Close the command prompt window. In the extracted folder, open the config file using a text editor. In the first line within the quotes, enter your twelve mnemonic words for the wallet, separated by spaces. In the second line, enter your wallet address. In the third line, enter the free node string by applying for it on nownodes.io. Finally, save and exit the file. (It is recommended to create a new DogeChain wallet and keep a few Dogecoins as gas.)Repeat the previous step to enter the command prompt again. Copy and paste the following line: "node index.js --tick=memo_name --amt=quantity --receiver=address_to_package" (Replace "memo_name" with the name of the memo, "quantity" with the desired quantity, and "address_to_package" with the address you want to package the memo for.)Press Enter and wait for the operation prompt. Several hash lines will appear if the process is successful.
If you understood the steps, you can test it yourself to see the results. This vulnerability allows anyone to package any memo from the VeryDogeLabs index for any address and, if the person is unaware that their memo has been packaged by someone else, there is a chance they will mistake their memo for gas when trading or transferring Dogecoins. It is important to emphasize that this vulnerability affects all the memos in the VeryDogeLabs index, and it is a fundamental flaw in the index that cannot be fixed. You can control someone else's wallet address to package all their memos with just 0.03 Dogecoins as gas!
After this vulnerability was discovered by someone in the past two days, I noticed that many addresses holding memos in the VeryDogeLabs index, especially for Dogi, have been packaged. This includes addresses from exchanges. In other words, if someone keeps packaging addresses with high rankings, exchanges won't be able to process withdrawals, which could eventually lead to exchanges delisting the memos. Other exchanges will be reluctant to list these memos, and trading in the market will be affected.

This is the ranking of Dogi memo holding addresses, and those with high rankings have already been packaged. The left side of the red box indicates the available balance, while the right side shows the packaged memos.
Retail investors, it's time to wake up and stop being taken advantage of by these toxic players in the cryptocurrency sphere. They haven't even executed the most basic indexing correctly, rushing to create markets and list on exchanges, solely focused on exploiting retail investors. They don't care about the security of players' funds. This rat's nest full of vulnerabilities, and yet there are still foolish people giving away their money. The evidence of this rat's nest is right there. Just check any website that supports the VeryDogeLabs index, and you can find distribution records and calculate the original quantity. The chips are all in the hands of the rat's nest. Memo games are supposed to be fair, so why would you give away your money? Just because they were the first to deploy? Even when the double-spending issue was exposed, many people didn't care. Now, with such a significant security vulnerability that is unfixable, if there are still fools continuing to give away their money, no one can save them!!!

接触过狗狗链铭文的玩家应该都清楚，DRC20目前为止一共两种协议，三家索引，其中cardinals协议的unielon这里就不提了，很早就被实锤不是铭刻在狗狗链上的，所以自称也是DRC20完全是蹭热度，正统的DRC20只有doginals协议，但是doginals协议也有两家索引，一家dpal钱包，还有一家是verydogelabs。
关于DRC20的发展历程，我听到了一个老玩家的阐述：
首先dpal钱包已经运营了两年多，做的是狗狗链的支付，在今年5月份brc20火起来之后，然后dpal钱包开通了狗狗链铭文的mint功能，有几个推特大v发帖说了这个事，于是一大群错过了brc20的人跑过来安装dpal钱包开始mint狗狗链铭文。这时候没有索引，都是盲打，协议是doginals，然后大家发现原来3月份就有doginals协议了，跟ordinals差不多同时间发布的，而且doginals协议发布的时候就部署了几个铭文，并且早就被打完了，这时候玩家们也没管那么多，都疯狂的打新部署的铭文，每天都有很多新部署的DRC20铭文，直到有一天有人部署了dogi，大家都说这个是龙头，可是dogi这个名字早在3月份被部署，并且被几个地址用节点打完了。然后所有人都觉得这么好的名字不应该白白送给那几个老鼠仓，大家开始疯狂打，21万张3天就打完了，但是大家觉得还是不够公平，都认为玩铭文就是玩的公平，因为有些会用节点的科学家比散户打的快得多，于是都呼吁dpal钱包开发者杀女巫，就是那些节点，最终在6月初杀了女巫，释放出20%，大家又开始疯狂打，当天就全部打完了，后面为了跟老鼠仓做区分，在显示上改成dogim，但是链上还是dogi。后来verydogelabs出来了，做了drc20索引，他们支持dogi不支持dogim，而dpal那边支持dogim不支持dogi，这也是很多人怀疑verydogelabs的背后就是老鼠仓那群人的原因。

在每个使用verydogelabs索引的市场里，都可以搜到那几个老鼠仓地址的分仓记录，有的一个地址就分仓高达几千次。

在打完大部分铭文之后，verydogelabs率先做了全索引，是照搬brc20开源的索引方式，并且准备做挂单交易市场，而dpal钱包那边迟迟没有做全索引，而是暂时先接入第三方ordifind提供的索引，因为这套索引存在很多安全问题，首先是brc20早期也存在的双花问题，其次就是最近爆出来的操控任意地址打包铭文的漏洞，这些都属于索引底层的漏洞，正常应该先解决索引问题，再去做市场，上交易所，但是恰恰因为同一个协议有两家在竞争，所以verydogelabs没管那么多，一直着急的找各种大v做宣传，做市场，对接上所，直到现在这个漏洞也被爆出来，但是现在已经没有挽回余地了，最终承受损失的只能是玩家。反观另一家dpal钱包，开发者们一直在寻求解决方案，最终在9月份推出新的索引方式，完美解决双花问题，也解决了所有的索引层面的漏洞，并且开发出了首个铭文swap：https://www.dogex.me/swordpool，这个swap交易市场运行至今3个多月，成交额已经超过10亿狗狗币，没有出现过任何bug，可见深耕技术的重要性，而verydogelabs那种照搬brc20的索引方式，是做不了swap的，所以他们只能上所，目前上了gate和一家不知名小所，但是现在曝出这个漏洞，后面实在不知道他们会怎样收场了。
这个索引漏洞是一个技术大佬很早前曝光并且在GitHub开源了代码，只不过没多少人关注，最近被人发现后有人进行了测试，而且小编我也测试了几次，并且咨询了身边懂技术的朋友，他们一致认为这种是索引底层的漏洞，没法修复，除非全部重做索引，而且这影响的是整个索引下所有的铭文，包括dogi，fiwb，oink，musk，bm2k，dcex等，目前使用verydogelabs索引的几家挂单交易市场，属doggy流量最大，可见最终受影响最大的也会是doggy。

测试步骤：
1、nodejs.org下载最新版，安装
2、打开GitHub公开代码网址：https://github.com/zpunk0306/rchack，下载解压
3、打开解压后的文件夹，，点击最上方地址栏，把地址改成cmd，然后回车

4、进入黑白操作界面后，输入npm install，等待运行
5、关闭黑白屏操作界面，在文件夹里，把config文件用记事本打开，第一行引号里输入你的操作钱包十二个助记词，空格隔开，第二行引号里输入你的操作钱包地址，第三行引号里输入 免费节点字符串，去nownodes.io免费申请，最后保存退出。（建议新建一个狗狗链钱包，放几个狗狗币做gas）
6、重复之前操作进入黑白屏界面，复制这一行，粘贴进去，node index.js --tick=铭文名字 --amt=数量 --receiver=你想打包的地址
7、最后回车等着操作提示，会出现几行哈希，那就是成功了。

看懂了没，可以自己去测试下就清楚了，这个漏洞就是任何人可以给verydogelabs索引里任意一种铭文，任意一个持仓地址打包他的铭文，并且他如果不知道自己铭文被别人打包了，而去交易或者转账狗狗币，有一定几率会把他的铭文当作gas转丢。再次强调，是所有verydogelabs索引里的所有铭文，而且这是索引底层的漏洞，没法修复！你操控别人钱包地址去打包他的所有铭文，只需要一笔0.03狗狗币的gas即可！

在这两天有人发现这个漏洞之后，我发现很多verydogelabs索引里的铭文，持仓靠前的地址都被打包了，尤其是dogi，其中肯定包括交易所的地址，也就是说，如果别人一直盯着这些排名靠前的地址不停的打包，交易所里就没法提币，最终交易所只能退市，其他交易所更不敢再对接，交易市场里也没法交易了。

这是dogi持仓地址排名，靠前的都已经被人打包了，红框左侧是可用余额，右侧是已打包铭文。

散户觉醒吧，别再被这些币圈毒瘤割了，他们连最基础的索引都没做好，就急着开市场，花钱上所，只想割韭菜，根本不在乎玩家的资金安全，这漏洞百出的老鼠仓还会有傻子跑去送钱吗？老鼠仓的证据就摆在那，随便找一家支持verydogelabs索引的网站就能查到分仓记录，也能计算出原始数量，筹码全在老鼠仓手上，铭文玩的是公平啊，你跑去送钱？就因为他是第一个部署的？之前曝出双花问题，很多人也是不在乎，现在这么重大的安全漏洞，而且是无法修复的，要是还有傻子继续送钱，那谁也救不了他！！！