Scala

Copyright (c) 2018-2020 The Scala Network. Copyright (c) 2014-2019 The Monero Project.
Portions Copyright (c) 2012-2013 The Cryptonote developers.

Table of Contents

• Development resources
• Vulnerability response
• Announcements
• Introduction
• About this project
• Supporting the project
• License
• Contributing
• Scheduled software upgrades
• Compiling Scala from source
  • Dependencies
• Internationalization
• Using Tor
• Debugging
• Known issues

Development resources

• Web: scalaproject.io
• Forum: discord
• Mail: [email protected]
• GitHub: https://github.com/scala-network/scala
• It is HIGHLY recommended that you join the discord channel if you are developing software that uses Scala. Due to the nature of this open source software project, joining this channel and idling is the best way to stay updated on best practices and new developments in the Scala ecosystem. All you need to do is join the discord channel and idle to stay updated with the latest in Scala development. If you do not, you risk wasting resources on developing integrations that are not compatible with the Scala network. The Scala core team and community continuously make efforts to communicate updates, developments, and documentation via other platforms – but for the best information, you need to talk to other Scala developers, and they are on discord.

Vulnerability response

Please reach out to us at [email protected] if you would like to report any vulnerabilities in the Scala codebase.

Announcements

• You can follow our twitter to get all the new information regarding the project.

Introduction

Scala is a private, secure, untraceable, decentralised digital currency. You are your bank, you control your funds, and nobody can trace your transfers unless you allow them to do so.

Privacy: Scala uses a cryptographically sound system to allow you to send and receive funds without your transactions being easily revealed on the blockchain (the ledger of transactions that everyone has). This ensures that your purchases, receipts, and all transfers remain absolutely private by default.

Security: Using the power of a distributed peer-to-peer consensus network, every transaction on the network is cryptographically secured. Individual wallets have a 25 word mnemonic seed that is only displayed once, and can be written down to backup the wallet. Wallet files are encrypted with a passphrase to ensure they are useless if stolen.

Untraceability: By taking advantage of ring signatures, a special property of a certain type of cryptography, Scala is able to ensure that transactions are not only untraceable, but have an optional measure of ambiguity that ensures that transactions cannot easily be tied back to an individual user or computer.

Decentralization: The utility of scala depends on its decentralised peer-to-peer consensus network - anyone should be able to run the scala software, validate the integrity of the blockchain, and participate in all aspects of the scala network using consumer-grade commodity hardware. Decentralization of the scala network is maintained by software development that minimizes the costs of running the scala software and inhibits the proliferation of specialized, non-commodity hardware.

About this project

This is the core implementation of Scala. It is open source and completely free to use without restrictions, except for those specified in the license agreement below. There are no restrictions on anyone creating an alternative implementation of Scala that uses the protocol and network in a compatible manner.

As with many development projects, the repository on Github is considered to be the "staging" area for the latest changes. Before changes are merged into that branch on the main repository, they are tested by individual developers in their own branches, submitted as a pull request, and then subsequently tested by contributors who focus on testing and code reviews. That having been said, the repository should be carefully considered before using it in a production environment, unless there is a patch in the repository for a particular show-stopping issue you are experiencing. It is generally a better idea to use a tagged release for stability.

Anyone is welcome to contribute to Scala's codebase! If you have a fix or code change, feel free to submit it as a pull request directly to the "master" branch. In cases where the change is relatively small or does not affect other parts of the codebase it may be merged in immediately by any one of the collaborators. On the other hand, if the change is particularly large or complex, it is expected that it will be discussed at length either well in advance of the pull request being submitted, or even directly on the pull request.

License

See LICENSE.

Contributing

If you want to help out, see CONTRIBUTING for a set of guidelines.

Scheduled software upgrades

Scala uses a fixed-schedule software upgrade (hard fork) mechanism to implement new features. This means that users of Scala (end users and service providers) should run current versions and upgrade their software on a regular schedule.

Compiling Scala from source

Dependencies

The following table summarizes the tools and libraries required to build. A few of the libraries are also included in this repository (marked as "Vendored"). By default, the build uses the library installed on the system, and ignores the vendored sources. However, if no library is found installed on the system, then the vendored source will be built and used. The vendored sources are also used for statically-linked builds because distribution packages often include only shared library binaries (.so) but not static library archives (.a).

Dep	Min. version	Vendored	Debian/Ubuntu pkg	Arch pkg	Void pkg	Fedora pkg	Optional	Purpose
GCC	4.7.3	NO	build-essential	base-devel	base-devel	gcc	NO
CMake	3.5	NO	cmake	cmake	cmake	cmake	NO
pkg-config	any	NO	pkg-config	base-devel	base-devel	pkgconf	NO
Boost	1.58	NO	libboost-all-dev	boost	boost-devel	boost-devel	NO	C++ libraries
OpenSSL	basically any	NO	libssl-dev	openssl	libressl-devel	openssl-devel	NO	sha256 sum
libzmq	3.0.0	NO	libzmq3-dev	zeromq	zeromq-devel	zeromq-devel	NO	ZeroMQ library
OpenPGM	?	NO	libpgm-dev	libpgm		openpgm-devel	NO	For ZeroMQ
libnorm[2]	?	NO	libnorm-dev				YES	For ZeroMQ
libunbound	1.4.16	YES	libunbound-dev	unbound	unbound-devel	unbound-devel	NO	DNS resolver
libsodium	?	NO	libsodium-dev	libsodium	libsodium-devel	libsodium-devel	NO	cryptography
libunwind	any	NO	libunwind8-dev	libunwind	libunwind-devel	libunwind-devel	YES	Stack traces
liblzma	any	NO	liblzma-dev	xz	liblzma-devel	xz-devel	YES	For libunwind
libreadline	6.3.0	NO	libreadline6-dev	readline	readline-devel	readline-devel	YES	Input editing
ldns	1.6.17	NO	libldns-dev	ldns	libldns-devel	ldns-devel	YES	SSL toolkit
expat	1.1	NO	libexpat1-dev	expat	expat-devel	expat-devel	YES	XML parsing
GTest	1.5	YES	libgtest-dev[1]	gtest	gtest-devel	gtest-devel	YES	Test suite
Doxygen	any	NO	doxygen	doxygen	doxygen	doxygen	YES	Documentation
Graphviz	any	NO	graphviz	graphviz	graphviz	graphviz	YES	Documentation
lrelease	?	NO	qttools5-dev-tools	qt5-tools	qt5-tools	qt5-linguist	YES	Translations
libhidapi	?	NO	libhidapi-dev	hidapi	hidapi-devel	hidapi-devel	YES	Hardware wallet
libusb	?	NO	libusb-dev	libusb	libusb-devel	libusb-devel	YES	Hardware wallet
libprotobuf	?	NO	libprotobuf-dev	protobuf	protobuf-devel	protobuf-devel	YES	Hardware wallet
protoc	?	NO	protobuf-compiler	protobuf	protobuf	protobuf-compiler	YES	Hardware wallet

[1] On Debian/Ubuntu libgtest-dev only includes sources and headers. You must build the library binary manually. This can be done with the following command sudo apt-get install libgtest-dev && cd /usr/src/gtest && sudo cmake . && sudo make && sudo mv libg* /usr/lib/ [2] libnorm-dev is needed if your zmq library was built with libnorm, and not needed otherwise

Install all dependencies at once on Debian/Ubuntu:

sudo apt update && sudo apt install build-essential cmake pkg-config libboost-all-dev libssl-dev libzmq3-dev libunbound-dev libsodium-dev libunwind8-dev liblzma-dev libreadline6-dev libldns-dev libexpat1-dev doxygen graphviz libpgm-dev qttools5-dev-tools libhidapi-dev libusb-dev libprotobuf-dev protobuf-compiler

Install all dependencies at once on macOS with the provided Brewfile: brew update && brew bundle --file=contrib/brew/Brewfile

FreeBSD one liner for required to build dependencies pkg install git gmake cmake pkgconf boost-libs libzmq libsodium

Cloning the repository

Clone recursively to pull-in needed submodule(s):

$ git clone --recursive https://github.com/scala-network/scala

If you already have a repo cloned, initialize and update:

$ cd scala && git submodule init && git submodule update

Build instructions

Scala uses the CMake build system and a top-level Makefile that invokes cmake commands as needed.

On Linux and macOS

• Install the dependencies

• Change to the root of the source code directory, change to the most recent release branch, and build:

  cd scala
  make

  Optional: If your machine has several cores and enough memory, enable parallel build by running make -j<number of threads> instead of make. For this to be worthwhile, the machine should have one core and about 2GB of RAM available per thread.

• The resulting executables can be found in build/release/bin

• Add PATH="$PATH:$HOME/scala/build/release/bin" to .profile

• Run Scala with scalad --detach

• Optional: build and run the test suite to verify the binaries:

  make release-test

  NOTE: core_tests test may take a few hours to complete.

• Optional: to build binaries suitable for debugging:

  make debug

• Optional: to build statically-linked binaries:

  make release-static

Dependencies need to be built with -fPIC. Static libraries usually aren't, so you may have to build them yourself with -fPIC. Refer to their documentation for how to build them.

• Optional: build documentation in doc/html (omit HAVE_DOT=YES if graphviz is not installed):

  HAVE_DOT=YES doxygen Doxyfile

On the Raspberry Pi

Tested on a Raspberry Pi Zero with a clean install of minimal Raspbian Stretch (2017-09-07 or later) from https://www.raspberrypi.org/downloads/raspbian/. If you are using Raspian Jessie, please see note in the following section.

• apt-get update && apt-get upgrade to install all of the latest software

• Install the dependencies for Scala from the 'Debian' column in the table above.

• Increase the system swap size:

  sudo /etc/init.d/dphys-swapfile stop  
  sudo nano /etc/dphys-swapfile  
  CONF_SWAPSIZE=2048
  sudo /etc/init.d/dphys-swapfile start

• If using an external hard disk without an external power supply, ensure it gets enough power to avoid hardware issues when syncing, by adding the line "max_usb_current=1" to /boot/config.txt

• Clone scala and checkout the most recent release version:

  git clone --recurisive https://github.com/scala-network/scala.git
  cd scala

• Build:

  make release

• Wait 4-6 hours

• The resulting executables can be found in build/release/bin

• Add PATH="$PATH:$HOME/scala/build/release/bin" to .profile

• Run Scala with scalad --detach

• You may wish to reduce the size of the swap file after the build has finished, and delete the boost directory from your home directory

Note for Raspbian Jessie users:

If you are using the older Raspbian Jessie image, compiling Scala is a bit more complicated. The version of Boost available in the Debian Jessie repositories is too old to use with Scala, and thus you must compile a newer version yourself. The following explains the extra steps, and has been tested on a Raspberry Pi 2 with a clean install of minimal Raspbian Jessie.

• As before, apt-get update && apt-get upgrade to install all of the latest software, and increase the system swap size

  sudo /etc/init.d/dphys-swapfile stop
  sudo nano /etc/dphys-swapfile
  CONF_SWAPSIZE=2048
  sudo /etc/init.d/dphys-swapfile start

• Then, install the dependencies for Scala except libunwind and libboost-all-dev

• Install the latest version of boost (this may first require invoking apt-get remove --purge libboost*-dev to remove a previous version if you're not using a clean install):

  cd
  wget https://sourceforge.net/projects/boost/files/boost/1.72.0/boost_1_72_0.tar.bz2
  tar xvfo boost_1_72_0.tar.bz2
  cd boost_1_72_0
  ./bootstrap.sh
  sudo ./b2

• Wait ~8 hours

  sudo ./bjam cxxflags=-fPIC cflags=-fPIC -a install

• Wait ~4 hours

• From here, follow the general Raspberry Pi instructions from the "Clone scala and checkout most recent release version" step.

On Windows:

Binaries for Windows are built on Windows using the MinGW toolchain within MSYS2 environment. The MSYS2 environment emulates a POSIX system. The toolchain runs within the environment and cross-compiles binaries that can run outside of the environment as a regular Windows application.

Preparing the build environment

• Download and install the MSYS2 installer, either the 64-bit or the 32-bit package, depending on your system.

• Open the MSYS shell via the MSYS2 Shell shortcut

• Update packages using pacman:

  pacman -Syu

• Exit the MSYS shell using Alt+F4

• Edit the properties for the MSYS2 Shell shortcut changing "msys2_shell.bat" to "msys2_shell.cmd -mingw64" for 64-bit builds or "msys2_shell.cmd -mingw32" for 32-bit builds

• Restart MSYS shell via modified shortcut and update packages again using pacman:

  pacman -Syu

• Install dependencies:

  To build for 64-bit Windows:

  pacman -S mingw-w64-x86_64-toolchain make mingw-w64-x86_64-cmake mingw-w64-x86_64-boost mingw-w64-x86_64-openssl mingw-w64-x86_64-zeromq mingw-w64-x86_64-libsodium mingw-w64-x86_64-hidapi

  To build for 32-bit Windows:

  pacman -S mingw-w64-i686-toolchain make mingw-w64-i686-cmake mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-zeromq mingw-w64-i686-libsodium mingw-w64-i686-hidapi

• Open the MingW shell via MinGW-w64-Win64 Shell shortcut on 64-bit Windows or MinGW-w64-Win64 Shell shortcut on 32-bit Windows. Note that if you are running 64-bit Windows, you will have both 64-bit and 32-bit MinGW shells.

Cloning

• To git clone, run:

  git clone --recursive https://github.com/scala-network/scala.git

Building

• Change to the cloned directory, run:

  cd scala

• If you would like a specific version/tag, do a git checkout for that version. eg. 'v0.15.0.0'. If you don't care about the version and just want binaries from master, skip this step:

  git checkout v0.15.0.0

• If you are on a 64-bit system, run:

  make release-static-win64

• If you are on a 32-bit system, run:

  make release-static-win32

• The resulting executables can be found in build/release/bin

• Optional: to build Windows binaries suitable for debugging on a 64-bit system, run:

  make debug-static-win64

• Optional: to build Windows binaries suitable for debugging on a 32-bit system, run:

  make debug-static-win32

• The resulting executables can be found in build/debug/bin

On FreeBSD:

The project can be built from scratch by following instructions for Linux above(but use gmake instead of make). If you are running scala in a jail, you need to add sysvsem="new" to your jail configuration, otherwise lmdb will throw the error message: Failed to open lmdb environment: Function not implemented.

Scala is also available as a port or package as 'scala-cli`.

On OpenBSD:

You will need to add a few packages to your system. pkg_add cmake gmake zeromq libiconv boost.

The doxygen and graphviz packages are optional and require the xbase set. Running the test suite also requires py-requests package.

Build scala: env DEVELOPER_LOCAL_TOOLS=1 BOOST_ROOT=/usr/local gmake release-static

Note: you may encounter the following error, when compiling the latest version of scala as a normal user:

LLVM ERROR: out of memory
c++: error: unable to execute command: Abort trap (core dumped)

Then you need to increase the data ulimit size to 2GB and try again: ulimit -d 2000000

On Solaris:

The default Solaris linker can't be used, you have to install GNU ld, then run cmake manually with the path to your copy of GNU ld:

mkdir -p build/release
cd build/release
cmake -DCMAKE_LINKER=/path/to/ld -D CMAKE_BUILD_TYPE=Release ../..
cd ../..

Then you can run make as usual.

On Linux for Android (using docker):

# Build image (for ARM 32-bit)
docker build -f utils/build_scripts/android32.Dockerfile -t scala-android .
# Build image (for ARM 64-bit)
docker build -f utils/build_scripts/android64.Dockerfile -t scala-android .
# Create container
docker create -it --name scala-android scala-android bash
# Get binaries
docker cp scala-android:/src/build/release/bin .

Building portable statically linked binaries

By default, in either dynamically or statically linked builds, binaries target the specific host processor on which the build happens and are not portable to other processors. Portable binaries can be built using the following targets:

• make release-static-linux-x86_64 builds binaries on Linux on x86_64 portable across POSIX systems on x86_64 processors
• make release-static-linux-i686 builds binaries on Linux on x86_64 or i686 portable across POSIX systems on i686 processors
• make release-static-linux-armv8 builds binaries on Linux portable across POSIX systems on armv8 processors
• make release-static-linux-armv7 builds binaries on Linux portable across POSIX systems on armv7 processors
• make release-static-linux-armv6 builds binaries on Linux portable across POSIX systems on armv6 processors
• make release-static-win64 builds binaries on 64-bit Windows portable across 64-bit Windows systems
• make release-static-win32 builds binaries on 64-bit or 32-bit Windows portable across 32-bit Windows systems

Cross Compiling

You can also cross-compile static binaries on Linux for Windows and macOS with the depends system.

• make depends target=x86_64-linux-gnu for 64-bit linux binaries.
• make depends target=x86_64-w64-mingw32 for 64-bit windows binaries.
  • Requires: python3 g++-mingw-w64-x86-64 wine1.6 bc
• make depends target=x86_64-apple-darwin11 for macOS binaries.
  • Requires: cmake imagemagick libcap-dev librsvg2-bin libz-dev libbz2-dev libtiff-tools python-dev
• make depends target=i686-linux-gnu for 32-bit linux binaries.
  • Requires: g++-multilib bc
• make depends target=i686-w64-mingw32 for 32-bit windows binaries.
  • Requires: python3 g++-mingw-w64-i686
• make depends target=arm-linux-gnueabihf for armv7 binaries.
  • Requires: g++-arm-linux-gnueabihf
• make depends target=aarch64-linux-gnu for armv8 binaries.
  • Requires: g++-aarch64-linux-gnu
• make depends target=riscv64-linux-gnu for RISC V 64 bit binaries.
  • Requires: g++-riscv64-linux-gnu
• make depends target=x86_64-unknown-freebsd for freebsd binaries.
  • Requires: clang-8
• make depends target=arm-linux-android for 32bit android binaries
• make depends target=aarch64-linux-android for 64bit android binaries

The required packages are the names for each toolchain on apt. Depending on your distro, they may have different names.

Using depends might also be easier to compile Scala on Windows than using MSYS. Activate Windows Subsystem for Linux (WSL) with a distro (for example Ubuntu), install the apt build-essentials and follow the depends steps as depicted above.

The produced binaries still link libc dynamically. If the binary is compiled on a current distribution, it might not run on an older distribution with an older installation of libc. Passing -DBACKCOMPAT=ON to cmake will make sure that the binary will run on systems having at least libc version 2.17.

Running scalad

The build places the binary in bin/ sub-directory within the build directory from which cmake was invoked (repository root by default). To run in foreground:

./bin/scalad

To list all available options, run ./bin/scalad --help. Options can be specified either on the command line or in a configuration file passed by the --config-file argument. To specify an option in the configuration file, add a line with the syntax argumentname=value, where argumentname is the name of the argument without the leading dashes, for example log-level=1.

To run in background:

./bin/scalad --log-file scalad.log --detach

To run as a systemd service, copy scalad.service to /etc/systemd/system/ and scalad.conf to /etc/. The example service assumes that the user scala exists and its home is the data directory specified in the example config.

If you're on Mac, you may need to add the --max-concurrency 1 option to scala-wallet-cli, and possibly scalad, if you get crashes refreshing.

Internationalization

See README.i18n.md.

Using Tor

There is a new, still experimental, integration with Tor. The feature allows connecting over IPv4 and Tor simulatenously - IPv4 is used for relaying blocks and relaying transactions received by peers whereas Tor is used solely for relaying transactions received over local RPC. This provides privacy and better protection against surrounding node (sybil) attacks.

While Scala isn't made to integrate with Tor, it can be used wrapped with torsocks, by setting the following configuration parameters and environment variables:

• --p2p-bind-ip 127.0.0.1 on the command line or p2p-bind-ip=127.0.0.1 in scalad.conf to disable listening for connections on external interfaces.
• --no-igd on the command line or no-igd=1 in scalad.conf to disable IGD (UPnP port forwarding negotiation), which is pointless with Tor.
• DNS_PUBLIC=tcp or DNS_PUBLIC=tcp://x.x.x.x where x.x.x.x is the IP of the desired DNS server, for DNS requests to go over TCP, so that they are routed through Tor. When IP is not specified, scalad uses the default list of servers defined in src/common/dns_utils.cpp.
• TORSOCKS_ALLOW_INBOUND=1 to tell torsocks to allow scalad to bind to interfaces to accept connections from the wallet. On some Linux systems, torsocks allows binding to localhost by default, so setting this variable is only necessary to allow binding to local LAN/VPN interfaces to allow wallets to connect from remote hosts. On other systems, it may be needed for local wallets as well.
• Do NOT pass --detach when running through torsocks with systemd, (see utils/systemd/scalad.service for details).
• If you use the wallet with a Tor daemon via the loopback IP (eg, 127.0.0.1:9050), then use --untrusted-daemon unless it is your own hidden service.

Example command line to start scalad through Tor:

DNS_PUBLIC=tcp torsocks scalad --p2p-bind-ip 127.0.0.1 --no-igd

Using Tor on Tails

TAILS ships with a very restrictive set of firewall rules. Therefore, you need to add a rule to allow this connection too, in addition to telling torsocks to allow inbound connections. Full example:

sudo iptables -I OUTPUT 2 -p tcp -d 127.0.0.1 -m tcp --dport 18081 -j ACCEPT
DNS_PUBLIC=tcp torsocks ./scalad --p2p-bind-ip 127.0.0.1 --no-igd --rpc-bind-ip 127.0.0.1 \
    --data-dir /home/amnesia/Persistent/your/directory/to/the/blockchain

Debugging

This section contains general instructions for debugging failed installs or problems encountered with Scala. First, ensure you are running the latest version built from the Github repo.

Obtaining stack traces and core dumps on Unix systems

We generally use the tool gdb (GNU debugger) to provide stack trace functionality, and ulimit to provide core dumps in builds which crash or segfault.

• To use gdb in order to obtain a stack trace for a build that has stalled:

Run the build.

Once it stalls, enter the following command:

gdb /path/to/scalad `pidof scalad`

Type thread apply all bt within gdb in order to obtain the stack trace

• If however the core dumps or segfaults:

Enter ulimit -c unlimited on the command line to enable unlimited filesizes for core dumps

Enter echo core | sudo tee /proc/sys/kernel/core_pattern to stop cores from being hijacked by other tools

Run the build.

When it terminates with an output along the lines of "Segmentation fault (core dumped)", there should be a core dump file in the same directory as scalad. It may be named just core, or core.xxxx with numbers appended.

You can now analyse this core dump with gdb as follows:

gdb /path/to/scalad /path/to/dumpfile`

Print the stack trace with bt

• If a program crashed and cores are managed by systemd, the following can also get a stack trace for that crash:

coredumpctl -1 gdb

To run scala within gdb:

Type gdb /path/to/scalad

Pass command-line options with --args followed by the relevant arguments

Type run to run scalad

Analysing memory corruption

There are two tools available:

ASAN

Configure Scala with the -D SANITIZE=ON cmake flag, eg:

cd build/debug && cmake -D SANITIZE=ON -D CMAKE_BUILD_TYPE=Debug ../..

You can then run the scala tools normally. Performance will typically halve.

valgrind

Install valgrind and run as valgrind /path/to/scalad. It will be very slow.

LMDB

Instructions for debugging suspected blockchain corruption as per @HYC

There is an mdb_stat command in the LMDB source that can print statistics about the database but it's not routinely built. This can be built with the following command:

cd ~/scala/external/db_drivers/liblmdb && make

The output of mdb_stat -ea <path to blockchain dir> will indicate inconsistencies in the blocks, block_heights and block_info table.

The output of mdb_dump -s blocks <path to blockchain dir> and mdb_dump -s block_info <path to blockchain dir> is useful for indicating whether blocks and block_info contain the same keys.

These records are dumped as hex data, where the first line is the key and the second line is the data.

Known Issues

Protocols

Socket-based

Because of the nature of the socket-based protocols that drive scala, certain protocol weaknesses are somewhat unavoidable at this time. While these weaknesses can theoretically be fully mitigated, the effort required (the means) may not justify the ends. As such, please consider taking the following precautions if you are a scala node operator:

• Run scalad on a "secured" machine. If operational security is not your forte, at a very minimum, have a dedicated a computer running scalad and do not browse the web, use email clients, or use any other potentially harmful apps on your scalad machine. Do not click links or load URL/MUA content on the same machine. Doing so may potentially exploit weaknesses in commands which accept "localhost" and "127.0.0.1".
• If you plan on hosting a public "remote" node, start scalad with --restricted-rpc. This is a must.

Blockchain-based

Certain blockchain "features" can be considered "bugs" if misused correctly. Consequently, please consider the following:

• When receiving scala, be aware that it may be locked for an arbitrary time if the sender elected to, preventing you from spending that scala until the lock time expires. You may want to hold off acting upon such a transaction until the unlock time lapses. To get a sense of that time, you can consider the remaining blocktime until unlock as seen in the show_transfers command.