Begin forwarded message: > From: Doug Huff > Date: June 27, 2011 9:46:13 PM CDT > To: full-disclosure@lists.grok.org.uk, "Mt.Gox" > Cc: Bitcoin Dev Development > Subject: Live mtgox.com trade matching bug. > > Step 1: Have USD available for spending on mtgox.com. > Step 2: Put in a buy order large enough to drain your account. Low enough under the current trading price that it will not execute immediately. > Step 3: Withdraw all USD funds. > Step 4: Wait for market to fall enough to meet your order. > Step 5: ...(self explanatory)... > > There's a bit of luck in being able to take advantage, obviously. > > I would suggest you take the site down asap until this is corrected or publicly show how this order will never execute: > > ========== > Welcome 0.00000000 ฿TC 424.44901 > Buying 138468.901 0.01 Active 1384.69 06/26 15:27 cancel > ========== > > I cannot guarantee this order will execute but from everything I've observed about the new trade matching code I have no reason to believe it will not. > > At the very least this could be used to influence market conditions if it is only a display bug. > > -- > Douglas Huff > > -- Doug Huff