From: Gregory Maxwell <gmaxwell@gmail•com>
To: Oliver Egginger <bitcoin@olivere•de>
Cc: Bitcoin Development <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Malleability and MtGox's announcement
Date: Mon, 10 Feb 2014 12:40:03 -0800 [thread overview]
Message-ID: <CAAS2fgRksY-KeD27unAWrNkt3BPjGHMFRis_kyrAfZN-zpyoag@mail.gmail.com> (raw)
In-Reply-To: <52F92CE3.7080105@olivere.de>
On Mon, Feb 10, 2014 at 11:47 AM, Oliver Egginger <bitcoin@olivere•de> wrote:
> As I understand this attack someone renames the transaction ID before
> being confirmed in the blockchain. Not easy but if he is fast enough it
> should be possible. With a bit of luck for the attacker the new
> transaction is added to the block chain and the original transaction is
> discarded as double-spend. Right?
>
> Up to this point the attacker has nothing gained. But next the attacker
> stressed the Gox support and refers to the original transaction ID. Gox
> was then probably fooled in such cases and has refunded already paid
> Bitcoins to the attackers (virtual) Gox-wallet.
At this point the attack should fail. Before crediting the funds back Gox
should form a new transaction moving at least one of the coins the prior
transaction was spending and wait for that transaction to confirm.
Without performing this step— even if there were no malleability at all
you'd have the risk that someone would go resurrect the old transaction
and get a miner to mine it. Then it goes through.
With performing it, even if they missed the mutated transaction in the chain
their cancellation transaction could not confirm (because its a double spend).
> So far everything is clear. But what I do not understand: Why apparently
> had so many customers of Gox payment defaults or severely delayed
> payments?
Back in September a lot of people were having stuck transactions and
when I looked it was because Mtgox was spending immature coins: newly
generated coins which cannot be spent for 100 blocks since their creation.
(A rule since Bitcoin's started)
Then later it was noticed that they were producing transactions with invalid
DER encodings (excessively padded signatures). The Bitcoin network used
to accept these transactions, but in order to more towards eliminating
malleability
Bitcoin 0.8 and later will not relay and mine them.
Then after people started using mutation to fix those excessively padded
transactions and/or someone was exploiting Gox's behavior— it seems that
Gox's wallet may have been in a state where it thought a lot of coins weren't
spent that were and was reusing them in new transansactions... this one
is harder to tell externally— I saw it appeared to be producing a LOT of
double spends with different destinations, but I'm guessing as to the exact
cause.
next prev parent reply other threads:[~2014-02-10 20:40 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-10 12:28 Pieter Wuille
2014-02-10 16:14 ` Troy Benjegerdes
2014-02-10 16:57 ` Nick Simpson
2014-02-10 18:02 ` Troy Benjegerdes
[not found] ` <CANOOu=_rQfRORmbEWz=1MVk9dK26ddiCeyeHMaua6iyioBUr4g@mail.gmail.com>
2014-02-10 17:54 ` Troy Benjegerdes
2014-02-10 19:47 ` Oliver Egginger
2014-02-10 20:40 ` Gregory Maxwell [this message]
2014-02-10 20:47 ` Tier Nolan
2014-02-10 20:55 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAS2fgRksY-KeD27unAWrNkt3BPjGHMFRis_kyrAfZN-zpyoag@mail.gmail.com \
--to=gmaxwell@gmail$(echo .)com \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=bitcoin@olivere$(echo .)de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox