Topic: 0 confirm instant transactions - page 2. (Read 3235 times)

This is bitcointalk after all.


I too am interested to know what Bitpay would do - I guess they certainly could rebroadcast the tx themselves to "keep it alive" although there is the possibility that the tx may not confirm for months or even years (if network usage remained constantly at the same level).

That would open up an attack vector - which is the reason why I assume my tx got dropped from everyone's memory pool with 24-48 hours (I forget the exact amount of time but was certainly not longer than 48 hours).

I think the only *solution* is going to be that the *vendor* pays the fee (some work on the idea of one tx providing the fee for another has already been done although it isn't part of standard Bitcoin yet).

Thanks CIYAM for the intelligent comment (I feel I've been fighting trolls all day).  

I recently paid for a beer via BitPay and my Blockchain wallet for iOS sent it as a zero-fee transaction.  Because the network was very busy at the time, this transaction wasn't confirmed for about 36 hours.  

I would like to get to the bottom of the attack vector you proposed.  Is it possible that BitPay could just continuously rebroadcast the transaction, thereby preventing it from falling out of the memory pool?  And why didn't my transaction get "dropped" after 24 hours?  I remember that it took a day and a half before it was confirmed.  

One other scenario that seems to have been missed:

1) Pay for your coffee with a zero fee low priority tx.

2) Wait for 24 hours when it will have been dropped from the memory pool in most Bitcoin software.

3) Send a different tx using the sample UTXOs but this time adding in a reasonable enough fee to get into the next block.

This is actually quite simple - and although I've not tried to get away with any free coffee I have actually performed this sort of "double spend" more than once (when the network just got too busy to process a couple of zero fee low priority txs I was playing with).

Does Bitpay do something to try and prevent this kind of "double spent"?

So you made this thread is to attack bitcoin or gavin? I 'm confused 

[Cross-posted from https://bitcointalksearch.org/topic/m.3970813, I also think MikeyVeez is trolling and knows that zero-confirm transactions are fine for most purchases, and thus the winky face and the random and stupid CIA/Gavin accusation.]

Bitcoin is indeed faster than credit card: here in Vancouver several brick-and-mortar merchants accept bitcoin via BitPay.  It is standard to consider the invoice paid when the network picks up the transaction as valid.  This typically occurs in a fraction of second--faster than a credit card.  

The double-spend problem, to most users and vendors, most of the time, is academic.  Let's consider how you could double-spend against a coffee shop here in Vancouver:

DOUBLE SPEND ATTEMPT #1: (fails)

1-A.  You walk up to the counter and ask for your coffee.  The sales girl generates the BitPay invoice, you scan the QR code, and press "send" on your iPhone.  The BitPay app picks up the transaction on the network in a fraction of a second, and the invoice suddenly says "PAID."  You grab your coffee and leave.

1-B.  But you're sneaky: you quickly run into your car where you've already generated a raw transaction with the same coins you used to pay for your coffee, but in this fraudulent transaction you instead send the coins to an address you control (you used the brainwallet.org "transactions" page) .  You broadcast this transaction using blockchain.info's pushtx service (https://blockchain.info/pushtx).  What you will realize is that by the time you got back to your car, the original transaction has already propagated across the network.  This means that nodes will not relay this new fraudulent transaction and miners will not add it to their memory pool since they know that these coins were already spent.  Double-spend attempt #1 fails.  

DOUBLE SPEND ATTEMPT #2: (fails)

2-A.  Discouraged by your failure, you head back to your evil lair where you continue your plot to get free coffee.

2-B.  You decide that you need to broadcast both transactions at roughly the same time in order to have a better chance of success.  You need to do this *inside* the coffee shop, but all you have access to while inside the store is your blockchain.info app for iPhone.  So, you jail-break your phone and hire an iOS expert to create you a custom double-spend app.  This app by design sends out the transaction to the coffee shop, but also sends out a transaction to an address that you control.

2-C.  So you order your coffee and test out your app.  But the BitPay invoice never says "paid."  When the sales girl checks at blockchain.info, she sees a big red "DOUBLE SPEND DETECTED" warning beside the transaction.

2-D.  You don't get your coffee and leave the store with everyone thinking that you are a thief.  

DOUBLE SPEND ATTEMPT #3: (succeeds once and a while)

3-A.  Back at the lair, you realize that your quest for free coffee is more difficult than you actually thought.  You call up some nefarious miner that controls 30% of the global hash power.  You tell him that when you give him the signal, he should add your fraudulent transaction to his memory pool of unconfirmed transactions.  You pay your iPhone hacker to modify your app to send the evil miner a special signal when you buy your coffee.

3-B.  You go to the coffee shop and buy your coffee.  Your new app sends the signal to the evil miner that you're in cahoots with.  The miner adds your fraudulent transaction, while the real transaction propagates across the network.

3-C.  Since the evil miner controls 30% of the global hash power, your coffee is free 30% of the time.  

3-D.  Finally, you succeed!  You also decide it is a lot less work to just pay for your coffee normally...

I know bitpay already does instant transactions with merchants (I'm sure there's a limit on the transaction value) and if double spending were to occur they cover the cost so merchants have nothing to worry about.  I'm not 100% sure but I believe coinbase has started offering the same thing.  They simply account for occasional losses in their business model.  These are the two largest providers that merchants who accept bitcoin use.

So it's already starting to happen and certainly companies/people are working on improving the process even more because lets face it the average person wont want to sit around for 10 minutes waiting for a confirmation. Gotta keep in mind bitcoin is still in it's infacny, there are certainly things to improve upon but it seems like people are already stepping up to the plate to make those improvements. Give it some time and I'm sure in the future instant transactions will be the norm (except for maybe large purchases).

Guys Bitcoin has instant transactions because you can accept 0 confirm transactions, and then get double spended on. Ahh you guys crack me up. Where are all the 0 confirm retards? Where are the Bitcoin is faster than Visa because you can accept 0 confirms?

What more do you need to know that Bitcoin has no future? Don't worry CIA Gavin will come save the day maybe 10 years from now when 1 pool hits 78% of the network.