Author

Topic: accidentally entered the address into amount (Read 1135 times)

hero member
Activity: 868
Merit: 1000
December 12, 2013, 11:19:22 AM
#12
To give you an example, there was so far 1 vulnerability, XSS one (so not a major one) on Bitfinex, for the GET variable "locale", where you could input javascript. This has been corrected a long time ago and was as i said the only vuln found.

it's not like we have not been "tried"...
hero member
Activity: 868
Merit: 1000
December 12, 2013, 11:12:15 AM
#11
Hello,

If the address was changed to 1 (the number), then obviously the data has been filtered.

Furthermore, just because we do not check if the bitcoin address is not a valid bitcoin address doesn't mean we do not check for malicious input like SQL, HTML,... But don't take my word for it, go ahead, try to SQL inject or other attacks on Bitfinex and check the result. Every field is parsed and malicious content is removed (and a string like a BTC address is not a malicious content Smiley)

All in all, if the bitcoin address is a wrong string, it will be rejected and cancelled. If the amount contains string garbage, as long as it start by digits, the amount will be those digits. If you enter "10 BTC", then this will be converted to "10".

Thank you anyway
Raphael
full member
Activity: 238
Merit: 100
December 10, 2013, 09:44:21 AM
#10
I used bitfinex.com to make the transfer.
hero member
Activity: 896
Merit: 527
₿₿₿₿₿₿₿
December 08, 2013, 10:22:26 AM
#9
It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Please let us know what exchange you used, we need to know who is not validating their inputs Cheesy

This please let everyone know so they can avoid it like the plague. 

Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc.

Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok.

This. Although I think how the system might work is that if you enter a value more than you own (for some reason, works with address) it just sends all of your balance no matter what.
Still, that's not right. You might have added an extra 0 by error, and would send your entire balance to someone when the transaction should have failed.
sr. member
Activity: 266
Merit: 250
December 08, 2013, 10:20:13 AM
#8
It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Please let us know what exchange you used, we need to know who is not validating their inputs Cheesy

This please let everyone know so they can avoid it like the plague. 

Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc.

Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok.

This. Although I think how the system might work is that if you enter a value more than you own (for some reason, works with address) it just sends all of your balance no matter what.
donator
Activity: 1218
Merit: 1079
Gerald Davis
December 05, 2013, 01:36:53 PM
#7
It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Please let us know what exchange you used, we need to know who is not validating their inputs Cheesy

This please let everyone know so they can avoid it like the plague. 

Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc.

Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok.
hero member
Activity: 938
Merit: 501
December 05, 2013, 01:34:48 PM
#6
It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Please let us know what exchange you used, we need to know who is not validating their inputs Cheesy
sr. member
Activity: 322
Merit: 250
December 05, 2013, 12:12:59 PM
#5
Which exchange are you using?
That seems quite ridiculous... Why doesn't it check if the value entered is a number at all?!
legendary
Activity: 3682
Merit: 1580
December 05, 2013, 10:41:07 AM
#4
It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
full member
Activity: 238
Merit: 100
December 05, 2013, 10:27:16 AM
#3
It sent 1 btc, so all is good!
full member
Activity: 140
Merit: 100
December 05, 2013, 08:49:41 AM
#2
So i was trying to withdraw btc from exchange, and I accidentally entered the address into the amount, everything else was correct, and it still went through...

does this mean i only sent 1 btc, since address starts with 1?
I'm thinking about the last line. So, if i want to withdraw 100BTC, it only sent 1BTC since it starts with 1?
What you could do is to contact the support about this matter. Im sure the transaction was not sent as it needs a combination for it to be sendable. Should just contact the admin. Wiki says so:
https://en.bitcoin.it/wiki/Address#Addresses_are_case_sensitive_and_exact
full member
Activity: 238
Merit: 100
December 05, 2013, 08:38:04 AM
#1
So i was trying to withdraw btc from exchange, and I accidentally entered the address into the amount, everything else was correct, and it still went through...

does this mean i only sent 1 btc, since address starts with 1?
Jump to: