Topic: Double Spending - How To? - page 2. (Read 4581 times)

Let me try and explain and somebody will correct me if I write anything wrong. The simplest double spend attack is called race attack. There are other more complicated double spend attacks but we don't need to talk about them at the moment.

So in the race attack buyer walks in in a coffee shop, buys a cup of coffee and pays with bitcoins. He walks out and gets on his computer immediately where he spends the same coins again, makes another transaction, but tries to broadcast them to more nodes than the first transaction which paid for the cup of coffee. Then he hopes that second, double spent transaction will get in a block before the first (real) transaction.

Don't ask how this is done because I don't know, I am not a scammer so I never initiated double spend. Once I did double spend my coins because I have forgotten to include a tx fee so my transaction was stuck. Then I sent the same coins again with go higher fee and this transaction got confirmed before the first one.

Now in order to do above you must have a computer. I am pretty sure that mobile wallets don't allow double spending. Also not all of the desktop wallets allow people to double spend, only some. And you have to know what you are doing very well. And even if you do it well, the block can come 1 minute after you paid your coffee in the coffee shop and not let you even try to double spend. That's why it's called a race attack, since you essentially are racing to get the second, fraudulent transaction confirmed before the first one. So yes, you have to be lucky as well, to do a successful double spend.

Any Bitcoin wallet should allow 0 fees for transactions. Given that no POS is used, no insurance can be provided. To double spend his Bitcoin, he need a mining pool who uses RBF patch and another transaction spending the same input to another address with a higher fee. The pool would then accept the higher fee transaction. Alternatively, he can get a mining pool to mine the double spending transaction for him and the over transaction would be invalidated. If he's lucky and no pools want to accept it, assuming that it isn't rebroadcasted, he can craft another transaction and relay it to he network with a fee and the pools would accept it after the node has forgotten about the transaction or the pool has forgotten about it.

Another transaction spending the same input (UXTO) means that the alternate transaction would be spending the same input as the first transaction.

Thank you all who have replied.

As I said previously, an average sale could be a day's pay for an average (Filipino) worker. Not an insignificant amount. The shop employee handling the transaction would have just a basic (Filipino) high school education. This would mean that he/she can do no more than follow basic instructions - if your lucky.

Neither the sales person or the customer are going to wait for even the first confirmation. The merchant (shop) cannot set or easily check the transaction fee. Let's assume that the customer makes the purchase with zero transaction fee. (I know, Bitcoin Wallet does not allow this.)

So, the customer walks in, buys a coffee and food (take-out) with bitcoin zero transaction fee, then leaves the shop. How does this customer "double spend" his/her bitcoin?

What is "another spend that uses the same inputs"?

This the exact reason why I put a "what do we understand as double spend here" in my longer post above. A double spend on a confirmed transaction is almost impossible and only possible at all if you can either pull off an >50% attack or if the block (or even blocks) the confirmed the TX was orphaned for some reason (e.g. durring a fork).

This is even rarer than the unconfirmed double spend I think OP refers to.

There was one, you may have missed it: https://bitcointalksearch.org/topic/a-successful-double-spend-us10000-against-okpay-this-morning-152348 and several double spends have happened when sellers gave the goods before at least 2 confs

You just can't. Satoshi Nakomoto took care of this. You may try though, but there were no successful double-spend in the whole history of BTC as far as I know.

In theory, double spending is possible but it is not feasible and it is quite hard for you. The reference client only relay the first transaction with input A it sees and ignores any other transaction that spends input A. In order to double spend the transaction, majority of the network would need to forget about your transaction for them to relay it or you must find a pool which can accept your double spend transaction into a block. Precautions can be made however, the merchant can connect to different geographical peers, ensure that the transaction is well propagated, includes a good fees-per-kilobyte and the inputs are already confirmed.

You can tell your friend that he will be perfectly fine and safe accepting payments with zero confirmations for a cup of coffee or a cookie, or both which value is about $5. Nobody will go through the trouble to scam on a daily base and to double spend for a cup of coffee, that's ridiculous.

As explained above, this is doable but not easy. You need certain wallets, etc. And people who know how to do this will not waste time for such a small amounts anyways.

Of course, I would not let Lambo out of the door with 0 confirmations, I would wait 6, but a cup of coffee is no problem at all.

Firstly the coffee shop owner should not wait for a confirmation as it can sometimes take longer than the time I need to drink a large coffee. I would not pay with bitcoin if I had to wait for a confirmation, unless I pay for a fancy car (THX OnkelPaul)

I think the question is how to defend against a double spend in this case and the answer is not as simple as you might like, assuming the owner wants to avoid using a service like bitpay. Most payment services will do one or more of the counter measures I present later.

Lets get some basic understand what we want to understand as a double spend here, how it works and what needs to be done for it to work.

A double spend would be if you create TX A, the shop owner sees the transaction, you get your coffee and any time later before TX A is confirmed you create another TX B that uses the same inputs as A and gets confirmed before A, thus making A invalid. The result is free coffee and possible problems with law enforcement and/or the owner the next time you try to buy a coffee at the same shop.

What do we need?
In order for this to work with a mobile phone you would need wallet software that allows you to set the fee for a transaction yourself. It must also be possible that you make the wallet forget about the transaction A and you have to be able to select individual inputs when creating a transaction. Alternatively you must ensure that you only have a single input you can spend.

How do we get it to work?
You create the transaction A with 0 fee and a low priority. 0 Fee is set via the wallet, low priority comes with either a high size in bytes, a lower amount of bitcoin used or a combination. E.g. a single input worth 1 BTC with 144 confirmations (~a day) should be easily confirmed without a fee because it has a high enough priority (aka the bitcoin day). Considering we talk about coffee it should be easy enough to set up an input for a coffee worth of bitcoin a few hours in advance. E.g. 0.05 with 12 (~2 hours) confirmations should have a low enough priority to require a fee to be confirmed fast.

Now that we are at the shop we broadcast this planned transaction to the shop owners address, the network propagates it and the shop owners wallet shows an unconfirmed transaction. we get coffee.

Here the owner can manually check the transaction (unlikely I know, but its possible) for fee, size (in bytes) and the size of the used inputs. Someone with a good knowledge about bitcoin could detect a possible double spend attempt right here and manually initiate counter measures (more about them later).

Lets assume the owner misses this or the person handling the wallet has no idea (usual case) about the finer details of bitcoin.

We can not enjoy our coffee though as now a race starts. We need to reset the wallet app on the phone to issue an competing transaction that pays a higher than normal fee. Why do we need to be fast? Because any node that already knows about TX A will reject the new TX B. Thus we have a small chance to reach a miner. The best thing we can hope for is that TX A is forgotten over time. Thus we rebroadcast TX B every 1-2 hours in the hopes that more and more nodes forgot about A and we finally reach a miner that does not know about TX A and finds a block. Due to our high fee B will be in the next block.

How can the shop owner defend against this?

Firstly, as you can see from what has to be done for a free stolen coffee, I would not worry. I suspect they have higher loss from fake bills or stolen credit cards. A bitcoin double spend is a race condition and with all the manipulations you can do to shift the odds in your favor its still highly likely to lose the race and have paid for the coffee anyway.

Now countermeasures:

#1 Rebroadcast TX A. If you keep rebroadcasting the transactions you receive (e.g. via a small script) you significantly reduce the chances for TX B to reach anyone. Transactions without fee and low priority can and will be confirmed over time. To ensure that TX A is known throughout the network is the best defense against a double spend. This is also the basis for #2, because it assume that A is known to miners.

#2 CPFP - child pays for parent. A transaction (e.g. A) that was received without fee can be used as input in another transaction (lets call it C) that pays a high fee. In order for C to get confirmed, A must be confirmed either in advance or in the same block. Some miners have implemented CPFP and will give A a higher priority for the next block based on the fee of C.

#3 Get buddy buddy with a mining pool. Some miners have a direct interface that allow you to directly send them a TX and they confirm it in the next block they find. No matter the fees, as long as its valid and not a double spend.

There are certainly more, but those are the major ones that came to me.

slightly Edited after reading OnkelPauls reply.

Double spending means to create two transactions using the same output(s) from a previous transaction, and presenting one of these transactions to a seller as payment, while transferring the funds to another address using the other transaction. Only one of these transactions will eventually make it into the blockchain. If you want to scam the coffee shop, you'd need to control a substantial share of the mining pools so that you can get them to accept your second transaction after the first one has already propagatesd through the network.
There are basically two cases:
- you spend a small amount (for a coffee or a pretzel), and the seller accepts a zero-confirmation transaction (with sufficient fees) as "good enough", risking a small percentage of failed payments. In this case, the cost of doing a double spend far exceeds the possible gain in coffee or pretzels, even though determined crooks could probably pull this one off.
- you spend a large amount (for a house or a Lamborghini), and the seller will wait for 6 or more confirmations (which takes about one hour). Performing a double spend in such a situation requires you to control more than 50% of the mining power for a considerable time to effectively orphan the part of the chain that contains your first transaction and create an alternate blockchain that will be accepted by the rest of the bitcoin world. The cost of doing this far exceeds the value of a house or a Lamborghini, so this case, too, is economically infeasible. And in the case of the house, you can't simply drive away with the stolen goods...
One possible exception might be a trade that involves highly illegal stuff that both parties want to finalize very quickly. But if a drug dealer sells you drugs for several thousand bitcoins and accepts a zero-conf payment, I'm pretty convinced that he has means to find you after you've perfomed a double spend... For you as a buyer, this wouldn't be economically feasible either, and probably pretty painful.

Executive summary: Double spending does not work in reality (as has been discussed to death already)

Onkel Paul

So here is a simple answer to your question: https://bitcointalksearch.org/topic/guidedouble-spending-an-unconfirmed-transaction-made-with-a-third-party-client-231309
All in all double spending is a bit time consuming.
P.S: So the seller doesn't want to wait for 2 confs or can't wait because of customer pressure? I'm sure customers would understand that the seller needs to have 2 confs before handing out the good

I am definitely not asking "how to scam". Knowing how it could be done gives one knowledge on how to minimise the risk if handing over goods before any confirmations are received.

The reason I am asking is because a coffee shop owner I am helping (gratis) to set up a system for accepting bitcoin as payment has asked me this. He is concerned that a bitcoin paying customer may "double spend" if he passes over goods before he has received at least one confirmation.

He does not want to have to keep the customer waiting until he has received at least one confirmation. An average sale would be less than USD10 but this is in a country where his shop staff get paid that for a full day's work.

Double spending doesn't work as you need more than 2 confs for the btc to be credited in any shop, at any rate are you asking how to scam?

To keep this simple, let's assume I am using a wallet like Bitcoin Wallet by Bitcoin Wallet developers on an Android smartphone. I go into a coffee shop and buy using my bitcoin wallet. I understand that it is going to take about 5 to 10 minutes before the transaction is first registered on the Blockchain.

How can I then "double spend" my bitcoin?