Author

Topic: Double Spending Proof of Concept (Read 2220 times)

hero member
Activity: 755
Merit: 515
April 15, 2011, 04:57:34 AM
#18
I've been thinking about doing a real attacking client for a while because quite a few people think its near impossible to execute well, but I disagree.  The best way to do this is to get the IPs of some of the largest miners (ArtForz + deepbit + slush's pool would probably do) and send one TX to them and one TX out to a bunch of other nodes (the target if you happen to know its IP).
The question is how will you get the IPs of the biggest miners? Don't miners just appear as regular clients on the network? Is there actually a way to tell if a node is a miner or a client?
Slush's pool's node is on the fallback nodes page.  You ask them? I doubt they give them out freely, but if I were to write a proof-of-concept attack I'm sure they would be happy to help.  If anyone were doing real attacking, I'm sure a good social-engineering attack would easily get the proper IPs.  (plus you can figure out ArtForz's node based on GeoIP, I think he is the only one in the middle of Germany on the node map)
full member
Activity: 136
Merit: 100
April 14, 2011, 11:50:52 PM
#17
I've been thinking about doing a real attacking client for a while because quite a few people think its near impossible to execute well, but I disagree.  The best way to do this is to get the IPs of some of the largest miners (ArtForz + deepbit + slush's pool would probably do) and send one TX to them and one TX out to a bunch of other nodes (the target if you happen to know its IP).
The question is how will you get the IPs of the biggest miners? Don't miners just appear as regular clients on the network? Is there actually a way to tell if a node is a miner or a client?
sr. member
Activity: 322
Merit: 250
Do The Evolution
April 14, 2011, 09:48:56 PM
#16
Please note some sites such as probiwon just wait for 1 confirmation, this could create havoc since you could send thousands of 25 BTC transactions to your acceptor and after the first confirmation it will broadcast a send transaction to your address. It won't check for validity afaik, I will contact him to get on this thread.
full member
Activity: 210
Merit: 106
April 14, 2011, 06:29:34 PM
#15
Does the client alert you that a transaction has been denied? Or does it just say " 0/unconfirmed " forever?

That might be a future feature: https://bitcointalksearch.org/topic/m.84785
(i.e. if your transaction is not processed within 24 hours, you would know it has been "rejected")
hero member
Activity: 675
Merit: 502
April 14, 2011, 05:51:13 PM
#14
Does the client alert you that a transaction has been denied? Or does it just say " 0/unconfirmed " forever?
hero member
Activity: 755
Merit: 515
April 14, 2011, 05:02:11 PM
#13
That's why it's recommended to wait for confirmations.
My point was that many people have said you don't need to worry about it for very small txes, however you might be able to write a client which tries to send bogus txes automatically so you just never have to pay for your small txes.
legendary
Activity: 1526
Merit: 1134
April 14, 2011, 04:42:33 PM
#12
If there is a double spend the official client does not alert you, but those transactions will show as 0/unconfirmed forever.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
April 14, 2011, 04:39:15 PM
#11

Obviously you won't double-spend but if people accept with 0 confirmations, well you should be able to pull this off.

That's why it's recommended to wait for confirmations.

To actually pull off a double spend WITH confirmations it would be very hard. You would have to have a branch of block chains that survives in the network for some time. That would be very hard as I believe the network always picks the HARDEST branch and resists branching.
hero member
Activity: 755
Merit: 515
April 14, 2011, 04:31:24 PM
#10
I've been thinking about doing a real attacking client for a while because quite a few people think its near impossible to execute well, but I disagree.  The best way to do this is to get the IPs of some of the largest miners (ArtForz + deepbit + slush's pool would probably do) and send one TX to them and one TX out to a bunch of other nodes (the target if you happen to know its IP).  Because no one will store a duplicate tx, theoretically the victim will hold the probably-wont-get-confirmed TX until the probably-will-be-confirmed is confirmed by one of the large-scale miners.

Obviously you won't double-spend but if people accept with 0 confirmations, well you should be able to pull this off.
full member
Activity: 238
Merit: 100
April 14, 2011, 04:20:59 PM
#9
Double spend guide for beginners:

1. Run bitcoin program. Download the blockchain.
2. Get some coins.
3. Backup the wallet and install it on another machine.
4. Connect with the first machine to some nodes and with the other to different ones.
5. Open two windows and simultaneously send coins to different addresses from two machines.
6. Watch in the log as the transactions reach different nodes.
7. Wait patiently for the next block.
8. Enjoy how the network includes only one transaction and rejects the other.

Do you really think nobody tested it?
member
Activity: 72
Merit: 10
April 14, 2011, 04:08:28 PM
#8
If a program like this doesn't already exist then I might create one. It depends if I can even think of a way to do it that wouldn't be completely futile.

I think "completely futile" is not a bad starting point. Like you said:
It would also be nice to see how the default client reacts when a malicious attempt is detected.

I haven't dived into the source code yet, but I imagine it wouldn't take too much tinkering to modify the standard client so that it could attempt a double-spend on the testnet. I think a developer could do this without too much effort. Conceptually, a Bitcoin network should be able to repel a double-spend, but someone should start gathering empirical data at some point (if the white hats don't get there first, the black hats surely will).

What happens when one node attempts a double-spend? What happens when multiple nodes are coordinated in a double-spend? How many bad nodes does it take for a double-spend to succeed (if any)? I think these questions have theoretical answers, but maybe its time to start gathering some hard data.

Keep us up to date if you decide to create something like this. I, for one, would be interested in what you find out. If I have time, I might like to help out. In any case, it sounds like a fun way to start getting familiar with the standard Bitcoin source code.
legendary
Activity: 1708
Merit: 1010
April 14, 2011, 03:15:21 PM
#7
If a program like this doesn't already exist then I might create one. It depends if I can even think of a way to do it that wouldn't be completely futile.

If you can think of some way that it wouldn't be futile, then Bitcoin is in trouble.
newbie
Activity: 32
Merit: 0
April 14, 2011, 11:58:59 AM
#6
If a program like this doesn't already exist then I might create one. It depends if I can even think of a way to do it that wouldn't be completely futile.
legendary
Activity: 1708
Merit: 1010
April 14, 2011, 10:55:21 AM
#5
Please keep this on testnet.
member
Activity: 72
Merit: 10
April 14, 2011, 10:09:54 AM
#4
Yeah I just think it might be useful to have a program which tests the concept

If you really think it would be useful to have a program like this, put your bitcoins where your mouth is! Define some requirements and offer a bounty. Encourage others to contribute to your bounty and eventually a developer might take up the challenge and deliver.

If you end up going this route, you might want to consider moving this thread to the Project Development Forum. This is typically where users discuss bounties. There's also a wiki page.
newbie
Activity: 32
Merit: 0
April 14, 2011, 10:01:00 AM
#3
Yeah I just think it might be useful to have a program which tests the concept
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
April 14, 2011, 09:17:36 AM
#2
Hey. I'm just wondering if anyone has written a proof of concept program which attempts to trick the network into allowing double spending. I think it would be good to get something like this out in the open soon so it can be tested thoroughly before the network get any bigger.

It would also be nice to see how the default client reacts when a malicious attempt is detected.

It's why some people wait for confirmations. The network uses a long block chain. As the blocks come in the double spend would not be able to exist. Only during the time of a branch in the chain could both exist. AFAIK.
newbie
Activity: 32
Merit: 0
April 14, 2011, 08:12:57 AM
#1
Hey. I'm just wondering if anyone has written a proof of concept program which attempts to trick the network into allowing double spending. I think it would be good to get something like this out in the open soon so it can be tested thoroughly before the network get any bigger.

It would also be nice to see how the default client reacts when a malicious attempt is detected.
Jump to: