Topic: Doubt about double spending - page 2. (Read 476 times)

Some crypto businesses do accept zero-confirmation transactions. But they take some precautions to make sure you won't be able to cancel the transaction and even if you do, it shouldn't cause them any financial damage. In case of casinos, for example, they will instantly credit your account only when the transaction is non-RBF.

The issue of transaction malleability was solved via BIP66. Further, as you note, SW parent transactions are not maileabile.

The issue of transaction malleability was solved via BIP66. Further, as you note, SW parent transactions are not maileabile.

Oh no, please no Don't confuse RBF with double-spend attacks! That's totally not the same thing.

You shouldn't really accept zero confirmations for any transaction which has any unconfirmed parents regardless of their RBF status, since transaction malleability would allow a miner to invalidate the child transaction without invalidating/double-spending the parent transaction(s) (unless all the unconfirmed parents only spend bech32 segwit inputs).

CPFP

However there are Casinos that accept zero-confirmation deposits.
Since they are custodial, their primary protection against those who'll "cancel" their transaction is to prevent withdrawals of the funds/winnings until the deposit has enough confirmations.
Rest are the rules and requirements like non-RBF transactions to qualify to that feature, I don't know if they are disqualifying txns with unconfirmed parent(s).

You shouldn't really accept zero confirmations for any transaction which has any unconfirmed parents regardless of their RBF status, since transaction malleability would allow a miner to invalidate the child transaction without invalidating/double-spending the parent transaction(s) (unless all the unconfirmed parents only spend bech32 segwit inputs).
-snip-

If it has an unconfirmed parent(s), any of the parent transaction shouldn't be marked as replaceable as well.

By the way, very interesting, if you scroll down a bit there's a so-called vector76 attack, which is possible even though as a recipient you see 1 confirmation. So I would always wait for like 3 confirmations if I'm in a hurry and the amount is not large, but for anything else 6 confirmations.

Actually RBF is like a sub-category of double spend.
Technically speaking when the same UTXO is spent in 2 different transactions, we call that a double spend. When you bump the fee of a transaction you are actually creating an entirely different transaction (it has to even be signed again) and the fact that the two transactions differ only in the output amount doesn't change that.

What RBF does is that it "reserves the right to double spend" the UTXOs in a tx marked by RBF for the signer but with certain restrictions, such as the increased fee has to be proportional to the tx size not any small amount.

You don't need to mine 2 blocks in a row.  Mining a single block is sufficient if the network resolves the fork the way you want, and it might be possible to set things up so that this is likely.

Let's say I observe the timing of when nodes are broadcasting transactions and how they are propagating through the network.  By watching for which nodes are earliest to broadcast transactions from my target, I manage to establish a direct connection to my target.

I use a similar method of watching block broadcasts to establish connections to most of the mining pools.

Now I create a transaction making a valid, large deposit into my target.  I do not broadcast this transaction but I add it to a block that I am attempting to mine.  I mine solo, just like normal, except that I have an extra non-broadcasted tx that I am including.

Eventually, I succeed in creating a valid block.  I do not broadcast it immediately, but instead I wait until someone else mines a block, and when that happens, I immediately broadcast my block to my target.  If my target sees my block before the other block, they will accept it, and my transaction will have one confirmation.  The block chain has forked, and my target (and possibly other nodes, if my target relays quickly enough) will believe that my block is the correct one, while other nodes will believe that the other fork is the correct one.

I immediately request a withdrawal, and my target generates a transaction sending the large amount of coins to an address I control.  I also double-spend some of the inputs, sending the coins to myself.  The part of the network that did not receive my block first (which hopefully is most of the miners) will accept this as valid and work to include it in the next block.

If my block eventually "wins" because enough miners saw my block first and added onto it first, then I have just made a deposit and withdrawal, and I lose nothing.

If my block eventually "loses", then the deposit is invalidated.  If the deposit tx was not one of the inputs to the withdrawal transaction, then the withdrawal is still valid.

Technical question from a non-technical guy... Sorry if it comes out as something stupid, but I rather seek an answer to my ideas than putting them in a dark corner.

No need to explain what a deposit is, but most, if not all casinos require at least X confirmations from the network in order to credit the deposit. Nothing wrong with that, since they cover themselves from a double-spending attack. However, in some situations, transactions get stuck and the player is left to wait (bad luck fella, use a higher fee next time) for a long time. The main reason this feature exists is to prevent double spends, as I have already mentioned, but I'd like to know if there is an alternative to it.

-snip- so, if transactions that don't have RBF active can not be double spent, could hypothetically a casino run a node that is able to tell if a transaction has this activated, and in the event of it being negative, instantly credit the money with no confirmations required?

Don't confuse RBF with double-spend! That's totally not the same thing. Double spending is an attack scenario where you spend the same funds twice (like, to 2 different addresses). RBF just allows you to bump the fee to have the transaction be verified quicker.

CPFP is a kind of RBF, IIRC;

RBF just allows you to bump the fee to have the transaction be verified quicker.

No need to explain what a deposit is, but most, if not all casinos require at least X confirmations from the network in order to credit the deposit... but I'd like to know if there is an alternative to it.

Awesome, thanks! I had a feeling it couldn't be just that easy, or someone else would have already invented it first. Thanks again for the clarification. Although, don't most wallet softwares not allow you to double spend something unless it can be RBF?

PS: I do repeat the "non-technical guy" before anyone tries to mob me

---

[...]
I know transactions with RBF can be double spent (or accelerated, call it however you like it most), but is there any other way to actually do this? CPFP is a kind of RBF, IIRC; so, if transactions that don't have RBF active can not be double spent, could hypothetically a casino run a node that is able to tell if a transaction has this activated, and in the event of it being negative, instantly credit the money with no confirmations required?