Ethereum Classic Replay Attack - Is this a good way to prevent it?

Minecache

legendary

Activity: 2184

Merit: 1024

Vave.com - Crypto Casino

Quote from: dinofelis on July 28, 2016, 03:17:44 PM

Quote from: Minecache on July 28, 2016, 12:29:29 PM

1. Create new address on forked chain.
2. Move ETH to new address in 1.
3. Create new address on nonforked chain.
4. Move ETC to new address in 3.

I don't know how different this is on ethereum. But you can't, as far as I know, "create a new address ON A CHAIN". You just sign a transaction to a new address, and if that transaction is valid on a chain, it will get captured and included on the chain.

Now, if you do a transaction of pre-forked ETH that is valid on both chains, to a "new address", then you will get as well your new ETH as your ETC on that new address, and your old address is not an unspend output any more. You need to do something that is NOT a valid transaction on the other chain. With ETH, you can use a contract. But without a contract, you can also obtain that if you possess some newly mined coin on one or the other chain, even in an infinitely small amount.

But note that if you have ETH in an address on the ETH chain, and ETC in the SAME address on the ETC chain, even after the fork, a signature of the ETH on the first chain will, I believe, also be a valid signature on the ETC chain, even if these are "post fork" transactions.

shyliar

hero member

Activity: 728

Merit: 500

Quote from: dinofelis on July 28, 2016, 03:12:17 PM

Quote from: shyliar on July 28, 2016, 02:56:30 PM

That is replay. What you did on one chain happened on the other. It wasn't an attack it was allowed by the code.

Exactly. I don't know why one calls that a "replay attack". If the signature is out, the transaction is executed, and as the signature is valid on both chains, the transaction is of course executed on both chains.

Naive people who think that if they only send that signature out on one network, do the transaction on one network, forget that this signature will be *published in a public block chain* and will hence also be swooped by a miner of the other chain to get the fee. But that's not an "attack", you PUBLISHED the signature.

The trick is to mix into every transaction that you only want to do on one chain, an UTXO that is only valid on one chain. Then the signature will not be accepted on the other chain. Recently mined coins can do, or of course, the DAO coins. But you need to get some, first !

Agree completely about calling it an attack. Its an integrated part of the code provided. People fail to understand that the network did not split, if a transaction is legal from the point of view of a classic node and a forked node both nodes accept the transaction.

No doubt individuals who don't understand this have already lost coins. The requirement to split coins properly should have been explained and articulated everywhere before the fork to minimize confusion. It's possible some individuals will lose thousands of dollars if not more.

dinofelis

hero member

Activity: 770

Merit: 629

Quote from: Minecache on July 28, 2016, 12:29:29 PM

1. Create new address on forked chain.
2. Move ETH to new address in 1.
3. Create new address on nonforked chain.
4. Move ETC to new address in 3.

I don't know how different this is on ethereum. But you can't, as far as I know, "create a new address ON A CHAIN". You just sign a transaction to a new address, and if that transaction is valid on a chain, it will get captured and included on the chain.

Now, if you do a transaction of pre-forked ETH that is valid on both chains, to a "new address", then you will get as well your new ETH as your ETC on that new address, and your old address is not an unspend output any more. You need to do something that is NOT a valid transaction on the other chain. With ETH, you can use a contract. But without a contract, you can also obtain that if you possess some newly mined coin on one or the other chain, even in an infinitely small amount.

But note that if you have ETH in an address on the ETH chain, and ETC in the SAME address on the ETC chain, even after the fork, a signature of the ETH on the first chain will, I believe, also be a valid signature on the ETC chain, even if these are "post fork" transactions.

dinofelis

hero member

Activity: 770

Merit: 629

Quote from: shyliar on July 28, 2016, 02:56:30 PM

That is replay. What you did on one chain happened on the other. It wasn't an attack it was allowed by the code.

Exactly. I don't know why one calls that a "replay attack". If the signature is out, the transaction is executed, and as the signature is valid on both chains, the transaction is of course executed on both chains.

Naive people who think that if they only send that signature out on one network, do the transaction on one network, forget that this signature will be *published in a public block chain* and will hence also be swooped by a miner of the other chain to get the fee. But that's not an "attack", you PUBLISHED the signature.

The trick is to mix into every transaction that you only want to do on one chain, an UTXO that is only valid on one chain. Then the signature will not be accepted on the other chain. Recently mined coins can do, or of course, the DAO coins. But you need to get some, first !

shyliar

hero member

Activity: 728

Merit: 500

Quote from: Intristing on July 25, 2016, 03:13:07 AM

Quote from: ocminer on July 25, 2016, 01:39:00 AM

No and no.

Main chain and classic chain are totally independent, you can spend separately.

But this is no 'attack' .. That's just how it is

Yesterday, I use the Classic chain to send some ETC to poloniex. I want to keep the ETH in my wallet. But the Poloniex received both the ETH and ETC to the same address.

That is replay. What you did on one chain happened on the other. It wasn't an attack it was allowed by the code.

shyliar

hero member

Activity: 728

Merit: 500

Quote from: Gramas on July 25, 2016, 12:58:56 PM

So but what happens exactly if I send my ethers using the ethereum classic chain? will the normal ethereum ones be affected?

Can someone please clarify me this, it's really making me lots of confusion!

Use a spitter contract as explained here. People are posting misleading information because they don't know.

https://blog.ethereum.org/2016/07/26/onward_from_the_hard_fork/

Note: from link " to move their ETC to a separate newly created account" if your using a copy of the same wallet you are setting yourself up for future replay. Use a new wallet.

shyliar

hero member

Activity: 728

Merit: 500

Quote from: Intristing on July 26, 2016, 02:42:45 AM

Quote from: Gramas on July 25, 2016, 12:58:56 PM

So but what happens exactly if I send my ethers using the ethereum classic chain? will the normal ethereum ones be affected?

Can someone please clarify me this, it's really making me lots of confusion!

From what I did, if you have the ETH before the hard fork, you send it after the hard fork to ETC with classic chain, it will send to the ETH chain as well.

That is what replay does. It sends to both chains.

shyliar

hero member

Activity: 728

Merit: 500

If coins existed on original chain use a split contract or risk losing your coins. Caution is advised because replay was coded in fork by design of ETH foundation.

https://blog.ethereum.org/2016/07/26/onward_from_the_hard_fork/

Minecache

legendary

Activity: 2184

Merit: 1024

Vave.com - Crypto Casino

1. Create new address on forked chain.
2. Move ETH to new address in 1.
3. Create new address on nonforked chain.
4. Move ETC to new address in 3.

Intristing

full member

Activity: 227

Merit: 100

Quote from: ?? on ??

I would wait a few days before moving my ETC.

It does not matter if you wait for a few days before you move the ETC. As long as there are two chains, there will be that problem.

Intristing

full member

Activity: 227

Merit: 100

Quote from: Gramas on July 25, 2016, 12:58:56 PM

So but what happens exactly if I send my ethers using the ethereum classic chain? will the normal ethereum ones be affected?

Can someone please clarify me this, it's really making me lots of confusion!

From what I did, if you have the ETH before the hard fork, you send it after the hard fork to ETC with classic chain, it will send to the ETH chain as well.

Gramas

member

Activity: 64

Merit: 10

So but what happens exactly if I send my ethers using the ethereum classic chain? will the normal ethereum ones be affected?

Can someone please clarify me this, it's really making me lots of confusion!

Intristing

full member

Activity: 227

Merit: 100

Quote from: ocminer on July 25, 2016, 01:39:00 AM

No and no.

Main chain and classic chain are totally independent, you can spend separately.

But this is no 'attack' .. That's just how it is

Yesterday, I use the Classic chain to send some ETC to poloniex. I want to keep the ETH in my wallet. But the Poloniex received both the ETH and ETC to the same address.

Gramas

member

Activity: 64

Merit: 10

Quote from: ocminer on July 25, 2016, 01:39:00 AM

No and no.

Main chain and classic chain are totally independent, you can spend separately.

But this is no 'attack' .. That's just how it is

Then why do people keep talking about the possibility of a replay attack?

https://github.com/ethereumclassic/README/issues/3

If I spend coins of my address in classic without moving them on the main chain, there is possibility to lose the ones on the main chain?

ocminer

legendary

Activity: 2688

Merit: 1240

No and no.

Main chain and classic chain are totally independent, you can spend separately.

But this is no 'attack' .. That's just how it is

Gramas

member

Activity: 64

Merit: 10

Ok so let's say this:

1. On the Main chain, I transfer my funds to another address

2. On the ethereum classic chain, I transfer from the same address the funds to Poloniex

3. No replay attack possible on the Main chain right?

I mean, since on the main chain the funds were already transfered to another address, the replay shouldn't be possible, is it correct?

The only way for the replay attack to succeed in this scenario on the main chain would be if I wouldn't transfer my funds to another address on the main chain, or no?

Topic: Ethereum Classic Replay Attack - Is this a good way to prevent it? (Read 1190 times)