Explain the gox transaction malleability issue like you are five - page 2.

nakaone

hero member

Activity: 742

Merit: 500

Quote from: jl2012 on February 10, 2014, 12:37:27 PM

Quote from: dynodog on February 10, 2014, 12:24:22 PM

for those who own btc with gox, it seems like the issue is going to be the extent to which gox "re-issued" bitcoin deliveries to customers bc the recipients lied and said they had not received it. if there were many double deliveries, then gox may not have the bitcoin to pay remaining owners all the bitcoin to which they are entitled. a few issues/questions come to mind:

1. why the other exchanges are not having the same problem
2. would mtgox be able to figure out which customers claimed failed delivery but lied, and were then paid twice.
3. it seems like the gox omnibus acct should net out even at the end of the day. double deliveries would raise red flags (one would think) when all has been netted

1. Gox uses a customized wallet, which is obviously faulty. Other exchanges either implement it correctly (checking the address balance), or simply use standard bitcoind

2. Yes, if they have kept all the transaction and conversation log.

3. Not sure what you mean. But if gox really double paid some customers, they are the one to absorb the loss (or they will close and run)

thanks for the great explanation - are other services outside exchanges also using this customized wallet?

ManeBjorn

legendary

Activity: 1288

Merit: 1004

So basically MTGoX made a mess and they blame it on something else to try and look like a victim instead of lazy with their own system.
Glad I did not keep any BTC there.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: dynodog on February 10, 2014, 12:24:22 PM

for those who own btc with gox, it seems like the issue is going to be the extent to which gox "re-issued" bitcoin deliveries to customers bc the recipients lied and said they had not received it. if there were many double deliveries, then gox may not have the bitcoin to pay remaining owners all the bitcoin to which they are entitled. a few issues/questions come to mind:

1. why the other exchanges are not having the same problem
2. would mtgox be able to figure out which customers claimed failed delivery but lied, and were then paid twice.
3. it seems like the gox omnibus acct should net out even at the end of the day. double deliveries would raise red flags (one would think) when all has been netted

Because other exchangers aren't being run by fairies dancing around the magical pot of bitcoins when the owner is drunk dead in the basement ?

jl2012

legendary

Activity: 1792

Merit: 1087

Quote from: dynodog on February 10, 2014, 12:24:22 PM

for those who own btc with gox, it seems like the issue is going to be the extent to which gox "re-issued" bitcoin deliveries to customers bc the recipients lied and said they had not received it. if there were many double deliveries, then gox may not have the bitcoin to pay remaining owners all the bitcoin to which they are entitled. a few issues/questions come to mind:

1. why the other exchanges are not having the same problem
2. would mtgox be able to figure out which customers claimed failed delivery but lied, and were then paid twice.
3. it seems like the gox omnibus acct should net out even at the end of the day. double deliveries would raise red flags (one would think) when all has been netted

1. Gox uses a customized wallet, which is obviously faulty. Other exchanges either implement it correctly (checking the address balance), or simply use standard bitcoind

2. Yes, if they have kept all the transaction and conversation log.

3. Not sure what you mean. But if gox really double paid some customers, they are the one to absorb the loss (or they will close and run)

dynodog

member

Activity: 97

Merit: 10

for those who own btc with gox, it seems like the issue is going to be the extent to which gox "re-issued" bitcoin deliveries to customers bc the recipients lied and said they had not received it. if there were many double deliveries, then gox may not have the bitcoin to pay remaining owners all the bitcoin to which they are entitled. a few issues/questions come to mind:

1. why the other exchanges are not having the same problem
2. would mtgox be able to figure out which customers claimed failed delivery but lied, and were then paid twice.
3. it seems like the gox omnibus acct should net out even at the end of the day. double deliveries would raise red flags (one would think) when all has been netted

jl2012

legendary

Activity: 1792

Merit: 1087

Quote from: Barek on February 10, 2014, 12:12:43 PM

Quote from: jl2012 on February 10, 2014, 12:02:49 PM

It is well known for years that a bitcoin transaction is malleable in many ways. One way is to pad some garbage in the signature. If this is done properly, the transaction is still valid. By malleability, however, you can't change the payer, payee, and the amount paid, so no one could steal others bitcoin in this way. Just like in the real world, spilling some coffee on a cheque won't invalidate it. The rightful payee will still get the money.

In the gox case, they mistakenly padded their transaction with garbage (dirt on a cheque). Although the transaction is still valid, many miners do not like garbage in transaction and refuse to confirm gox's translations. Therefore, some users try to remove the garbage (clean the cheque), and the transaction got confirmed. So the user is happy. However, as the transaction looks different now (without garbage, different hash), gox's stupid customized wallet can't realize that the transaction is already confirmed, and falsely think that the coin is unspent.

The big question is how long has this been going on and has someone actively exploited it?

This is simply gox's problem, as they shouldn't follow the transaction flow this way in the first place.

Barek

full member

Activity: 168

Merit: 100

Quote from: jl2012 on February 10, 2014, 12:02:49 PM

It is well known for years that a bitcoin transaction is malleable in many ways. One way is to pad some garbage in the signature. If this is done properly, the transaction is still valid. By malleability, however, you can't change the payer, payee, and the amount paid, so no one could steal others bitcoin in this way. Just like in the real world, spilling some coffee on a cheque won't invalidate it. The rightful payee will still get the money.

In the gox case, they mistakenly padded their transaction with garbage (dirt on a cheque). Although the transaction is still valid, many miners do not like garbage in transaction and refuse to confirm gox's translations. Therefore, some users try to remove the garbage (clean the cheque), and the transaction got confirmed. So the user is happy. However, as the transaction looks different now (without garbage, different hash), gox's stupid customized wallet can't realize that the transaction is already confirmed, and falsely think that the coin is unspent.

The big question is how long has this been going on and has someone actively exploited it?

justusranvier

legendary

Activity: 1400

Merit: 1009

Code:

2 + 3 = 5

is a mathematically true statement.

Code:

2 + 3 + 0 = 5

is mathematically true, and in fact is the same statement.

They've got different hash values though, because hash functions care about binary representations, not mathematical equivalence.

jl2012

legendary

Activity: 1792

Merit: 1087

Quote from: cp1 on February 10, 2014, 11:25:31 AM

I don't understand what getting dirt on a check means. Can you explain it like you're an adult?

It is well known for years that a bitcoin transaction is malleable in many ways. One way is to pad some garbage in the signature. If this is done properly, the transaction is still valid. By malleability, however, you can't change the payer, payee, and the amount paid, so no one could steal others bitcoin in this way. Just like in the real world, spilling some coffee on a cheque won't invalidate it. The rightful payee will still get the money.

In the gox case, they mistakenly padded their transaction with garbage (dirt on a cheque). Although the transaction is still valid, many miners do not like garbage in transaction and refuse to confirm gox's translations. Therefore, some users try to remove the garbage (clean the cheque), and the transaction got confirmed. So the user is happy. However, as the transaction looks different now (without garbage, different hash), gox's stupid customized wallet can't realize that the transaction is already confirmed, and falsely think that the coin is unspent.

cp1

hero member

Activity: 616

Merit: 500

Stop using branwallets

I don't understand what getting dirt on a check means. Can you explain it like you're an adult?

whtchocla7e

full member

Activity: 392

Merit: 116

Worlds Simplest Cryptocurrency Wallet

If you are five, you probably will not be able to explain the Bitcoin malleability issue.

The title of this thread is a huge fail.

jl2012

legendary

Activity: 1792

Merit: 1087

Quote from: il--ya on February 10, 2014, 10:39:57 AM

Quote from: jl2012 on February 10, 2014, 10:31:48 AM

A cheque with valid signature, no matter dirty or clean, is a valid cheque.

The Bitcoin Bank is a decentralized bank. Anyone with a mining rig could become part of the bank (miner). Some miners do not like dirty cheque (although they are still valid), so customers have to manually clean the cheque before they could cash it. However, this is really up to the policy of each miner.

Valid point, it's not a network rule, although it may become one at some point.
Still it's a good practice accepted nowadays in most of the "banks" and post offices - not to accept dirty receipts, which exposed those MtGox vulnerabilities.

The problem is, there is indefinite ways to alter a cheque without invalidate it. We need to live with transaction malleability and actually it's no big deal

il--ya

newbie

Activity: 47

Merit: 0

Quote from: jl2012 on February 10, 2014, 10:31:48 AM

A cheque with valid signature, no matter dirty or clean, is a valid cheque.

The Bitcoin Bank is a decentralized bank. Anyone with a mining rig could become part of the bank (miner). Some miners do not like dirty cheque (although they are still valid), so customers have to manually clean the cheque before they could cash it. However, this is really up to the policy of each miner.

Valid point, it's not a network rule, although it may become one at some point.
Still it's a good practice accepted nowadays in most of the "banks" and post offices - not to accept dirty receipts, which exposed those MtGox vulnerabilities.

jl2012

legendary

Activity: 1792

Merit: 1087

Quote from: il--ya on February 10, 2014, 10:26:43 AM

Quote from: jl2012 on February 10, 2014, 09:45:25 AM

However, some of the cheques issued by gox have dirt on them. Some customers cleaned the cheque first, then sent to Bitcoin Bank and got paid. The related gox bank account is then emptied.

One important point here is that this all was fine, as long as banks accepted both dirty and clean receipts, and dirty receipts issued by gox were actually more likely go to the bank, because all receipts are actually sent by post, and it would take significant amount of effort for the customer to intercepts those receipts and modify them.

But at some point banks have changed their policy and decided not to accept dirty receipts to prevent some forms of fraud. They simply throw them away. And that's when some customers were able to collect those rejected recepts, clean them and re-submit to make them processed (unnoticed by Gox).

A cheque with valid signature, no matter dirty or clean, is a valid cheque.

The Bitcoin Bank is a decentralized bank. Anyone with a mining rig could become part of the bank (miner). Some miners do not like dirty cheque (although they are still valid), so customers have to manually clean the cheque before they could cash it. However, this is really up to the policy of each miner.

il--ya

newbie

Activity: 47

Merit: 0

Quote from: jl2012 on February 10, 2014, 09:45:25 AM

However, some of the cheques issued by gox have dirt on them. Some customers cleaned the cheque first, then sent to Bitcoin Bank and got paid. The related gox bank account is then emptied.

One important point here is that this all was fine, as long as banks accepted both dirty and clean receipts, and dirty receipts issued by gox were actually more likely to reach the bank, because all receipts are sent by post, and it would take significant amount of effort for the customer to intercept those receipts and modify them.

But at some point banks have changed their policy and decided not to accept dirty receipts to prevent exactly this form of of fraud - modification of receipts. There are many ways to produce dirty receipt, but only way to produce clean. So they rejected them and simply throw dirty receipts away. And that's when some customers were able to collect those rejected recepts, clean them and re-submit to make them processed (unnoticed by Gox).

There is still exist a hypothetical problem of malicious banks, but it has very low impact, and will be addressed in the future bitcoin releases.

rammy2k2

legendary

Activity: 1974

Merit: 1003

nice !

jl2012

legendary

Activity: 1792

Merit: 1087

Quote from: georgeb657 on February 10, 2014, 10:04:36 AM

Great post. You should post this on reddit and some generous users may tip you a beer

Did it already: http://www.reddit.com/r/Bitcoin/comments/1xiowj/explain_the_gox_transaction_malleability_issue/

georgeb657

newbie

Activity: 9

Merit: 0

Great post. You should post this on reddit and some generous users may tip you a beer

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Good explanation. Thank you.
Now I wonder, why someone doesn't open a bank called 'The Bitcoin Bank' and operate it in a country like Germany, Finland or the other few that actually regulated bitcoin in a positive way?

leopard2

legendary

Activity: 1372

Merit: 1014

Quote from: Danglebee on February 10, 2014, 09:49:38 AM

stupid developer does no follow rule. i hungry. maybe soiled Sad

still need diapers at five? bit of a retarted kid hm?

Topic: Explain the gox transaction malleability issue like you are five - page 2. (Read 10177 times)