Pages:
Author

Topic: Explain the gox transaction malleability issue like you are five - page 3. (Read 10241 times)

member
Activity: 66
Merit: 10
I really love your explanation! Thx For it!
full member
Activity: 196
Merit: 100
stupid developer does no follow rule. i hungry. maybe soiled Sad
sr. member
Activity: 448
Merit: 250
legendary
Activity: 1792
Merit: 1111
Let's assume we have a bank called "Bitcoin Bank". People can open accounts at the bank, get an account number (bitcoin address), and send money to their account. Money is transferred with cheque.

Gox opened many accounts at the Bitcoin Bank, with many account numbers. They give one account number to one customer. By monitoring these accounts, gox will know which customer has sent money to them, and credit to their gox account

When a customer submits a withdrawal request, gox will sign a cheque for one of its accounts at the bitcoin bank. They take a photo of the cheque, and use it as an evidence of delivery. However, some of the cheques issued by gox have dirt on them. Some customers cleaned the cheque first, then sent to Bitcoin Bank and got paid. The related gox bank account is then emptied.

Unlike a traditional bank, the bitcoin bank will publish the photos of all accepted cheques. Gox compares their photo records with the public records. Since the accepted cheque looks different from the original cheque (dirt is removed), gox can't recognize it and falsely believes that the related bank accounts still have money. Therefore, when another customer requests for withdrawal, they try to sign another cheque with the now emptied bank account. The Bitcoin Bank will reject this double spending cheque, and lead to all those withdrawal issues we have seen.

Even worse, some customers find the gox's bug and try to exploit it. After they cashed the cleaned cheque, they complain to gox saying that they have not received a cheque. Since gox can't find the cheque in the record of Bitcoin Bank, they credit the bitcoin back to the customer's gox account so the customer doubled his bitcoin at the expense of gox's fund (there is NO double-spending at the Bitcoin Bank)

So gox now blames the Bitcoin Bank that it should not accept the altered but yet valid cheque.

Gox also proposes that people should not trace a cheque by comparing photo. Instead, they should trace the unique ID of each cheque, as the ID is non-modifiable. They require the Bitcoin Bank officially endorse this practice before the re-open bitcoin withdraw.

-----------------

So what is the practice of the standard bitcoin client (i.e. bitcoin-qt)? Instead of comparing the photo of cheque, bitcoin-qt actually monitors the account balance. Therefore, whether the cheque is altered is totally irrelevant.

Conclusion: Gox uses a WRONG way to trace transaction, and blame the Bitcoin Bank when everything is fucked up
Pages:
Jump to: