Author

Topic: [FIX on the way] Flaw with fee calculation on strongcoin. (Read 3593 times)

full member
Activity: 156
Merit: 100
Firstbits: 1dithi
In fact, Strongcoin is a modified version of Diaspora integrated with Electrum lightweight Bitcoin client  Huh

I have no idea, and I don't know if they fixed the problem. I haven't used strongcoin since I opened this thread. I use blockchain.info and the official client importing the keys with pywallet.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
In fact, Strongcoin is a modified version of Diaspora integrated with Electrum lightweight Bitcoin client  Huh
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
Hi DiThi,

I have been unable to replicate this using blockchain.info. What browser and OS are you using? Could you please confirm the exact steps to replicate the bug and if possible include a screenshot of the transaction confirmation dialog.

For example this transaction of 0.999999 appears to be constructed correctly.

You are right. I was about to send you an example but there was an error on my part when interpreting the tx. Thumbs up for such a great web app.

By the way, it says "A 1% or 0.01 BTC fee is charged on all outgoing transactions". 0.01 is the minimum? Fix the text to make it clear.
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
Add BitcoinSpinner to your list of client-side wallets. Forum thread: https://bitcointalksearch.org/topic/ann-bitcoinspinner-52674

I was talking about "online" wallets, i.e. web browser based wallets. I use BitcoinSpinner as well and it's great!

By the way, blockchain.info is down the last times I've tried to access, and I need a private key I forgot to backup :/ It's up again.
Jan
legendary
Activity: 1043
Merit: 1002
Strongcoin. They sent me the missing 10 BTC and they're trying to fix the problem.

Also blockchain.info is affected (and maybe other bitcoinJS wallets), but as I said, you can review the transaction before sending it, so it's not a problem.

Clien-side online wallets are much more secure than server side ones. Don't ever use server-side wallets (such as the infamous and now extinct mybitcoin). The only client-side wallets I know are Strongcoin, Blockchain.info and Bitventory (this one may be more secure since the author can't change the code without you knowing it). None of them can access your private keys.
Add BitcoinSpinner to your list of client-side wallets. Forum thread: https://bitcointalksearch.org/topic/ann-bitcoinspinner-52674
hero member
Activity: 910
Merit: 1005
Edit: A fix is in the way!

A friend of mine sent 0.99999999 BTC with StrongCoin and the fee has been 10 BTC (in theory it should be 1%, 0.005 min, 1 max).

With blockchain.info, trying to do that yelds even weirder results, but hopefully that wallet is so great it lets you review all the details of the transaction before sending it.

Please, fix it!

And to the rest of the people: don't try that at home! Well, can someone try sending something like 0.00999999 to test?

Hi DiThi,

I have been unable to replicate this using blockchain.info. What browser and OS are you using? Could you please confirm the exact steps to replicate the bug and if possible include a screenshot of the transaction confirmation dialog.

For example this transaction of 0.999999 appears to be constructed correctly.

full member
Activity: 156
Merit: 100
Firstbits: 1dithi
None of them can access your private keys.

The problem is that if any of these sites are compromised by attackers, and the attackers change the scripts in these pages so that they can access your private keys, this will have been a false sense of security.  Attackers gaining access to change html pages is actually a fairly common occurrence, so it's a realistic threat to be aware of.

It's much more difficult than directly accessing unencrypted keys, but I agree, it's a threat. Is there a browser plugin or userscript that guarantees that the code in a page hasn't changed? Or something that allows digitally signing HTML and JS.
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
Sorry, misleading title tag. Don't try until they confirm it's fixed.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
This is NOT fixed!

I just sent 0.99999999 from my StrongCoin account and the transaction went as follows:

0.99999999 Sent
0.99999999 StrongCoin Fee
0.99999999 Miner Fee
------------
2.99999997 TOTAL

This should have been

0.99999999 Sent
0.00500000 StrongCoin Fee
0.00500000 Miner Fee
------------
1.00999999 TOTAL

I was overcharged 1.9899998 BTC

I have contacted StrongCoin.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
None of them can access your private keys.

The problem is that if any of these sites are compromised by attackers, and the attackers change the scripts in these pages so that they can access your private keys, this will have been a false sense of security.  Attackers gaining access to change html pages is actually a fairly common occurrence, so it's a realistic threat to be aware of.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
I will give it a try with my strongcoin account.
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
Strongcoin. They sent me the missing 10 BTC and they're trying to fix the problem.

Also blockchain.info is affected (and maybe other bitcoinJS wallets), but as I said, you can review the transaction before sending it, so it's not a problem.

Clien-side online wallets are much more secure than server side ones. Don't ever use server-side wallets (such as the infamous and now extinct mybitcoin). The only client-side wallets I know are Strongcoin, Blockchain.info and Bitventory (this one may be more secure since the author can't change the code without you knowing it). None of them can access your private keys.
hero member
Activity: 504
Merit: 500
wht software are you refering to that your friend input this amount into and was told there would be a 10BTC fee?
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
Edit: A fix is on the way!

A friend of mine sent 0.99999999 BTC with StrongCoin and the fee has been 10 BTC (in theory it should be 1%, 0.005 min, 1 max).

With blockchain.info, trying to do that yelds even weirder results, but hopefully that wallet is so great it lets you review all the details of the transaction before sending it. blockchain.info is not affected at all, it was an error on my part.

Please, fix it!

And to the rest of the people: don't try that at home! Well, can someone try sending something like 0.00999999 to test?
Jump to: