[Note: I was in the middle of writing this when ranochigo posted. Thus some of the redundancy.]
Run a full node for validation, too. SPV and other “light” clients can be fooled by certain attacks. I don’t think an SPV node could be made to accept a “fake” transaction, in and of itself; but it could be misled onto a forkchain, which would allow feeding it a whole ledger full of fake transactions.
You are so technical and it isn't good for ordinary people.
If you don’t want technical discussion, then why are you posting in “Development &
Technical Discussion”? Ask in another forum. I dumb things down for people over there, or I stay away. Also, I personally couldn’t care less what you say is “good for ordinary people”.
But if you desire a technical education, this is an excellent place.
But i can't run a full node. Also i don't understand how a full node can detect a fake transaction before confirmations.
You never defined a “fake” transaction. I will infer a precise definition: A transaction which does one or more of (0) violating consensus rules, and/or (1) spending inputs which were already spent (
viz. a double-spend tx).
Protection against (1) is the purpose and the
only purpose of miners and “confirmation”. The technical term is that “confirmation” provides
Byzantine fault tolerance in the
ordering of transactions. Ordering is important, that is what chooses between multiple conflicting transactions in a double-spend scenario. “Byzantine fault tolerance” means in effect that untrusted and mutually untrusting parties with unreliable communications can reliably converge on a common agreement, excluding malicious cheaters.
Full protection against (0) is built into Core, which validates each and every transaction according to a stringent set of rules. Every bit and byte of each and every transaction must pass validation, or else the whole transaction is simply discarded. Full nodes also validate whole blocks of transactions, according to yet more rules; this prevents malicious miners from messing with the network. A Core node follows whichever
fully valid chain has the highest total proof-of-work.
If a transaction passes all consensus rule validation and has been “confirmed”, then by definition it is not fake.
If you can’t run a full node, then what you are saying is that you can’t have full validation. There’s no magical means to wave that away. The better light clients (such as
Electrum) are good enough for most light consumer use; but they will never have the security of a Core node.
I haven’t bothered to pick that apart and see what’s going on. But as kahc noted, it’s probably just exploiting a bug in blockchain.info’s (notoriously buggy) software. Solution: Run Core.
If you’re worried about unconfirmed transactions, well—you should be. Wait for confirmation. Unconfirmed transactions are insecure; they could turn out to be “fake” in the sense of a being overridden with a double-spend. That’s why the process of confirming transactions exists in the first place!
Double-spend isn't big problem here.
I can detect it by checking final balance and last transactions of sender address that all it's transactions are confirmed.
The
only way to protect against double-spends is with confirmations.
Unconfirmed transactions are never safe. They always have some possibility of being overridden with a double-spend. It is impossible that you could “detect” that; and if there were such a way, we wouldn’t need miners. Whatever you are doing, it is not achieving what you suppose.
Also, if it is not a Segwit transaction, then before confirmation there is the tx malleability issue to worry about. Segwit fixes tx malleability.
I don't understand it. all BTC transactions after 1st aguest 2017 are Segwit, aren't?
Segwit, which activated 24th August 2017 at Block #481824, was a “softfork”. It still permits old-style transactions. Indeed, if your address starts with a “1”, then you are still sending non-Segwit transactions
and vastly overpaying in fees. This is important if you want to save on fees (and also help the network), so I will briefly explain.
Oversimplifying a bit: Whether or not a transaction is a Segwit tx is determined by the address of the
sender. So if you want to send Segwit tx and get a sharp fee discount, you need to use a Segwit address. There are two kinds of Segwit addresses:
- Backwards-compatible P2WPKH-nested-in-P2SH addresses, such as the one in my signature: 36finjay27E5XPDtSdLEsPR1RypfhNW8D8. These start with a “3”; but not all addresses starting with a “3” are Segwit addresses (just as all dogs are animals, but not all animals are dogs). There is no way to distinguish whether or not a “3” address is Segwit, just by looking at it. These addresses have some disadvantages, but one important advantage: Every Bitcoin client made in the past few years can send money to them.
- Bech32 addresses, which I call “Bravo Charlie One” addresses because they always start with “bc1”. Those look like this: bc1qnym7k9hfl77zgrstcrjhphm0llne5j4w0m3fuu That’s the Bitcoin address of the future, redesigned with error-correcting codes and no upper/lowercase distinction. But Bech32 has one temporary disadvantage: Only people who have upgraded to the newest software can send money to it. I want people to send me money, so I’m still using nested P2SH; I hope to switch to Bech32 in about 6–12 months.
I do services and get BTC from people for it. I can't wait 5 days for confirmations. Bitcoin is not user-friendly any more. I think I should choose another coin very soon
Ok, bye! Don’t let the door hit your butt on the way out.
Bitcoin doesn’t need you. Big money is now involved, and big money is competing with itself. I am perpetually amused by how people don’t realize that even if you’re a “whale”, you need Bitcoin and Bitcoin does not need you. You’re not doing Bitcoin any favours.
So sell now, SELL SELL SELL, dump your BTC, and go away. You will be crying a few years from now, when the 2017 market looks like the 2012 market does now. But by then, it will be too late; and neither Bitcoin nor I will give a damn what happens to you.
I’m happy to help people who love Bitcoin. I volunteer many hours of my time explaining how to get an
instant fee discount with Segwit, how to generate nested P2SH Segwit addresses with the popular Electrum wallet, etc., etc. See above! But if you “choose another coin very soon”, I will be pleased to laugh at your future regrets.