Is It Really Necessary To Wait For Confirmations?

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: malevolent on November 04, 2013, 01:25:07 AM

As for the poker or gambling, 0-conf tx can be allowed but the customer shouldn't be able to withdraw any bitcoins until the other party can verify that no double-spend occurred.

Well it is a little more complex than that. Credit card thieves frequently hit online poker room.

Deposit x BTC. Lose x BTC to an accomplice. Double spend the deposit.

OR

Deposit x BTC. Play poker if win let tx confirm, if lose double spend and try again.

malevolent

legendary

Activity: 3472

Merit: 1722

Quote from: DeathAndTaxes on November 03, 2013, 09:05:18 PM

Take humble bundle, it is a donation. If people wanted to steal it they could simply torrent the game. Very likely humble bundle could accept 0-confirm with no (or negligible) lost funds. On the other hand if you are selling a high volume low magin product and can't afford any fraud not even <1% you probably should be waiting for at least one confirm. High value tx especially the type which are highly fungible (poker deposit, exchange deposits, on blockchain gambling, etc) are much higher targets and really need confirms (often multiple).

Humble bundle uses Coinbase for handling BTC transactions and they accept 0-confirmation transactions, though I'm sure they do take some security measures, such as connecting only to trusted nodes and disallowing incoming connections.

As for the poker or gambling, 0-conf tx can be allowed but the customer shouldn't be able to withdraw any bitcoins until the other party can verify that no double-spend occurred.

LiteCoinGuy

legendary

Activity: 1148

Merit: 1014

In Satoshi I Trust

there are already shops that sell at 0 confirmations. for small amounts its okay.

TheButterZone

legendary

Activity: 3038

Merit: 1032

RIP Mommy

Quote from: DeathAndTaxes on November 03, 2013, 11:37:01 PM

Quote from: TheButterZone on November 03, 2013, 09:11:12 PM

Quote from: DeathAndTaxes on November 03, 2013, 09:05:18 PM

Quote from: TheButterZone on November 03, 2013, 09:01:50 PM

I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.

I have never seen a paying tx not confirm. Well maybe some spam dust garbage.

I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend.

The client should do that calculation for you and should never make mistakes. I have never seen the QT client neglect to include the "min mandatory fee" on tx with low priority.

I used to use brainwallet.org's source, now I use Electrum. Whenever I've talked about priority calculation needing to be a feature of all clients instead of fee being the default despite it qualifying for free, IIRC I kept being told that no client can possibly calculate priority before signing because sig sizes vary, so I just gave up asking, and work around it.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: TheButterZone on November 03, 2013, 09:11:12 PM

Quote from: DeathAndTaxes on November 03, 2013, 09:05:18 PM

Quote from: TheButterZone on November 03, 2013, 09:01:50 PM

I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.

I have never seen a paying tx not confirm. Well maybe some spam dust garbage.

I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend.

The client should do that calculation for you and should never make mistakes. I have never seen the QT client neglect to include the "min mandatory fee" on tx with low priority.

TheButterZone

legendary

Activity: 3038

Merit: 1032

RIP Mommy

https://en.bitcoin.it/wiki/Transaction_fees#Reference_Implementation

Siegfried

sr. member

Activity: 266

Merit: 250

Quote from: TheButterZone on November 03, 2013, 09:11:12 PM

Quote from: DeathAndTaxes on November 03, 2013, 09:05:18 PM

Quote from: TheButterZone on November 03, 2013, 09:01:50 PM

I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.

I have never seen a paying tx not confirm. Well maybe some spam dust garbage.

I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend.

What determines priority? Size?

adamstgBit

legendary

Activity: 1904

Merit: 1037

Trusted Bitcoiner

i figured that if you wait 30 seconds and make sure their is no double spending during these 30 seconds, their a very very good chance that the TX will be confirmed even if their is a double spend attempt afterword.

read more here:
https://bitcointalksearch.org/topic/instant-confirmation-call-it-confirmed-by-owner-302990

TheButterZone

legendary

Activity: 3038

Merit: 1032

RIP Mommy

Quote from: DeathAndTaxes on November 03, 2013, 09:05:18 PM

Quote from: TheButterZone on November 03, 2013, 09:01:50 PM

I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.

I have never seen a paying tx not confirm. Well maybe some spam dust garbage.

I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend.

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: Tirapon on November 03, 2013, 08:29:01 PM

For small transactions you probably don't need to wait. Double spend attacks are generally difficult and costly to attempt, and therefore only worthwhile for large transaction amounts.

It is very easy to attempt a double spend:

https://blockchain.info/create-double-spend

To be successful at it is another matter entirely.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: TheButterZone on November 03, 2013, 09:01:50 PM

I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee. I have never seen a paying tx not confirm. Well maybe some spam dust garbage.

For the OP. It all depends on your risk tolerance. I sold cellphone prepaid code and for repeat customers sent it with no confirm. Of a couple hundred sales never had a double spend. A lot depends on what you are selling and to who and for what reason. Take humble bundle, it is a donation. If people wanted to steal it they could simply torrent the game. Very likely humble bundle could accept 0-confirm with no (or negligible) lost funds. On the other hand if you are selling a high volume low magin product and can't afford any fraud not even <1% you probably should be waiting for at least one confirm. High value tx especially the type which are highly fungible (poker deposit, exchange deposits, on blockchain gambling, etc) are much higher targets and really need confirms (often multiple).

TheButterZone

legendary

Activity: 3038

Merit: 1032

RIP Mommy

I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Tirapon

hero member

Activity: 898

Merit: 1000

For small transactions you probably don't need to wait. Double spend attacks are generally difficult and costly to attempt, and therefore only worthwhile for large transaction amounts. The chances of losing out to a double spend on a small transaction are probably close to zero, and if its a small amount then its probably worth risking it for convenience because if you do lose out, its not very much money.

Siegfried

sr. member

Activity: 266

Merit: 250

I can understand waiting for confirmations for a very large transaction, but for small transactions it just doesn't seem necessary to me. What are the odds that after seeing the initial notification of payment received the transaction turns out to be fraudulent? How could someone commit this kind of fraud? Would it be so easy that small-time losers would spend their time trying to do this kind theft on small transactions?

Topic: Is It Really Necessary To Wait For Confirmations? (Read 1851 times)