Author

Topic: Is It Really Necessary To Wait For Confirmations? (Read 1853 times)

donator
Activity: 1218
Merit: 1079
Gerald Davis
As for the poker or gambling, 0-conf tx can be allowed but the customer shouldn't be able to withdraw any bitcoins until the other party can verify that no double-spend occurred.

Well it is a little more complex than that.  Credit card thieves frequently hit online poker room.

Deposit x BTC.  Lose x BTC to an accomplice.  Double spend the deposit.

OR

Deposit x BTC.  Play poker if win let tx confirm, if lose double spend and try again.
legendary
Activity: 3472
Merit: 1724
Take humble bundle, it is a donation.  If people wanted to steal it they could simply torrent the game.  Very likely humble bundle could accept 0-confirm with no (or negligible) lost funds.  On the other hand if you are selling a high volume low magin product and can't afford any fraud not even <1% you probably should be waiting for at least one confirm.   High value tx especially the type which are highly fungible (poker deposit, exchange deposits, on blockchain gambling, etc) are much higher targets and really need confirms (often multiple).

Humble bundle uses Coinbase for handling BTC transactions and they accept 0-confirmation transactions, though I'm sure they do take some security measures, such as connecting only to trusted nodes and disallowing incoming connections.

As for the poker or gambling, 0-conf tx can be allowed but the customer shouldn't be able to withdraw any bitcoins until the other party can verify that no double-spend occurred.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
there are already shops that sell at 0 confirmations. for small amounts its okay.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.   

I have never seen a paying tx not confirm.   Well maybe some spam dust garbage. 

I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend.

The client should do that calculation for you and should never make mistakes.   I have never seen the QT client neglect to include the "min mandatory fee" on tx with low priority.

I used to use brainwallet.org's source, now I use Electrum. Whenever I've talked about priority calculation needing to be a feature of all clients instead of fee being the default despite it qualifying for free, IIRC I kept being told that no client can possibly calculate priority before signing because sig sizes vary, so I just gave up asking, and work around it.
donator
Activity: 1218
Merit: 1079
Gerald Davis
I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.  

I have never seen a paying tx not confirm.   Well maybe some spam dust garbage.  

I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend.

The client should do that calculation for you and should never make mistakes.   I have never seen the QT client neglect to include the "min mandatory fee" on tx with low priority.
sr. member
Activity: 266
Merit: 250
I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.   

I have never seen a paying tx not confirm.   Well maybe some spam dust garbage. 

I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend.

What determines priority? Size?
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
i figured that if you wait 30 seconds and make sure their is no double spending during these 30 seconds, their a very very good chance that the TX will be confirmed even if their is a double spend attempt afterword.


read more here:
https://bitcointalksearch.org/topic/instant-confirmation-call-it-confirmed-by-owner-302990
legendary
Activity: 3038
Merit: 1032
RIP Mommy
I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.   

I have never seen a paying tx not confirm.   Well maybe some spam dust garbage. 

I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend.
legendary
Activity: 3710
Merit: 1586
For small transactions you probably don't need to wait. Double spend attacks are generally difficult and costly to attempt, and therefore only worthwhile for large transaction amounts.

It is very easy to attempt a double spend:

https://blockchain.info/create-double-spend

To be successful at it is another matter entirely.
donator
Activity: 1218
Merit: 1079
Gerald Davis
I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).

Or ensure the sender paid a fee.   I have never seen a paying tx not confirm.   Well maybe some spam dust garbage.  


For the OP.  It all depends on your risk tolerance.  I sold cellphone prepaid code and for repeat customers sent it with no confirm.  Of a couple hundred sales never had a double spend.   A lot depends on what you are selling and to who and for what reason.  Take humble bundle, it is a donation.  If people wanted to steal it they could simply torrent the game.  Very likely humble bundle could accept 0-confirm with no (or negligible) lost funds.  On the other hand if you are selling a high volume low magin product and can't afford any fraud not even <1% you probably should be waiting for at least one confirm.   High value tx especially the type which are highly fungible (poker deposit, exchange deposits, on blockchain gambling, etc) are much higher targets and really need confirms (often multiple).
legendary
Activity: 3038
Merit: 1032
RIP Mommy
I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).
hero member
Activity: 898
Merit: 1000
For small transactions you probably don't need to wait. Double spend attacks are generally difficult and costly to attempt, and therefore only worthwhile for large transaction amounts. The chances of losing out to a double spend on a small transaction are probably close to zero, and if its a small amount then its probably worth risking it for convenience because if you do lose out, its not very much money.
sr. member
Activity: 266
Merit: 250
I can understand waiting for confirmations for a very large transaction, but for small transactions it just doesn't seem necessary to me. What are the odds that after seeing the initial notification of payment received the transaction turns out to be fraudulent? How could someone commit this kind of fraud? Would it be so easy that small-time losers would spend their time trying to do this kind theft on small transactions?
Jump to: