Author

Topic: Mt. Gox wallet bug - rumor, or reality? (Read 603 times)

legendary
Activity: 1204
Merit: 1002
February 09, 2014, 11:48:28 PM
#1
There is a claim on Reddit that the Mt. Gox wallet program has a bug. The claim is that the signature algorithm is adding extra junk zeroes to signatures, which are ignored by some, but not all, clients. These provide the opportunity for a third party to modify the transaction by removing the junk zeroes, resulting in a valid transaction with a new transaction ID, which Mt. Gox's wallet does not recognize as its own. This allows spending Bitcoins sent by Mt. Gox, while Mt. Gox's own accounting treats the transaction as failed.

This is a checkable claim. If it's true, there should be such broken transactions in Mt. Gox's transaction list. Are there?

Also, this fix is supposed to fix the problem. But it takes bytes off the end of the signature string, not the beginning.  Is that valid?
Jump to: