Pages:
Author

Topic: MtGox blames Bitcoin protocol problem for BTC withdrawal issue - page 5. (Read 15254 times)

legendary
Activity: 1484
Merit: 1005
Does all that mean, the dream of 100% uncompromisable P2P transfer is over? Does it mean an additional check by a quasi central authority is needed to augment security? I would appreciate an answer in layman terms.

No. Everything is just the same

Let say bitcoin transaction is like a banknote. You can write something on a banknote but the note itself is still valid. When gox sending a banknote to its customer, they take a picture of the note, and use the picture of the note as an evidence of delivery. Some customer, however, write something on the note when they get it from gox, and claim they have not received the note. Since the note looks different from the photo, gox can't recognize it and wrongly believes that the note is not delivered, and send another note to the customer (so the customer gets double paid by exploiting the gox's bug). Since gox believe the original said note is not spent, they try to send it to a different customer. Of course this won't work and led to all those bitcoin withdraw problem we have seen.

So gox now proposes to use a different method to track the banknote. Instead of taking a photo, they propose to use the unique serial number on every note for tracking propose.

Bitcoin is still the bitcoin we know yesterday

Following this analogy how do other exchanges tackle this problem?

Understand the protocol before you write software for it...
legendary
Activity: 1008
Merit: 1000
Making money since I was in the womb! @emc2whale
I think that the market need to swith to another Altcoin like LTC or QRK

I agree. Mostly because I hold many of both coin and would love to see a jump in price.
full member
Activity: 126
Merit: 100
I think that the market need to swith to another Altcoin like LTC or QRK
hero member
Activity: 836
Merit: 1030
bits of proof
that would not spot modifications e.g. through removing/altering an unused push from script.

? Any modification that changes the signing hash would invalidate the signature.

Input scripts are not in the signature hash, otherwise signature would have to sign itself.
In n-out-of-m multi signature one can even have any garbage in place of signatures not needed to verify.
hero member
Activity: 1316
Merit: 503
Someone is sitting in the shade today...
How you want to verify transaction went trough?

Just check blockchain.info - it's trivial to find transaction knowing source and destination address, amount and approximate time. Least to say they have a signature and can look for it without the need for any tricks with hashing which they mentioned in their statement.

Yes, It's not a technical issue mtgox is trying to solve but liquidity/price related.  The news release is a sham just like their past usd halt release to fix "technical issues" when it turned out the us government froze their us bank assets as the real reason.
legendary
Activity: 1792
Merit: 1111
Does all that mean, the dream of 100% uncompromisable P2P transfer is over? Does it mean an additional check by a quasi central authority is needed to augment security? I would appreciate an answer in layman terms.

No. Everything is just the same

Let say bitcoin transaction is like a banknote. You can write something on a banknote but the note itself is still valid. When gox sending a banknote to its customer, they take a picture of the note, and use the picture of the note as an evidence of delivery. Some customer, however, write something on the note when they get it from gox, and claim they have not received the note. Since the note looks different from the photo, gox can't recognize it and wrongly believes that the note is not delivered, and send another note to the customer (so the customer gets double paid by exploiting the gox's bug). Since gox believe the original said note is not spent, they try to send it to a different customer. Of course this won't work and led to all those bitcoin withdraw problem we have seen.

So gox now proposes to use a different method to track the banknote. Instead of taking a photo, they propose to use the unique serial number on every note for tracking propose.

Bitcoin is still the bitcoin we know yesterday


Following this analogy how do other exchanges tackle this problem?

I have a better analogy here and also answered your question: https://bitcointalksearch.org/topic/explain-the-gox-transaction-malleability-issue-like-you-are-five-458386
legendary
Activity: 1190
Merit: 1001
This is *withdrawals* from mt gox....under their current system they track withdrawals that they sent to users via the transaction hash.  Which is apparently a f***** way to track them.  So they should track the withdrawals via the input/output/amount instead.

It's impossible that two withdrawals would have the same inputs/outputs; provided that mt gox use change addresses.
How is it impossible?

MtGox doesn't control the destination address, so that can be the same.

For MtGox to control the origin address it means they would have to spam the blockchain with internal transfers to intermediate addresses (that they could change) for withdrawals, so that a given address is only used once for a given amount in a given time-frame.

By default an address is only used once, the entire balance on the address is spent and any leftover coins are returned to a new change address.  Mt Gox has literally millions of addresses.  Address can be used once then discarded.  This is not "spamming the blockchain" this is just the way bitcoin works by design.

It's trivial for them to discard used change addresses.

It's very easy for them to ensure that the same inputs/outputs/amount are never used more than once.
legendary
Activity: 1100
Merit: 1032
You seem to totally be missing the point here.  This does not affect mt gox deposits at all.
Which is exactly what I said  Grin

This is *withdrawals* from mt gox....under their current system they track withdrawals that they sent to users via the transaction hash.  Which is apparently a f***** way to track them.  So they should track the withdrawals via the input/output/amount instead.

It's impossible that two withdrawals would have the same inputs/outputs; provided that mt gox use change addresses.
How is it impossible?

MtGox doesn't control the destination address, so that can be the same.

For MtGox to control the origin address it means they would have to spam the blockchain with internal transfers to intermediate addresses (that they could change) for withdrawals, so that a given address is only used once for a given amount in a given time-frame.
Elo
newbie
Activity: 14
Merit: 0
Or - How do you get this Hash ?

Calculate it according to transaction signing rules, which are tricky. (But are implemented in the reference client, so you can copy that.)

that would not spot modifications e.g. through removing/altering an unused push from script.

? Any modification that changes the signing hash would invalidate the signature.
newbie
Activity: 38
Merit: 0
I'm expecting the next note from MtGox to read something along the lines of "Thank you everyone for your patience while we drove down the market price.  Thank you also for selling so cheap, we are now able to process withdrawls because we bought so cheaply on bitstamp.  Again thank you and sorry we forgot the lube, but at least we only put in the tip this time."

Haha! Lightened up my afternoon slightly. Smiley
hero member
Activity: 836
Merit: 1030
bits of proof
Transactions are malleable. Deal with it. If a transaction is observed on the network that has the same input outpoints and the same outputs, it is the same transaction, and mtgox should treat it as such. This is a simple check to do, and trivial to automate.

The trivial fix it to use the hash which is used for signing as a transaction identifier. Should be fine for all standard transactions.

that would not spot modifications e.g. through removing/altering an unused push from script.

The simple solution is to know what coins (UTXO) one owns and recognize if they are spend no matter with what hash.
hero member
Activity: 718
Merit: 545
Transactions are malleable. Deal with it. If a transaction is observed on the network that has the same input outpoints and the same outputs, it is the same transaction, and mtgox should treat it as such. This is a simple check to do, and trivial to automate.

The trivial fix it to use the hash which is used for signing as a transaction identifier. Should be fine for all standard transactions.

Is it possible to get this hash value from bitcoind ?

Or - How do you get this Hash ?
newbie
Activity: 40
Merit: 0
5) Exploiters "fixed" those transactions

thats the point  Grin
newbie
Activity: 47
Merit: 0
Here is the link to the thread, where the patch addressing malleability was discussed:
https://bitcointalksearch.org/topic/new-attack-vector-8392

The whole MtGox goxing was only possible because:
1) They were issuing transactions with sloppy signature format
2) This was accepted by the network for some time
3) New bitcoin client with tightened rules was released
4) Their sloppy transactions started being rejected
5) Exploiters "fixed" those transactions
6) MtGox sloppy software didn't notice transaction went through
7) Mt-gox sloppy software didn't notice output's were spent (making them unaware that they lose coins). It didn't even lock outputs which are used in pending transactions!!
Cool MtGox incompetent customer support resubmitted transactions manually without looking into issue and alarming developers. Or maybe they did, but developers were too busy/confident/not able to fix the problem.

Overall: MtGox are incompetent bunch of liers
hero member
Activity: 836
Merit: 1030
bits of proof
This is how one could have played the attack on Gox:

You need:

1. Some sizable Bitcoin deposit at Gox
2. A program that grabs the withdraw Gox sends, modifies it such that economics is the same but hash different, then re-sends.
3. Accounting system and Customer Support at Gox, that is incompetent to spot that it gets robbed.

I think 1. can be arranged and 3. is given, for 2 you need some skill and a direct link to some mining pools to increase the chances the altered transaction gets to them quicker than Gox's original. 

4. Some luck and repeat

I Guess Gox was robbed over a longer period of time systematically and they were incompetent enough not to notice it until there were really no coins left.
newbie
Activity: 47
Merit: 0
Maybe they were incompetent enough not to spot the attack for a longer time, automatically resubmitting same withdrawals again and again until they discovered that they are bankrupt.

I have spotted before withdrawals going as far back as 10 November 2013.
http://www.reddit.com/r/Bitcoin/comments/1x4yqe/mtgox_btc_withdrawal_doublespending/

So.. one can only guess.

Update: ah, yes, and that's another lie in their filthy statement, that this has only started in the end of January.
newbie
Activity: 47
Merit: 0
I'm expecting the next note from MtGox to read something along the lines of "Thank you everyone for your patience while we drove down the market price.  Thank you also for selling so cheap, we are now able to process withdrawls because we bought so cheaply on bitstamp.  Again thank you and sorry we forgot the lube, but at least we only put in the tip this time."

They buy cheaply on MtGox. Bitstamp is pricey. So they 1) reduce the number of their BTC liabilities 2) cover the remaining liabilities with cheap coins.
legendary
Activity: 1974
Merit: 1003
I'm expecting the next note from MtGox to read something along the lines of "Thank you everyone for your patience while we drove down the market price.  Thank you also for selling so cheap, we are now able to process withdrawls because we bought so cheaply on bitstamp.  Again thank you and sorry we forgot the lube, but at least we only put in the tip this time."

ROFL ... exactly what i was thinking
newbie
Activity: 26
Merit: 0
I'm expecting the next note from MtGox to read something along the lines of "Thank you everyone for your patience while we drove down the market price.  Thank you also for selling so cheap, we are now able to process withdrawls because we bought so cheaply on bitstamp.  Again thank you and sorry we forgot the lube, but at least we only put in the tip this time."
legendary
Activity: 1022
Merit: 1033
Transactions are malleable. Deal with it. If a transaction is observed on the network that has the same input outpoints and the same outputs, it is the same transaction, and mtgox should treat it as such. This is a simple check to do, and trivial to automate.

The trivial fix it to use the hash which is used for signing as a transaction identifier. Should be fine for all standard transactions.
Pages:
Jump to: