Author

Topic: Perhaps a DoS flaw? (Read 8707 times)

legendary
Activity: 1708
Merit: 1010
August 24, 2010, 07:20:58 PM
#18
Ok half of you guys dont quite fully get it.  Tongue


I understood what you were trying to say, but I don't understand why you think that this is a security issue.  From what I can tell, there is no reason, good or bad, to do such a thing; so there is no good reason to code a prohibition.
newbie
Activity: 13
Merit: 0
August 24, 2010, 07:00:37 PM
#17
Ok half of you guys dont quite fully get it.  Tongue

You can send coins from 19yScEhNciCzRsMF1ZECC4Y584rN9Z1dgo to 19yScEhNciCzRsMF1ZECC4Y584rN9Z1dgo.
That is, for some reason, a valid transaction.

I dont mean sending from one address to a different address that you also control, but using the same address.

The transaction fees do eventually kick in, but its a little silly anyway.
sr. member
Activity: 294
Merit: 252
Firstbits: 1duzy
August 24, 2010, 03:55:49 AM
#16
No-one knows which addresses you control so there is no way of telling if you are sending to yourself anyway.
I remember having read something on this forum saying that transfers to self are signed differently, what would allow to identify them.
But I don't know if it's true.
They are, (this is bad,) but you can get around it by using another computer with a different wallet file.
legendary
Activity: 1106
Merit: 1004
August 24, 2010, 03:47:36 AM
#15
No-one knows which addresses you control so there is no way of telling if you are sending to yourself anyway.

I remember having read something on this forum saying that transfers to self are signed differently, what would allow to identify them.
But I don't know if it's true.
sr. member
Activity: 294
Merit: 252
Firstbits: 1duzy
August 24, 2010, 03:36:40 AM
#14
Erm I just accidentally sent Bitcoins to myself. It currently has 18 confirmations and the client actually says 'Payment to yourself'.

Couldnt someone make blocks very very large by doing it repeatedly?
It would take a few seconds to make a endless bash loop doing it.

Why can you send coins to yourself?

Why should you not be able to send coins to yourself? No-one knows which addresses you control so there is no way of telling if you are sending to yourself anyway.

I encourage you to do this and try to break the Test network.

Good luck!
legendary
Activity: 1106
Merit: 1004
August 24, 2010, 02:53:19 AM
#13
Oh yes, and I forgot, currently the client demands transaction fees for big blocks. So, if you try this, you'll have to pay for it.
legendary
Activity: 1106
Merit: 1004
August 24, 2010, 02:51:10 AM
#12
Couldnt someone make blocks very very large by doing it repeatedly?
It would take a few seconds to make a endless bash loop doing it.

I suppose that as soon as transactions fees start to be demanded, that might become "expensive" to do.
And I think the only reason such fees aren't charged right now, it's because the only client that exists doesn't give the user the option to demand them.
So, if bitcoins ever get popular, I believe all transactions would have to pay a fee. Maybe tiny, but something.

Why can you send coins to yourself?

Maybe to merge/split your money among different addresses.

Or another more practical example, suppose your laptop is stolen, and your wallet.dat is in it. If you have a backup, you'd better use it soon to transfer everything to a new address of your own, which is not on the stolen wallet.dat, before the thief does it.
legendary
Activity: 1246
Merit: 1016
Strength in numbers
August 24, 2010, 02:21:59 AM
#11
the time delay that will cause for the transactions to show up in the blockchain would limit your abilities. 

If you send .0000001 bitcoins with each transaction, then starting with a balance of 1000.0 bitcoins would allow you to do quite a few transactions while you are waiting on the others to mature.

So is there simply nothing currently in place to stop a bit-flood?


We all charge a fee of .01 for transfers less than .01 right now. Not that that changes the issue fundamentally, just stating it.
hero member
Activity: 532
Merit: 505
August 23, 2010, 08:44:35 PM
#10
are your sure about that? idk, never tried.
Just did it again. You can definitely send money to the same address you are sending from.
u did what again?
how do you know, which of your addresses holds exactly those coins your sending?

what does your logfile say?

guess i'm gonna load a fresh install and try myself  Grin

here's another topic about flood-attacks btw, lots of questions already answered
https://bitcointalksearch.org/topic/flood-attack-000000001-bc-287
newbie
Activity: 13
Merit: 0
August 23, 2010, 08:36:33 PM
#9
are your sure about that? idk, never tried.
Just did it again. You can definitely send money to the same address you are sending from.
newbie
Activity: 32
Merit: 0
August 23, 2010, 08:32:10 PM
#8
the time delay that will cause for the transactions to show up in the blockchain would limit your abilities. 

If you send .0000001 bitcoins with each transaction, then starting with a balance of 1000.0 bitcoins would allow you to do quite a few transactions while you are waiting on the others to mature.

So is there simply nothing currently in place to stop a bit-flood?
hero member
Activity: 532
Merit: 505
August 23, 2010, 08:24:03 PM
#7
You can send from address ABC to ABC right now which is what I did.
are your sure about that? idk, never tried.

maybe you sent it from ABC to YTG and your GUI just didnt tell ya about YTG,
it says "to yourself" instead, cuz it knows its on the same node.

check your log, it'll tell ya.
newbie
Activity: 13
Merit: 0
August 23, 2010, 08:13:22 PM
#6
You could create the same problem with two clients and a script running on each.
But one is easier, and the question is why would you send coins to your own address?
It probably shouldnt be allowed.
your node splits up the 10coin-transaction into 2, 5coin-transaction to recipient + 5coin-transaction to yourself.
you not only can, the node has to send coins to yourself.
Thats something I didnt quite know, but the interface probably shouldnt allow it.
without leaving the node.
But using different addresses. You can send from address ABC to ABC right now which is what I did.
legendary
Activity: 1708
Merit: 1010
August 23, 2010, 08:10:49 PM
#5
Go ahead and try it.  I'm willing to bet that the transaction fee for large numbers of transactions is going to eat into your balance enough to discourage you from continuing.  And if you refuse the transaction fees, the time delay that will cause for the transactions to show up in the blockchain would limit your abilities.  I'm sure that it would effect the network, but you won't go unnoticed, either.
legendary
Activity: 1246
Merit: 1016
Strength in numbers
August 23, 2010, 08:08:05 PM
#4
Tiny transaction fees will stop a flood attack. Erm, I guess a flooder is in no hurry and as long as someone eventually does them for free, large blocks will be created.
hero member
Activity: 532
Merit: 505
August 23, 2010, 07:58:50 PM
#3
when u receive 10 coins, and send 5 of em to someone else (another node),
you will also send 5 coins to yourself, without even noticing.

your node splits up the 10coin-transaction into 2, 5coin-transaction to recipient + 5coin-transaction to yourself.
you not only can, the node has to send coins to yourself.

another reason is,
someone else might have access to the address your sending coins to.
imagine services like MyBitcoin, or the markets, they all need to store your funds somewhere and can send balances from one account to another instantly (although transactions still need to get confirmed), without leaving the node.
newbie
Activity: 32
Merit: 0
August 23, 2010, 07:48:17 PM
#2
Erm I just accidentally sent Bitcoins to myself. It currently has 18 confirmations and the client actually says 'Payment to yourself'.

Couldnt someone make blocks very very large by doing it repeatedly?
It would take a few seconds to make a endless bash loop doing it.

Why can you send coins to yourself?

You could create the same problem with two clients and a script running on each.  The real question that concerns me is:  What happens if someone creates software to create trillions of transactions?  If older transactions are not removed from the transaction chain, then it appears there is a denial of service flaw.
newbie
Activity: 13
Merit: 0
August 23, 2010, 07:38:53 PM
#1
Erm I just accidentally sent Bitcoins to myself. It currently has 18 confirmations and the client actually says 'Payment to yourself'.

Couldnt someone make blocks very very large by doing it repeatedly?
It would take a few seconds to make a endless bash loop doing it.

Why can you send coins to yourself?
Jump to: