Topic: someone fucked up and lost ALOT of money - page 3. (Read 30476 times)

I don't think Bitcoin Central has been compromised either, or has it?  Free software as well. :-)

Ultimately these coins are gone. Since more coins have been mined since then, any work to evict the transaction from the blockchain would do more damage to miners.

Imagine this were 500000 BTC and every MtGox user were at risk of a major loss. (which would certainly hit the news and damage the community).

A feature that allowed a miner to vote out a block or a transaction would be valuable. If 50%+ did it, the error would simply vanish. Democracy at work. But it would only work if that 50% voted immediately.

Keep in mind in this discussion, that once you go outside the scope of isStandard(), there is really no computationally-feasible way to evaluate if a script is "invalid" like this.  Sure, you could've written error-checking to catch the case that you accidentally plugged OP_0 in between OP_HASH160 and OP_EQUALVERIFY... but there's literally an infinity of other ways you could create an invalid transaction that wouldn't be caught by that condition.

How is the client supposed to know that a non-std script is invalid?  Try every possible TxIn-script -- all 256^200 scripts less than 200 bytes?  What if he had a valid script but accidentally plugged in all 20 '0x00' bytes instead of the target hash?  Or accidentally reversed the endian of the target address before signing?  Added or truncated a byte by accident?  Hashed one too many times?   Sure, you can catch some of these if you clutter your codebase with dozens of validation checks... but there's still billions of other feasible ways to create invalid scripts that just cannot be caught no matter if you have a billion checks.

Just as an example:  what if you accidentally reversed the hash of the target address?   The target "address" is actually just a hash of a public-key and no one knows whether there even is a public key that exists to match that address.  the BE and LE version of the same address are completely indistinguishable to someone who doesn't have the public key that created it.  You only know there is a public key when someone actually supplies it to spend the TxOut.  But until that happens, it is literally impossible (without trying all 2^256 private keys) to know whether that TxOut is spendable.

The way I understand it, these transactions were nonstandard enough that normal miners and clients would already refuse to relay or process them (but will accept them in a mined block). And that the only way these got into a block was that he teamed up with Luke-Jr's Eligius mining pool which has been modified to explicitly allow these nonstandard transactions for a fee (or other negotiated arrangement).

Unless he was using a totally nonstandard bitcoin client AND wallet.dat

https://bitcointalksearch.org/topic/pywallet-22-manage-your-wallet-update-required-34028

Exactly.  Current there is very little "high level" support for BTC protocol.  That is easy to understand why since it is young and in flux but just as people don't construct TCP/IP packets by hand or contstruct binary VISA interchange packets by hand in the future nobody will with Bitcoin either.

Eventually high level libraries will emerge (.net, python, php, java, C++, etc) that encapsulate error checking, validation in a higher level, more abstract, and more developer safe manner.

Something like (C# .Net)

I would be against any effort to put additional "spendability" checking into the main client.  The domain of possible transactions that are unspendable would be too large for that to be effective in any general way.  Sure, you could catch this particular form if it ever happened again, but you may as well call that rule the "mtgox screw up #214" rule...and it's highly unlikely that such a rule would ever catch a transaction in the future (because mtgox will have fixed the problem and it's unlikely that anyone else would create an unspendable transaction like this in the future).  With such rules, you are also making assumptions about the creator of the transaction that they didn't want to destroy coins.  You would also be altering what constitutes a valid transaction (and hence effectively changing the language).

If anything, create a toolkit outside the main client that tells you whether a transaction conforms to a handful of explicitly defined transaction types.  This is what mtgox should have had in place in their system (and ideally written by someone other than the person that built the code to produce their transactions).

I don't think it's plausible to expect we could prevent screw-ups by blacklisting scripts. What are the chances that the same mistake will be made ever again? Next time it will be some other unforeseen error. And if you use heuristics for filtering, then what if there is a bug in the filter itself? I'm mostly impartial though, just not convinced about the usefulness of adding this particular mistake to the protocol specification. (I guess others wrote the very same reply.)

I guess I agree with you guys now, although it doesn't feel right hoping for people to screw up so my coins can be worth more...

There is no validator.  I'm saying it would be nice if there was one for people writing their own software.  It might keep them from making mistakes.  "WARNING:  You're sending coins to a zero address.  Are you sure this is what you intended to do?"  I guess they could write their own though...

What validator?  The exchange was writing their own custom code.  The client wouldn't allow you to make this transaction.  When you are working with raw code that is the risks you take.  

If you are indicating a miner should validate all scripts that quickly becomes very difficult.  The scripting language is very complex and there are many (some not yet even implemented) permutations of possible scripts.  What happens when miners start rejecting scripts that are valid but they think aren't valid and your transactions can't find their way into the blocks.  Lastly someone may decide they want to destroy currency and retain a public record of this.  

It takes time, the pioneer exchanges will normally have a head start, but the latter ones can be more innovative and catch up later on.

It's not about bloat, actually. The point is, it was not an invalid protocol message. This was perfectly allowed by the protocol. There is no reason to disallow things that look strange but are valid by the protocol, just because it looks "obviously wrong" to us.


Yes, it does affect us all. In fact, it makes the bitcoin you are holding worth more, not less.

@julz this might have been related to what you are thinking about above:

http://bitcoin.stackexchange.com/questions/924/can-a-bitcoin-be-destroyed

I read most of the post as it was very long.

For the most part I agree with you (I hate bloat as much as the next guy).  However, most of the examples you quoted were for things like web servers, HTML, (perhaps I'm missing one).  All of these protocols have no consequences for the entire body of people using these protocols.  If a web server in china screws up, it doesn't affect me at all.  If someone screws up with bitcoin and sends 2 million coins into the darkness, that affects us all.  That can only happen so many times before bitcoin is no longer worth anything to anyone in its current form.  It would be nice to be able to run a message through a validator to get some indication of _major_ screw ups.  This would not have to be part of your script language.

For adepts of decentralization you guys trust MtGox too much, even after all the times they fucked up... Just don't come crying when you lose your Bitcoin/USD/EUR. Until now they had the money to cover their(and others) losses, but what will happen when the fuck up is so big that they don't have the money?
And take out your donkey goggles, they are doing their job right, just letting you see what's in front of your eyes...

But whatever, people are free to lose their money any way they want. I'm out!

No, it's not a flaw. You can read the chatlog I pasted on page 2 for more information why.

Will someone please answer me a stupid question (I'm sorry as I'm not really proficient in the protocol)?  As I understand it mtgox sent a transaction with an obviously invalid protocol message.  Shouldn't messages like this be rejected by the network?  It seems like a large hole to have open, especially if bitcoin becomes very popular and more people start writing (possibly flawed) code to use it.

Or it sounds like the mainline client does validation of the protocol message.  Perhaps this could be broken out into a library that everyone could use to validate the protocol message before it was sent?

Or Intersango, never been hacked, run by bitcoin developers, been running since March 2011 and contributes back to the community. If you truly want to support the bitcoin world, then support us. We create projects through our group (Bitcoin Consultancy) which we use to fund further development on bitcoin and projects around it.

We were the ones that discovered the CSRF exploit in MtGox and other exchanges. TBH MtGox has a very poor track record when it comes to security, and they don't seem to have learnt from their lessons. We were the ones who had to respond to the media (by contacting them) when they crashed causing reporters to say bitcoin had been hacked and MtGox ignored all calls for a statement from them.

joepie, Diablo and some other people here lost money which MtGox has never paid back as a result of the CSRF exploit. They were also dishonest on multiple occasions, outright lying or covering things up. Even now they are blaming this on the bitcoin network not accepting transactions with inputs more than 255 (if you read the chatlog I pasted on page 2) which is wrong considering that a) there is no limit and b) the max number of inputs in any of their transactions was 4.

We're the only long running exchange that hasn't been compromised (formerly Britcoin) and are based in London with a development team. Our group (Bitcoin Consultancy) is also actively involved in developing other areas of bitcoin, operates other services and is working with merchants. And we charge no fees.

Our about us: https://intersango.com/about-us.php

Security: https://intersango.com/security.php

Fees: https://intersango.com/fees.php

Our development's group website: http://bitcoinconsultancy.com/

We were the ones just at SWIFT's (the messaging network used for international bank transfers) SIBOS conference on the future of banking discussing how bitcoin could be used to improve international transfers.

So we're pretty much heavily invested in bitcoin for the long term. The purpose of our group is to hire people to work full-time on furthering bitcoin. We release many of our project's source code for the community. We're also helping organise the European Bitcoin Conference.

If you appreciate our work, and wish for bitcoin to grow, then use our exchange. In return it allows us to grow our development team to push forwards and create more community projects we can contribute. It's my hope to turn this into a talent base to allow the brightest minds to prosper and develop cool technology- like Google or Apple but for specifically for bitcoin and other cryptocurrencies.

Now you are silly.  He lost 2% of his annual BTC revenue.  That's 1% of his total revenue, only that MtGox can not exchange BTC into fiat currency (i.e. trade) themselves.  That would be against regulations in Japan.  Since the stuff which can be bought for BTC is still quite limited, MtGox lost very little of practical value to them.  The users lost nothing.

Who would you rather trust for exchanging bitcoins?  Bitomat (all lost, saved by MtGox)?  Bitcoin7 (most lost, can get some back by revealing all possible details about your self and submitting naked photo)?  Tradehill (endorses spam, reveals your trades to the one who referred you)?

Most of MtGox' coins are in an offline securely stored wallet, as was demonstrated after the crack.  It can't be lost by a simple programming error.

Wrong answer. I trust myself, and even so I must account for those times when I get high...
I haven't lost anything in mybitcoin and I don't plan on losing anything in any exchange. But others did and will.

Also, I'm not trying to get you to lose your faith on the hard working man charging you high fees. You are free to do whatever you wish, just don't be surprised when you lose Bitcoin in some service.