Pages:
Author

Topic: Stats on malled transactions - page 3. (Read 17393 times)

sr. member
Activity: 469
Merit: 253
February 13, 2014, 01:38:24 AM
#91
Here in Vancouver, several brick-and-mortar businesses accept zero-confirm transactions using BitPay.  If you are buying a coffee, no one is going to wait 10 minutes (or longer) for confirmation;  it is critical that zero-confirm transactions are reasonably secure in order for this business model to work.  

So let me see if I understand the transaction malleability problem in relation to brick-and-mortar stores:

I pay for my coffee at Waves for 4mBTC.  Assume that to avoid "address reuse," my phone uses the full balance in 1AddressA, sends 4mBTC to Waves, and the rest to a new change address 1AddressB.  BitPay accepts this transaction and I get my coffee.  As soon as I finish paying, I realize that I also wanted a donut.  So I pay for this using what are now unconfirmed coins sitting in 1AddressB.  BitPay still approves the transaction and I get my donut too.  

But my first transaction was mutated, and the mutated version was accepted into the blockchain.  This means that the transaction I used to pay for my donut is now invalid, and Waves/BitPay won't get the money (and I've already left the store).  

This seems like a messy problem to deal with.  If we disallow spending unconfirmed change outputs, then there will be certain cases when I can't actually purchase my donut [without a long wait], correct?  Ideally, my wallet would try to break up my coins so that there are always plenty of fully-confirmed outputs ready for spending.  But how do most wallets actually work?  The Blockchain.info mobile wallet [that I use] sends the change back to the same address, so I'd expect that it would be very rare to have exhausted all of the confirmed outputs.  But for mobile wallets that avoid address reuse [do these even exist?], would it be less likely that you'd have confirmed coins available?

And should BitPay do anything to protect itself?


Very good example to think about, but: did I miss something? I think it won't happen, or at least doesn't have to. When you try to pay for the donut, assuming your wallet makes use of the change utxo which has been malled and is not yet confirmed, will bitpay accept it? I don't know whether they would today, but isn't it trivial to just check each utxo used as input and look at the blockchain to see if that transaction has any confirms? That way, they can accept unconfirmed spends, but not accept unconfirmed spends of unconfirmed spends, which is practically absolutely fine. Except you don't get your donut Cheesy

Unless your wallet is coded to not use unconfirmed change...
sr. member
Activity: 308
Merit: 250
February 13, 2014, 01:06:47 AM
#90
I agree, Before this I pretty much trusted each transaction without confirmations if as there was a fee paid. I really hope this Issue wil be fixed soon.
legendary
Activity: 1162
Merit: 1007
February 13, 2014, 12:44:35 AM
#89
But my first transaction was mutated, and the mutated version was accepted into the blockchain.  This means that the transaction I used to pay for my donut is now invalid, and Waves/BitPay won't get the money (and I've already left the store).

Yes, that is possible, but that's nothing new. Accepting with zero-confirm transactions is risky.


I disagree.  I think the community now sees zero-confirm transactions as more risky than prior to the malleability attack.  I know I do.  Previously, I think most people were under the impression that to invalidate a zero-confirm transaction (e.g., buying my donut at Waves in Vancouver), the customer would be the attacker (and basically had to be in cahoots with a nefarious miner in order to double spend).  The malleability attack has shown that even if both customer and merchant are honest, proper fees are paid, and the transaction propagates across the network, it's still possible (and in some cases probable) that the transaction doesn't go through (and thus D&T's solution to disallow transactions using unconfirmed "change" outputs).  

So I agree with D&T that we need a smarter way to deal with unconfirmed change, until malleability is properly fixed.  My question was if we enforce this new change rule, how often will casual users find themselves unable to pay immediately (such as my donut example)?  How will this impact the experience of say, my mom using her smartphone, who couldn't wrap her head around this?  
legendary
Activity: 3878
Merit: 1193
February 13, 2014, 12:15:34 AM
#88
But my first transaction was mutated, and the mutated version was accepted into the blockchain.  This means that the transaction I used to pay for my donut is now invalid, and Waves/BitPay won't get the money (and I've already left the store).

Yes, that is possible, but that's nothing new. Accepting with zero-confirm transactions is risky.
legendary
Activity: 1162
Merit: 1007
February 12, 2014, 11:04:05 PM
#87
Here in Vancouver, several brick-and-mortar businesses accept zero-confirm transactions using BitPay.  If you are buying a coffee, no one is going to wait 10 minutes (or longer) for confirmation;  it is critical that zero-confirm transactions are reasonably secure in order for this business model to work.  

So let me see if I understand the transaction malleability problem in relation to brick-and-mortar stores:

I pay for my coffee at Waves for 4mBTC.  Assume that to avoid "address reuse," my phone uses the full balance in 1AddressA, sends 4mBTC to Waves, and the rest to a new change address 1AddressB.  BitPay accepts this transaction and I get my coffee.  As soon as I finish paying, I realize that I also wanted a donut.  So I pay for this using what are now unconfirmed coins sitting in 1AddressB.  BitPay still approves the transaction and I get my donut too.  

But my first transaction was mutated, and the mutated version was accepted into the blockchain.  This means that the transaction I used to pay for my donut is now invalid, and Waves/BitPay won't get the money (and I've already left the store).  

This seems like a messy problem to deal with.  If we disallow spending unconfirmed change outputs, then there will be certain cases when I can't actually purchase my donut [without a long wait], correct?  Ideally, my wallet would try to break up my coins so that there are always plenty of fully-confirmed outputs ready for spending.  But how do most wallets actually work?  The Blockchain.info mobile wallet [that I use] sends the change back to the same address, so I'd expect that it would be very rare to have exhausted all of the confirmed outputs.  But for mobile wallets that avoid address reuse [do these even exist?], would it be less likely that you'd have confirmed coins available?

And should BitPay do anything to protect itself?
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
February 12, 2014, 10:15:00 PM
#86
For those that have transactions that will never confirm, what is the procedure on QT to clean up the wallet?
hero member
Activity: 588
Merit: 520
February 12, 2014, 09:45:28 PM
#85
Really sad that there is no solution to even clean these transactions manually... at least not for official bitcoin-qt client.
full member
Activity: 216
Merit: 100
February 12, 2014, 06:18:50 PM
#84
Seems we are back to business as usual.
2014-02-12 393
Updating OP.

Any reason to believe it won't happen again tomorrow? I think we'd all like to know when Bitstamp and other exc will start processing withdrawals again ;-)
Jan
legendary
Activity: 1043
Merit: 1002
February 12, 2014, 05:57:02 PM
#83
Seems we are back to business as usual.
2014-02-12 393
Updating OP.
sr. member
Activity: 475
Merit: 255
February 12, 2014, 05:28:08 PM
#82
Maybe this is too simple to be right, but...
Would not running rescan in bitcoin-QT from the time "some time before problematic unconfirmed-change-spending transaction" help?

It presumably would, and a few options such as last 100 or last 1000 might be sufficient.

The only concern would be that:
a) this would need to be implemented by each client
b) it *could* create weak points for an evil trojan/virus to replace and then rescan a false short blockchain - seems unlikely though

a) this is already implemented in each bitcoin-QT client. Although it would be time consuming to do it regularly.
b) creating "false blockchain" is almost impossible, it needs forking blockchain somewhere and then constructing new "false blocks". This "construction" means in fact mining new alternative and legitimate blocks from this fork. No single entity has enough computational power to do this. And some "easier blockchain" would not be correctly verified by reference client.

legendary
Activity: 2128
Merit: 1005
ASIC Wannabe
February 12, 2014, 12:29:51 PM
#81
Maybe this is too simple to be right, but...
Would not running rescan in bitcoin-QT from the time "some time before problematic unconfirmed-change-spending transaction" help?

It presumably would, and a few options such as last 100 or last 1000 might be sufficient.

The only concern would be that:
a) this would need to be implemented by each client
b) it *could* create weak points for an evil trojan/virus to replace and then rescan a false short blockchain - seems unlikely though
sr. member
Activity: 430
Merit: 250
February 12, 2014, 10:09:57 AM
#80
AFAIK, Armory automatically send change to a new address, so at least it could have an option to disallow spending unconfirmed change outputs, unless there is nothing else spendable, should work in many cases.

Also, shouldn't the priority of spending be decided by the coin-age? As the fee rule discourages spending "hot" coins.
I am certain it does, but since selection of what outputs are used for a new transaction is (mostly, unless you use coin control) out of your hands you can never be sure unconfirmed change has not been used.
sr. member
Activity: 475
Merit: 255
February 12, 2014, 10:01:46 AM
#79
Maybe this is too simple to be right, but...
Would not running rescan in bitcoin-QT from the time "some time before problematic unconfirmed-change-spending transaction" help?
full member
Activity: 227
Merit: 100
February 12, 2014, 04:34:04 AM
#78
someone has proven beyond a shadow of a doubt that bit coin is
capable of being manipulated.

someone would do that who has it in their interests to do that.
certainly many parties would fit that bill.

i agree with the writer who said now is not the time to point fingers.
Fix the present problem. No one will remember it in a month.

But the real problem is 20 million merchants just put Bitcoin on
the back burner for the next year. Not good for Bitcoin at all.

bad press == bad price. bad price == bad investment.

of course, a couple months ago, I suggested Bitcoin should build in the
exchange process into the wallets. Bitcoin touts its "decentralized" nature
but every exchange has an easy bulls-eye on its back for governments to
take aim at. In other words, since Bitcoin's exchanges are centralized,
so therefore is Bitcoin.

Just my two cents. Hope it helps. I would like to see Bitcoin thrive. It can become
the electric car of the monetary system,…. a valuable addition.


Manipulated? It can always be manipulated with enough money... Actually, for  a normal person/exchange this doesnt affect the btc, because we always waited for 3 or 6 confirms before delivering. It will clear up
hero member
Activity: 784
Merit: 1000
February 12, 2014, 04:08:51 AM
#77
I am fairly certain that all (or nearly all) clients allow spending unconfirmed change outputs.  Until the "mass mutation attack" it improved the user experience to have this option.  Without the ability to spend unconfirmed change outputs the user could potentially (depending on what other confirmed outputs are available) need to wait for confirmations between spends.  I can't see any wallet intentionally doing that.  Many some minor less tested wallet may have accidentally ended up with that behavior.

AFAIK, Armory automatically send change to a new address, so at least it could have an option to disallow spending unconfirmed change outputs, unless there is nothing else spendable, should work in many cases.

Also, shouldn't the priority of spending be decided by the coin-age? As the fee rule discourages spending "hot" coins.
donator
Activity: 1218
Merit: 1079
Gerald Davis
February 12, 2014, 04:03:40 AM
#76
I am fairly certain that all (or nearly all) clients allow spending unconfirmed change outputs.  Until the "mass mutation attack" it improved the user experience to have this option.  Without the ability to spend unconfirmed change outputs the user could potentially (depending on what other confirmed outputs are available) need to wait for confirmations between spends.  I can't see any wallet intentionally doing that.  Many some minor less tested wallet may have accidentally ended up with that behavior.
hero member
Activity: 784
Merit: 1000
February 12, 2014, 03:51:56 AM
#75
Well, you said the mutated one gets confirmed, can I find the one or not? Thanks.
https://bitcointalksearch.org/topic/m.5089865

Please actually read the section labeled "Mutable Transaction ids break spending unconfirmed change".

To answer your question.  No.  You can "find it" but a tx created from an unconfirmed change output which is subsequently mutated will never confirm.

I corrected my post, how many clients you know share the same behaviour?

EDIT: I would suggest you somehow also post your OP in the tech discussion board btw.
donator
Activity: 1218
Merit: 1079
Gerald Davis
February 12, 2014, 03:47:49 AM
#74
Well, you said the mutated one gets confirmed, can I find the one or not? Thanks.
https://bitcointalksearch.org/topic/m.5089865

Please actually read the section labeled "Mutable Transaction ids break spending unconfirmed change".

To answer your question.  No.  You can "find it" but a tx created from an unconfirmed change output which is subsequently mutated will never confirm.
hero member
Activity: 784
Merit: 1000
February 12, 2014, 03:45:24 AM
#73
The number of "double spends" (most of which I believe is mutated transactions) for the last 24 hours:
2014-02-11 16960
(will edit OP to reflect this)

It is slightly lower than I anticipated, as it was already above 16k 9 hours before the CET day ended (24 hours). Maybe the attack subsided, or someone is having a break.

this is probably related to the current malleability attack on the bitcoin network (25% of transactions were affected today). it has nothing to do with your theft.

In addition to the above jgarzik is quoted on reddit to have said that one home PC could have done this. One home PC can screw up 25% of transactions!

Hold on. Are there actually any reports of something being screwed, apart from couple of exchanges who stopped withdrawals as a precaution measure?

It depends on what you mean by "screwed up".  The attacker can't change the inputs or outputs or fees, however they can change the tx hash of unconfirmed txs.  There were over 16,000 tx "mutated" in the last 24 hours.  I am sure they weren't all withdraws from exchanges. It would appear the attackers are simply mutating in mass all transactions they are able to and broadcasting the mutated version into the network.  If the mutated version of the tx is the one which gets confirmed it can have consequences for any user.

https://bitcointalksearch.org/topic/what-the-average-user-needs-to-know-about-transaction-mutability-460944



So, don't deliver until the transaction to you is confirmed, is that....news?

Obviously you didn't read the post or link.  I said nothing about delivering goods before confirmed.

I am not saying you have said anything wrong, I was referring to the panic. And I don't think such consequences can be considered "screwed up", as an end user I would probably not even notice anything other than a slow-up of the network if I don't pay attention.

You wouldn't notice a transaction you made (or someone made to you) that never confirms due to no fault of your own.  By never, I mean never. Not in an hour, or a day, or a year.  Smiley
Most people would and they probably would consider that "screwed up".

Well, I don't know about you, but when I actually want to see if my tx gets confirmed, I always search for the address and check if there is a new transaction with the correct amount, probably it's just me though...

Once again you might want to read the link. I am not talking about it being confirmed under a new tx id.  I am talking about it NEVER confirming because it now has become invalid due to the inputs being invalid.

Well, you said the mutated one gets confirmed, can I find the one or not? Thanks.

EDIT: Okay, I read your OP, I was awfully unaware of the way the reference client works as I have never actually used it, thanks.
donator
Activity: 1218
Merit: 1079
Gerald Davis
February 12, 2014, 03:42:19 AM
#72
The number of "double spends" (most of which I believe is mutated transactions) for the last 24 hours:
2014-02-11 16960
(will edit OP to reflect this)

It is slightly lower than I anticipated, as it was already above 16k 9 hours before the CET day ended (24 hours). Maybe the attack subsided, or someone is having a break.

this is probably related to the current malleability attack on the bitcoin network (25% of transactions were affected today). it has nothing to do with your theft.

In addition to the above jgarzik is quoted on reddit to have said that one home PC could have done this. One home PC can screw up 25% of transactions!

Hold on. Are there actually any reports of something being screwed, apart from couple of exchanges who stopped withdrawals as a precaution measure?

It depends on what you mean by "screwed up".  The attacker can't change the inputs or outputs or fees, however they can change the tx hash of unconfirmed txs.  There were over 16,000 tx "mutated" in the last 24 hours.  I am sure they weren't all withdraws from exchanges. It would appear the attackers are simply mutating in mass all transactions they are able to and broadcasting the mutated version into the network.  If the mutated version of the tx is the one which gets confirmed it can have consequences for any user.

https://bitcointalksearch.org/topic/what-the-average-user-needs-to-know-about-transaction-mutability-460944



So, don't deliver until the transaction to you is confirmed, is that....news?

Obviously you didn't read the post or link.  I said nothing about delivering goods before confirmed.

I am not saying you have said anything wrong, I was referring to the panic. And I don't think such consequences can be considered "screwed up", as an end user I would probably not even notice anything other than a slow-up of the network if I don't pay attention.

You wouldn't notice a transaction you made (or someone made to you) that never confirms due to no fault of your own.  By never, I mean never. Not in an hour, or a day, or a year.  Smiley
Most people would and they probably would consider that "screwed up".

Well, I don't know about you, but when I actually want to see if my tx gets confirmed, I always search for the address and check if there is a new transaction with the correct amount, probably it's just me though...

Once again you might want to read the link. I am not talking about it being confirmed under a new tx id.  I am talking about it NEVER confirming because it now has become invalid due to the inputs being invalid.
Pages:
Jump to: