Pages:
Author

Topic: Stats on malled transactions - page 5. (Read 17391 times)

newbie
Activity: 47
Merit: 0
February 11, 2014, 07:19:13 PM
#51
It really is not that much of a problem IMHO. If those change outputs will eventually confirm or not has nothing to do with mutated TxID. If someone wants to include unconfirmed change outputs as his new inputs that's his problem. .
it's not a matter of wanting to include unconfirmed change outputs, it's the fact that the satoshi client does this by default and you can't stop it without patching it. so user is vulnerable to getting their wallet messed up.

>it's not a matter of wanting to include unconfirmed change outputs, it's the fact that the satoshi client does this by default
is it a fact?
legendary
Activity: 2618
Merit: 1007
February 11, 2014, 07:09:12 PM
#50
I guess the issue is more often that people do send Bitcoins, then get a TXID from bitcoind after submitting the RPC call and store that TXID in case they need to check later if that transaction really went through.
sr. member
Activity: 392
Merit: 250
♫ A wave came crashing like a fist to the jaw ♫
February 11, 2014, 07:07:46 PM
#49

Exactly what we talked above, lol. It really is the most obvious solution. There's already the pull request to make this the default option: https://github.com/bitcoin/bitcoin/pull/3654

Any indication or chatter on when this patch will be available?
legendary
Activity: 3878
Merit: 1193
February 11, 2014, 07:06:51 PM
#48
Malled transactions cannot steal coins.
You sure? It's pretty usual practice for Bitcoin merchants to update database upon transaction first seen in the network.

Whenever I want to receive bitcoins, I give the sender a unique address. I couldn't care less what the TXID is. I think most merchants work the same way. Malled transactions do not change the addresses.
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
February 11, 2014, 06:50:00 PM
#47

Exactly what we talked above, lol. It really is the most obvious solution. There's already the pull request to make this the default option: https://github.com/bitcoin/bitcoin/pull/3654
full member
Activity: 168
Merit: 100
February 11, 2014, 06:37:50 PM
#46
newbie
Activity: 51
Merit: 0
February 11, 2014, 06:35:53 PM
#45
It really is not that much of a problem IMHO. If those change outputs will eventually confirm or not has nothing to do with mutated TxID. If someone wants to include unconfirmed change outputs as his new inputs that's his problem. .
it's not a matter of wanting to include unconfirmed change outputs, it's the fact that the satoshi client does this by default and you can't stop it without patching it. so user is vulnerable to getting their wallet messed up.
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
February 11, 2014, 06:21:33 PM
#44
It looks like it's already done, there are GetBalance(), GetUnconfirmedBalance() and GetImmatureBalance() methods in /src/wallet.cpp:

Code:
int64_t CWallet::GetBalance() const
{
    int64_t nTotal = 0;
    {
        LOCK(cs_wallet);
        for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it)
        {
            const CWalletTx* pcoin = &(*it).second;
            if (pcoin->IsConfirmed())
                nTotal += pcoin->GetAvailableCredit();
        }
    }

    return nTotal;
}

int64_t CWallet::GetUnconfirmedBalance() const
{
    int64_t nTotal = 0;
    {
        LOCK(cs_wallet);
        for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it)
        {
            const CWalletTx* pcoin = &(*it).second;
            if (!IsFinalTx(*pcoin) || !pcoin->IsConfirmed())
                nTotal += pcoin->GetAvailableCredit();
        }
    }
    return nTotal;
}

int64_t CWallet::GetImmatureBalance() const
{
    int64_t nTotal = 0;
    {
        LOCK(cs_wallet);
        for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it)
        {
            const CWalletTx* pcoin = &(*it).second;
            nTotal += pcoin->GetImmatureCredit();
        }
    }
    return nTotal;
}

And there's a flag if unconfirmed outputs should be collected in spendable outputs:
Code:
// populate vCoins with vector of spendable COutputs
void CWallet::AvailableCoins(vector& vCoins, bool fOnlyConfirmed, const CCoinControl *coinControl) const
{
    vCoins.clear();

    {
        LOCK(cs_wallet);
        for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it)
        {
            const CWalletTx* pcoin = &(*it).second;

            if (!IsFinalTx(*pcoin))
                continue;

            if (fOnlyConfirmed && !pcoin->IsConfirmed())
                continue;

            if (pcoin->IsCoinBase() && pcoin->GetBlocksToMaturity() > 0)
                continue;

            for (unsigned int i = 0; i < pcoin->vout.size(); i++) {
                if (!(pcoin->IsSpent(i)) && IsMine(pcoin->vout[i]) &&
                    !IsLockedCoin((*it).first, i) && pcoin->vout[i].nValue > 0 &&
                    (!coinControl || !coinControl->HasSelected() || coinControl->IsSelected((*it).first, i)))
                        vCoins.push_back(COutput(pcoin, i, pcoin->GetDepthInMainChain()));
            }
        }
    }
}

So problem witch DeathAndTaxes talked about should not happen at all. If it does happen, there's easily correctable bug somewhere.
sr. member
Activity: 378
Merit: 250
Born to chew bubble gum and kick ass
February 11, 2014, 06:21:07 PM
#43
Jan,

Can your programme also calculate / include the information about the value of double spends?

Date           | Number of double spends      | Value of double spends
2014-01-29  | 470                                  | e.g. 59099 BTC
legendary
Activity: 2128
Merit: 1005
ASIC Wannabe
February 11, 2014, 05:59:09 PM
#42
I think you are misunderstanding.  

...

Right now there is no way for an average user to force the client to only used confirmed change in new transactions even if they wanted to, other than manually wait and make sure they have no unconfirmed change outputs before sending funds.

I see what you mean, you are right. Would a simple configuration option whether to show unconfirmed inputs in the balance do the trick? No may be the default option, and you can always go to the console and temporarily force the opposite behavior if you want to. It may not even mess up how QT client handles the blockchain, just how it calculates the balance.

Edit: I have to check how it is this done right now in the code. I'm not positive how the balance is calculated.

THIS.

I compared my wallet balance against the transaction export and found that the two DID NOT MATCH. my hot wallet is 'richer' by exactly the amount in the second transaction's change wallet - I am not 100% sure which total is correct, though I imagine the wallet balance is the correct version

EDIT: my client just forced me to undergo 'reindexing blocks on disk', a process that appears to be going to take ~20min
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
February 11, 2014, 05:53:58 PM
#41
I think you are misunderstanding.  

...

Right now there is no way for an average user to force the client to only used confirmed change in new transactions even if they wanted to, other than manually wait and make sure they have no unconfirmed change outputs before sending funds.

I see what you mean, you are right. Would a simple configuration option whether to show unconfirmed inputs in the balance do the trick? No may be the default option, and you can always go to the console and temporarily force the opposite behavior if you want to. It may not even mess up how QT client handles the blockchain, just how it calculates the balance.

Edit: I have to check how it is this done right now in the code. I'm not positive how the balance is calculated.
newbie
Activity: 6
Merit: 100
February 11, 2014, 05:29:32 PM
#40
Permanent fix for spam and ddos is for each full node to make a proof-of-work type check (like bitmessage does) for incoming transactions.
Kind of like if transaction is 1satoshi difficulty will be higher than if transaction is 1btc.
donator
Activity: 1218
Merit: 1079
Gerald Davis
February 11, 2014, 05:40:51 PM
#40
However it is a genuine case for concern.  There is no profit in it, but the combination of:
a) malicious user malling all tx
and
b) the QT client using unconfirmed change outputs in new tx

can lead to a lot of confusion and broken transactions.   I am not sure what the immediate fix it.

It really is not that much of a problem IMHO. If those change outputs will eventually confirm or not has nothing to do with mutated TxID. If someone wants to include unconfirmed change outputs as his new inputs that's his problem. His last transaction will eventually confirm if those outputs are regular payment, or fail if it is double-spend attempt. The system is designed to work this way.

I think you are misunderstanding.  

I send you 1 BTC.   It is tx id A.   Someone mutates it so there is a copy with tx id B.

You send a 0.1 BTC to your friend.   As a normal user it isn't you, but the QT client which picks which inputs are used.  The client picks tx id A, index 0 as the input for this new outbound tx.  It can do this because by the QT client right now uses unconfirmed change outputs as inputs in new txs.

Now lets say tx B not A ends up in a block.  Oops. 

The tx to your friend is now invalid, it uses as its input an output which is a double spend (tx a) of a valid confirmed tx (tx b) and thus will never confirm.  There is no user friendly way for you to remove that from your wallet.  Most users may not even know why it didn't work.  They will see the tx to their friend simply never confirms.  It won't be marked as a double spend (because it isn't) it simply will never confirm because it is no longer valid, it became invalid as soon as B not A was included in a block.  It can be solved but it is far from user friendly.  Now imagine that happening for thousands of users every single day forever because some malicious user is intentionally mutating tx to cause chaos.  Nobody ends up losing coins but it makes the system look bad, counterintuitive, and confusion especially for newer users.

If you wait until a tx is confirmed then the txid is immutable (baring a network re-org) and this becomes a non-issue.  Right now there is no way for an average user to force the client to only used confirmed change in new transactions even if they wanted to, other than manually wait and make sure they have no unconfirmed change outputs before sending funds.
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
February 11, 2014, 05:25:02 PM
#39
However it is a genuine case for concern.  There is no profit in it, but the combination of:
a) malicious user malling all tx
and
b) the QT client using unconfirmed change outputs in new tx

can lead to a lot of confusion and broken transactions.   I am not sure what the immediate fix it.

It really is not that much of a problem IMHO. If those change outputs will eventually confirm or not has nothing to do with mutated TxID. If someone wants to include unconfirmed change outputs as his new inputs that's his problem. His last transaction will eventually confirm if those outputs are regular payment, or fail if it is double-spend attempt. The system is designed to work this way.
donator
Activity: 1218
Merit: 1079
Gerald Davis
February 11, 2014, 05:10:26 PM
#38
The later.  It would be a client side change only and wouldn't require the support of anyone beyond the user using it.
full member
Activity: 140
Merit: 100
February 11, 2014, 05:07:43 PM
#37
One option would be to either by default or by a user enabled option don't use change outputs until they have at least 1 confirmation.  That combined with simply "hiding" duplicates would make the mutated spam pretty much invisible to "normal users".  Merchants and service providers not using a payment processor need to understand the mutability of txids but honestly they already should.

Would that require a hard fork or just software update on bitcoin-qt and other wallet software? Im guessing the latter. That sounds like a short term solution at least.
donator
Activity: 1218
Merit: 1079
Gerald Davis
February 11, 2014, 04:42:12 PM
#36
Two transactions with different hashes and with overlapping inputs.
The definition is not entirely correct as a malled tx is not a double spend.
it will result in one though if the user has also tried to spend the change output of the original transaction that was voided by the malleable one. this seems to be happening quite a lot based on network chatter. probably because the client allows spending the change while it's unconfirmed.

I'm no expert on this stuff, but I'm wondering, could this behavior in the reference client be amplifying the effects of the malled TX attack as measured in the OP?  i.e. When a client attempts to spend unconfirmed change that never gets confirmed because its tx got malled, is that also counted as a double-spend attempt?

Not it would simply be an unconfirmed tx and after the parent is dropped it becomes an invalid tx.

However it is a genuine case for concern.  There is no profit in it, but the combination of:
a) malicious user malling all tx
and
b) the QT client using unconfirmed change outputs in new tx

can lead to a lot of confusion and broken transactions.   I am not sure what the immediate fix it.

One option would be to either by default or by a user enabled option don't use change outputs until they have at least 1 confirmation.  That combined with simply "hiding" duplicates would make the mutated spam pretty much invisible to "normal users".  Merchants and service providers not using a payment processor need to understand the mutability of txids but honestly they already should.
legendary
Activity: 966
Merit: 1000
February 11, 2014, 04:33:55 PM
#35
Two transactions with different hashes and with overlapping inputs.
The definition is not entirely correct as a malled tx is not a double spend.
it will result in one though if the user has also tried to spend the change output of the original transaction that was voided by the malleable one. this seems to be happening quite a lot based on network chatter. probably because the client allows spending the change while it's unconfirmed.

I'm no expert on this stuff, but I'm wondering, could this behavior in the reference client be amplifying the effects of the malled TX attack as measured in the OP?  i.e. When a client attempts to spend unconfirmed change that never gets confirmed because its tx got malled, is that also counted as a double-spend attempt?
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
February 11, 2014, 04:28:30 PM
#34
Would it be at all possible to estimate the value of double withdrawals (effected through malled transactions)?[/b] If the exchanges were tricked into resending 1k BTC then it's no problem. If they were tricked into resending 100k BTC, then we might have a big problem.

It's not quite easy to hide your identity from the exchanges, one mistake and you reveal your router's IP to them. After that you are at their mercy not to bring up criminal investigation at you. MtGox maybe will not chase somebody and report him to the authorities for 1 BTC, but for 1k BTC they would surely do everything to put whoever does this in jail.

If you think massive bitcoin network attack is going to be exposed by linking to an IP address, then you greatly underestimate who you're dealing with.

Keep in mind that exchange has in their logs every IP from which you accessed them ever. That data is never erased and regularly log-rotated and backuped for legal purposes. I'm not saying it will be easy for them to catch who's messing with them, but you can bet they will do everything to reveal real identity of that account holder.
full member
Activity: 238
Merit: 100
February 11, 2014, 04:21:22 PM
#33
Would it be at all possible to estimate the value of double withdrawals (effected through malled transactions)?[/b] If the exchanges were tricked into resending 1k BTC then it's no problem. If they were tricked into resending 100k BTC, then we might have a big problem.

It's not quite easy to hide your identity from the exchanges, one mistake and you reveal your router's IP to them. After that you are at their mercy not to bring up criminal investigation at you. MtGox maybe will not chase somebody and report him to the authorities for 1 BTC, but for 1k BTC they would surely do everything to put whoever does this in jail.

If you think massive bitcoin network attack is going to be exposed by linking to an IP address, then you greatly underestimate who you're dealing with.
Pages:
Jump to: