From: Andrew Poelstra <apoelstra@wpsoftware.net>
To: "Raúl Martínez" <rme@i-rme.es>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Possible attack: Keeping unconfirmed transactions
Date: Fri, 6 Jun 2014 15:53:25 -0700 [thread overview]
Message-ID: <20140606225325.GF26152@shavo.dd-wrt> (raw)
In-Reply-To: <CA+8=xu+Bo5W+i__c-QMo+9sTTWzs4mi-wF9FFR1axPPRf5MO1A@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1288 bytes --]
On Sat, Jun 07, 2014 at 12:02:36AM +0200, Raúl Martínez wrote:
> I dont know if this attack is even possible, it came to my mind and I will
> try to explain it as good as possible.
>
> Some transacions keep unconfirmed forever and finally they are purged by
> Bitcoin nodes, mostly due to the lack of fees.
>
It's definitely possible. As Pieter says it is important to always reuse
inputs if you are "resending" a transaction. If you don't reuse inputs,
you are creating a new transaction and you should think of it as
spending twice as much money.
Like any information on the Internet, once a signed transaction leaves
your system there is no way to undo this. (Though of course, you can
respend the inputs to ensure that if ever your transaction resurfaces it
will not confirm.) This is true even if the transaction has low fees, is
nonstandard, or is otherwise inhibited from relaying.
I would go so far as to say that any UI which suggests otherwise (e.g.
offering a "cancel" feature which does not involve respending inputs or
that makes any guarantees about being effective) is dangerously broken.
--
Andrew Poelstra
Mathematics Department, University of Texas at Austin
Email: apoelstra at wpsoftware.net
Web: http://www.wpsoftware.net/andrew
[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]
next prev parent reply other threads:[~2014-06-06 23:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-06 22:02 [Bitcoin-development] Possible attack: Keeping unconfirmed transactions Raúl Martínez
2014-06-06 22:11 ` Toshi Morita
2014-06-06 22:21 ` Raúl Martínez
2014-06-06 22:27 ` Pieter Wuille
2014-06-06 22:53 ` Andrew Poelstra [this message]
[not found] ` <CAC0TF=nNJ9qN+VCf8opwL822HA3L7sHpjV0v3=mCG51=y7V56w@mail.gmail.com>
2014-06-10 11:25 ` Raúl Martínez
2014-06-06 22:03 Raúl Martínez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140606225325.GF26152@shavo.dd-wrt \
--to=apoelstra@wpsoftware.net \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=rme@i-rme.es \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox