From: "Raúl Martínez" <rme@i-rme.es>
To: "Chris D'Costa" <chrisjdcosta@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Possible attack: Keeping unconfirmed transactions
Date: Tue, 10 Jun 2014 13:25:05 +0200 [thread overview]
Message-ID: <CA+8=xuJ_jvX8ZtjTkgW37u1kjBUfYK9gxw22-y1CD5HqB6konA@mail.gmail.com> (raw)
In-Reply-To: <CAC0TF=nNJ9qN+VCf8opwL822HA3L7sHpjV0v3=mCG51=y7V56w@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3422 bytes --]
I believe that the Payment Protocol works that way, the merchant broadcast
the Tx.
El 10/06/2014 13:23, "Chris D'Costa" <chrisjdcosta@gmail.com> escribió:
> I wonder if Raul is mistakenly under the impression that the transaction
> only reaches the Bitcoin network via Alice? In which case the premise of
> this "attack" is incorrect.
>
> *Chris D'Costa*
>
>
> Follow on Twitter: *@cjdcosta*
>
> *---------------------------------------------------------------------------------------*
> chris.dcosta@meek.io (Meek)
> chris.dcosta@sossee.com (Blog)
> chrisjdcosta@gmail.com <chris_dcosta@me.com> (Personal)
> chris.dcosta@bitcoinassociation.be (Belgian Bitcoin Association)
>
> ---------------------------------------------------------------------------------------
>
>
> On 7 June 2014 00:02, Raúl Martínez <rme@i-rme.es> wrote:
>
>> I dont know if this attack is even possible, it came to my mind and I
>> will try to explain it as good as possible.
>>
>> Some transacions keep unconfirmed forever and finally they are purged by
>> Bitcoin nodes, mostly due to the lack of fees.
>>
>>
>> Example:
>> ---------
>>
>> Alice is selling a pizza to Bob, Bob is now making the payment with
>> Bitcoin.
>> The main goal of this attack is to store a unconfirmed transaction send
>> by Bob for a few days (it will not be included in the blockchain because it
>> has no fee or due to other reason), Bob might resend the payment or might
>> just cancel the deal with Alice.
>>
>> Bob forgets about that failed trade but a couple of days later, Alice,
>> who has stored the signed transacion, relays the transaction to the network
>> (or mines it directly with his own hashpower).
>> Bob does not know what is happening, he believed that that transaction
>> was "canceled forever", he even does not remember the failed pizza deal.
>>
>> Alice has now the bitcoins and Bob does not know what happened with his
>> money.
>>
>> ---------
>>
>> This might also work with the Payment Protocol because when using it Bob
>> does not relay the transaction to the network, its Alices job to do it,
>> Alice stores it and tells Bob to resend the payment, Bob creates another
>> transaction (If has the same inputs as the first TX this does not work)
>> (this one is relayed by Alice to the network).
>>
>> Alice comes back a couple of days later and mines with his hashrate the
>> first transaction (the one she didnt relayed to the network).
>>
>> Alice now has two payments, Bob does not know what happened.
>>
>>
>> -----------
>>
>> I hope that I explained well this possible attack, I dont know if there
>> is already a fix for this problem or if it is simply impossible to execute
>> this kind of attack.
>>
>> Thanks for your time.
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>
[-- Attachment #2: Type: text/html, Size: 5120 bytes --]
next prev parent reply other threads:[~2014-06-10 11:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-06 22:02 [Bitcoin-development] Possible attack: Keeping unconfirmed transactions Raúl Martínez
2014-06-06 22:11 ` Toshi Morita
2014-06-06 22:21 ` Raúl Martínez
2014-06-06 22:27 ` Pieter Wuille
2014-06-06 22:53 ` Andrew Poelstra
[not found] ` <CAC0TF=nNJ9qN+VCf8opwL822HA3L7sHpjV0v3=mCG51=y7V56w@mail.gmail.com>
2014-06-10 11:25 ` Raúl Martínez [this message]
2014-06-06 22:03 Raúl Martínez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+8=xuJ_jvX8ZtjTkgW37u1kjBUfYK9gxw22-y1CD5HqB6konA@mail.gmail.com' \
--to=rme@i-rme.es \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=chrisjdcosta@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox