|
Title: Is It Really Necessary To Wait For Confirmations? Post by: Siegfried on November 04, 2013, 12:55:16 AM I can understand waiting for confirmations for a very large transaction, but for small transactions it just doesn't seem necessary to me. What are the odds that after seeing the initial notification of payment received the transaction turns out to be fraudulent? How could someone commit this kind of fraud? Would it be so easy that small-time losers would spend their time trying to do this kind theft on small transactions?
Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: Tirapon on November 04, 2013, 01:29:01 AM For small transactions you probably don't need to wait. Double spend attacks are generally difficult and costly to attempt, and therefore only worthwhile for large transaction amounts. The chances of losing out to a double spend on a small transaction are probably close to zero, and if its a small amount then its probably worth risking it for convenience because if you do lose out, its not very much money.
Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: TheButterZone on November 04, 2013, 02:01:50 AM I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block).
Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: DeathAndTaxes on November 04, 2013, 02:05:18 AM I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block). Or ensure the sender paid a fee. I have never seen a paying tx not confirm. Well maybe some spam dust garbage. For the OP. It all depends on your risk tolerance. I sold cellphone prepaid code and for repeat customers sent it with no confirm. Of a couple hundred sales never had a double spend. A lot depends on what you are selling and to who and for what reason. Take humble bundle, it is a donation. If people wanted to steal it they could simply torrent the game. Very likely humble bundle could accept 0-confirm with no (or negligible) lost funds. On the other hand if you are selling a high volume low magin product and can't afford any fraud not even <1% you probably should be waiting for at least one confirm. High value tx especially the type which are highly fungible (poker deposit, exchange deposits, on blockchain gambling, etc) are much higher targets and really need confirms (often multiple). Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: Abdussamad on November 04, 2013, 02:07:53 AM For small transactions you probably don't need to wait. Double spend attacks are generally difficult and costly to attempt, and therefore only worthwhile for large transaction amounts. It is very easy to attempt a double spend: https://blockchain.info/create-double-spend To be successful at it is another matter entirely. Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: TheButterZone on November 04, 2013, 02:11:12 AM I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block). Or ensure the sender paid a fee. I have never seen a paying tx not confirm. Well maybe some spam dust garbage. I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend. Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: adamstgBit on November 04, 2013, 02:15:03 AM i figured that if you wait 30 seconds and make sure their is no double spending during these 30 seconds, their a very very good chance that the TX will be confirmed even if their is a double spend attempt afterword.
read more here: https://bitcointalk.org/index.php?topic=302990.0 Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: Siegfried on November 04, 2013, 02:41:18 AM I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block). Or ensure the sender paid a fee. I have never seen a paying tx not confirm. Well maybe some spam dust garbage. I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend. What determines priority? Size? Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: TheButterZone on November 04, 2013, 02:48:38 AM https://en.bitcoin.it/wiki/Transaction_fees#Reference_Implementation
Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: DeathAndTaxes on November 04, 2013, 04:37:01 AM I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block). Or ensure the sender paid a fee. I have never seen a paying tx not confirm. Well maybe some spam dust garbage. I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend. The client should do that calculation for you and should never make mistakes. I have never seen the QT client neglect to include the "min mandatory fee" on tx with low priority. Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: TheButterZone on November 04, 2013, 05:05:42 AM I just wait for 1 confirmation on incomings, because I've seen my own outgoing transactions never confirm and be dropped out of mempool because of insufficient priority/fee. 1 confirmation means that the TX was legit enough to stick (be included in a block). Or ensure the sender paid a fee. I have never seen a paying tx not confirm. Well maybe some spam dust garbage. I try to only spend BTC when it has sufficient priority to not need a fee. Not to say my past calculations (with estimated TX size) have all been accurate, which is why they failed. I expect others are more likely to make mistakes like I have, rather than maliciously doublespend. The client should do that calculation for you and should never make mistakes. I have never seen the QT client neglect to include the "min mandatory fee" on tx with low priority. I used to use brainwallet.org's source, now I use Electrum. Whenever I've talked about priority calculation needing to be a feature of all clients instead of fee being the default despite it qualifying for free, IIRC I kept being told that no client can possibly calculate priority before signing because sig sizes vary, so I just gave up asking, and work around it. Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: LiteCoinGuy on November 04, 2013, 05:45:40 AM there are already shops that sell at 0 confirmations. for small amounts its okay.
Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: malevolent on November 04, 2013, 06:25:07 AM Take humble bundle, it is a donation. If people wanted to steal it they could simply torrent the game. Very likely humble bundle could accept 0-confirm with no (or negligible) lost funds. On the other hand if you are selling a high volume low magin product and can't afford any fraud not even <1% you probably should be waiting for at least one confirm. High value tx especially the type which are highly fungible (poker deposit, exchange deposits, on blockchain gambling, etc) are much higher targets and really need confirms (often multiple). Humble bundle uses Coinbase for handling BTC transactions and they accept 0-confirmation transactions, though I'm sure they do take some security measures, such as connecting only to trusted nodes and disallowing incoming connections. As for the poker or gambling, 0-conf tx can be allowed but the customer shouldn't be able to withdraw any bitcoins until the other party can verify that no double-spend occurred. Title: Re: Is It Really Necessary To Wait For Confirmations? Post by: DeathAndTaxes on November 04, 2013, 06:44:45 AM As for the poker or gambling, 0-conf tx can be allowed but the customer shouldn't be able to withdraw any bitcoins until the other party can verify that no double-spend occurred. Well it is a little more complex than that. Credit card thieves frequently hit online poker room. Deposit x BTC. Lose x BTC to an accomplice. Double spend the deposit. OR Deposit x BTC. Play poker if win let tx confirm, if lose double spend and try again. |