|
Title: accidentally entered the address into amount Post by: accord01 on December 05, 2013, 01:38:04 PM So i was trying to withdraw btc from exchange, and I accidentally entered the address into the amount, everything else was correct, and it still went through...
does this mean i only sent 1 btc, since address starts with 1? Title: Re: accidentally entered the address into amount Post by: Leehoya on December 05, 2013, 01:49:41 PM So i was trying to withdraw btc from exchange, and I accidentally entered the address into the amount, everything else was correct, and it still went through... I'm thinking about the last line. So, if i want to withdraw 100BTC, it only sent 1BTC since it starts with 1? does this mean i only sent 1 btc, since address starts with 1? What you could do is to contact the support about this matter. Im sure the transaction was not sent as it needs a combination for it to be sendable. Should just contact the admin. Wiki says so: https://en.bitcoin.it/wiki/Address#Addresses_are_case_sensitive_and_exact Title: Re: accidentally entered the address into amount Post by: accord01 on December 05, 2013, 03:27:16 PM It sent 1 btc, so all is good!
Title: Re: accidentally entered the address into amount Post by: Abdussamad on December 05, 2013, 03:41:07 PM It sent 1 btc, so all is good! Ask support to fix their freaking system. Basic input validation would be nice. Title: Re: accidentally entered the address into amount Post by: Martijnvdc on December 05, 2013, 05:12:59 PM Which exchange are you using?
That seems quite ridiculous... Why doesn't it check if the value entered is a number at all?! Title: Re: accidentally entered the address into amount Post by: kr105 on December 05, 2013, 06:34:48 PM It sent 1 btc, so all is good! Ask support to fix their freaking system. Basic input validation would be nice. Title: Re: accidentally entered the address into amount Post by: DeathAndTaxes on December 05, 2013, 06:36:53 PM It sent 1 btc, so all is good! Ask support to fix their freaking system. Basic input validation would be nice. This please let everyone know so they can avoid it like the plague. Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc. Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok. Title: Re: accidentally entered the address into amount Post by: zhinkk on December 08, 2013, 03:20:13 PM It sent 1 btc, so all is good! Ask support to fix their freaking system. Basic input validation would be nice. This please let everyone know so they can avoid it like the plague. Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc. Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok. This. Although I think how the system might work is that if you enter a value more than you own (for some reason, works with address) it just sends all of your balance no matter what. Title: Re: accidentally entered the address into amount Post by: poordeveloper on December 08, 2013, 03:22:26 PM It sent 1 btc, so all is good! Ask support to fix their freaking system. Basic input validation would be nice. This please let everyone know so they can avoid it like the plague. Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc. Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok. This. Although I think how the system might work is that if you enter a value more than you own (for some reason, works with address) it just sends all of your balance no matter what. Title: Re: accidentally entered the address into amount Post by: accord01 on December 10, 2013, 02:44:21 PM I used bitfinex.com to make the transfer.
Title: Re: accidentally entered the address into amount Post by: unclescrooge on December 12, 2013, 04:12:15 PM Hello,
If the address was changed to 1 (the number), then obviously the data has been filtered. Furthermore, just because we do not check if the bitcoin address is not a valid bitcoin address doesn't mean we do not check for malicious input like SQL, HTML,... But don't take my word for it, go ahead, try to SQL inject or other attacks on Bitfinex and check the result. Every field is parsed and malicious content is removed (and a string like a BTC address is not a malicious content :)) All in all, if the bitcoin address is a wrong string, it will be rejected and cancelled. If the amount contains string garbage, as long as it start by digits, the amount will be those digits. If you enter "10 BTC", then this will be converted to "10". Thank you anyway Raphael Title: Re: accidentally entered the address into amount Post by: unclescrooge on December 12, 2013, 04:19:22 PM To give you an example, there was so far 1 vulnerability, XSS one (so not a major one) on Bitfinex, for the GET variable "locale", where you could input javascript. This has been corrected a long time ago and was as i said the only vuln found.
it's not like we have not been "tried"... |