Bitcoin Forum

Hi,
I'm using version v0.8.5-beta, made a regular send and it appears to be a double spend:

That's the tx I see in the QT:
https://blockchain.info/tx/41f1cfe70cbbb45ed1efeafed8213cbdee14fe772b8643e0f37259791ce6039f

as it seems the wallet generates a second tx with the same input/outputs
https://blockchain.info/tx/22b00c6516676d401e48cc4617ce5cad2b708e0780b72669da9a67deb52d773b

This is very odd... ???
maybe a bug  ::)

One time, i double spent when i switching up my wallets. I changed my wallet when a transaction was pending, and opened a new wallet.dat file.

When i went back to the 1st wallet.dat (the one the transaction was being sent from, but never confirmed) It showed a balance of my BTC and that the other transaction i sent.

So i tried sending that balance again, hence trying to double spend.

Never got confirmed

I got the exact same problem earlier today...
I was using qt 0.8.6, and shocked to find the double-spend on blockchain.info.

BTW, I also checked blockr.io at that moment, and found only one tx.

IMHO, it seems to be a blockchain.info problem, rather than bitcoin-qt...

I run a full node and I've been seeing a number of double spends in the log.  So it is not just blockchain.info that is detecting the double spends.  For the ones that I checked, they have the same inputs and outputs and were created at almost the same time.  Sometimes they are a double spend, although I found a couple were included in blocks (which could just be the result of a race condition as to which transaction is seen first)

Here are a couple of them:

  6e21cf5c9dc0320d09084a6426ec360f53bfa0fa9f981d4b26e76fd77a19b93c
  20acb23194be4af89538e720af2507c2ad4b0d179fce9c39e3cae0518d6e7593
  15b94449d35dac6c31b181d6384f3120f8caf700e628b6241cce76a0727567ff
  4837a47929d05e723abc8a5b4c50193ed559c4a73537582584db2f8a677554a9
  43ccf90a7b445acc8265d08c9d48ef99ec17337b56effc850977872d567ddada
  66e507b9f079434ff223fdb54f7f1f88695179b38efac5185809387375ad0e6b
  478143a7acd3325ca0218a7d10b43ce16694f5836a7948f13ca90cb024426042

And many more ...

I should add that the node that is reporting the double spends identifies itself as /Satoshi:0.8.99/ and protocol version 70002.  So this might be something in the new client release.  It sends 'reject' messages whenever it is unhappy (which I think is a good thing because it lets you know why a peer is unhappy with you).  It just reported a couple more duplicates and I checked and they are all in the block chain, so I'm not sure what is going on.

I deleted the transactions from the wallet and let it to the network. Today one of them is confirmed other is gone.

The question is... Why is this happening ?!

When you double spend a race condition starts.
Each spend has to reference coins that already belong to you and transfer the ownership to someone else.
Whichever transaction wins the race gets the money, the other is rejected because the coin is already recorded as spent.

How Bitcoin Works Video...
http://www.youtube.com/watch?v=Lx9zgZCMqXE

I know very well how it is resolved, the question is why the double spend appear in first place.

It happened a lot yesterday, some node seems to be relaying transactions twice or something.

What happens here is that the transactions are malleable.

Roughly speaking, when you send a transaction, it has some data in it which is not really relevant to the transaction. This data can be changed, and the same transaction looks slightly different.

This would not really be a problem, but the effect is that the changed transaction gets a new txid. The effect is what you observed: two transactions with different txid's which really have the same inputs and outputs.

Obviously someone is changing the transactions and broadcasting them again (for kicks, or whatever).

That explains a lot... so basically we have a dark individual or a group of ppl who just wants cheap coins.

That makes sense  ;D

I had a friend send me a BTC from multibit yesterday that showed as a doublespend sent 1 second apart.

today i sent from bitcoin-qt and it seems to have created a double-spend (both txids show in the bitcoin-qt and blockchain.info)

did my wallet deduct the send value twice, and/or will the bad transaction (which isnt being confirmed of course) be deleted? I wasnt watching my wallet balance and am not sure if it dropped by my transfer amount (0.2BTC) or by 2x that (0.4btc)

and why is this happening right after/around mt.Gox crying wolf about the problem? some tinfoil-hats among us might be inclined to point fingers

Sounds like someone nefarious is creating double spends of tons of transactions for nefarious purposes.

At worst he is spreading some FUD among novices, what is clear is that regular users using the reference implementation are not affected. Minor inconveniences, but their wallets are safe.

On the contrary incompetent exchanges who base their accounting on transaction IDs and manage poorly their customer services might be affected.

this is what i really need to know. Will the blockchain eventually force a 'reject' response or do i need to 'delete' the transaction record out of the wallet.dat? I need to make sure there isnt 0.22BTC in the bitcoin-qt wallet that isnt recorded or will be lost to the ether rather than moved to a change address

It happened to me around 10 minutes ago sending from the android wallet. I now have a red cross for the double spend and 4 confirms on the real tx. My balance has since corrected it's self.

The guy is having fun. Probably also looking for cheap coins.

So any conclusion on what this means (in terms of security, usability of bitcoin)? Any changes to the conclusion that its all mt gox' incompetence and bitcoin is not flawed?

my guess is a malicious, high-volume node must be causing this to every transaction that it can pass through it - whether this means tens or thousands per second I'm not sure. The issue seems to have no impact on bitcoin, since it can only repeat the transaction under a slightly different txid, it is not capable of modifying it (such as to change the recipient). Here is a very simplified explanation: http://www.reddit.com/r/Bitcoin/comments/1xieb9/keep_calm_transaction_malleability_is_not_double/

is there any way to track these sort of double-spends without having to know the originating tx or wading through the recents or block tx lists to spot double spends?

Maybe somebody should ask the person who seemed to know about it ahead of time: https://bitcointalk.org/index.php?topic=459013.0

I'd say that more than a double spends those are "mutated transaction". There's really no way for the malicious third party to steal any coins unless he social engineers the sender... In the case of Gox their shitty accounting helped.

I may be wrong but I believe I saw that thread after people were complaining about getting Satoshi's from the address with Enjoy in it. I could be wrong.

This is not a double spend in any way, shape, or form.  You have double spent if you get two different transactions confirmed in the blockchain.

0 confirmation transactions are irrelevent... anyone can re-spend non-confirmed txouts quite trivially.

Transaction maliability is fine... it isn't a bug or a fault. 

Someone is re-broadcasting tx's with slight modifications that result in different txid's.  If anything, the person is benefiting the network by forcing idiots like the MtGox devs to stop relying on the txid before it is confirmed in a block.

I still want to circle this back to my unanswered concern:

If my Bitcoin-Qt shows red (withdrawals) for both transactions on it's main window, and both (1 uncomfirmed and 1 many-times confirmed) in its tranacttions log - does the perceived account balance reflect ONE or BOTH withdrawals?

my concern is that this could make incorrectly-updated clients to report lower-than-actual bitcoin quantities and possibly cause these bitcoins to be forgotten when the user transfers the 'visible' balance elsewhere and leave behind the amount from the unconfirmed double spend that still belongs to the left-behind address?

Spends should be linked to specific txouts, not addresses, so the balance should always be correct.

You know... I am starting to wonder if MtGox is running this Maliability bot to fuck with the blockchain even more.

interesting stuff here !~quantum computer in the middle? =0

Nothing quantum required. Just a well connected node re-writing sigscripts.  No reason to worry.

isn't there an issue due to the way the reference client allows users to immediately respend the change address from a prior transaction?

if I do two transactions one after the other and the second uses the change address of the first, if the first gets changed via the malleable relay then the second transaction will never confirm. the recipient won't get their funds as the input address is double spent.

a more malicious relayer could look for these chains and deliberately rewrite the first transaction to cause havoc amongst reference client users.

\o\--yea i rebroadcast with my iPhone ...i aint scurred but the little exchanges are! =0

Both transactions are exactly the same, so the change address will have the amount you need to spend no matter which one is accepted

Hi Guys

Have a problem with a tx using QT


Status: 0/unconfirmed
Date: 11-Feb-14 11:36
To: 1XXXXXXXXXXXXXXXUVWQ
Debit: -41.00 BTC
Transaction fee: -0.0001 BTC
Net amount: -41.0001 BTC
Transaction ID: 44acb7e6a12e55e44c3cce5304d3ef5d98ec5e51e2188669db5fcfc126a4171f

The coins have left my wallet but have not appeared in the new address. Also the tx ID says transaction not found and the status has been unconfirmed for over an hour?

I have done a rescan of QT, but still nothing. Any help will be greatly appreciated!

Cheers

But it will have a different tx id, so they aren't "exactly" the same.  The prior poster is right any subsequent tx would fail.


BTW: Bitcoin doesn't work on the concept of balances it works on the concept of discrete inputs and outputs.  The input of a tx is the output of a prior tx.  You are spending x coins you are spending output X a specific and unique output of which there is no other like it in the bitcoin universe.


So say you have a tx which generates an output A & B where B is the change.
You then create another tx which uses B as the input.

If the first tx is modified it doesn't matter that the outputs have the same VALUE (and are going to the same addreses) they are no longer A & B they are lets say C & D.
Now if this modified tx is the one which makes it into a block then the second tx above which spent B will never confirm.  Why?  Because B no longer exists.

whats the sending/destination addresses? with those it would be a little easier to see whats going on

Destination address 1JhLyQ4bgVw3ZxXWydKHouim4WNBxCUVWQ

But I have no idea the sending address sorry..

It also seems I have unspendable tx in my change wallets? OP_DUP OP_HASH160 e75f9696779377c0a1b9f7f36acff336c96f14f7 OP_EQUALVERIFY OP_CHECKSIG

my exported transaction list DOES NOT ADD UP.

it includes the duplicate transaction of -0.2201 marked as 'Confirmed=FALSE' and a partly-confirmed mining income from an hour ago of 0.1674

please help me out here:

Wallet Status: Balance: 0.2146 BTC   Unconfirmed: 0.00 BTC    Immature: 0.1674 BTC
using the exported csv and adding all the transaction amounts, I get a total of 0.1363 BTC - this includes both the mining income and unconfirmed double spend.
Why does the math not add up? No matter how you add/subtract the renegade values my wallet amount isnt right

So is it really that spam transaction bot or what?

I also had a transaction ID changed today on a transaction.
So 2 transactions appear in my wallet.
This is annoying. I am sure that is the intent.

i think it's ufos ! =)

You need the sending address to see if you coins are still there. If a full rescan didnt work you can redownload the blockchain and last resorr import your private key in a fresh installation try again.

Thanks for the advise.

If I use Pywallet to delete the tx will the coins be returned to me? Lastly why in my change wallet is there an unspendable tx claiming it is a double spend?

Thanks again

This is currently happening to Bitcoin Wallet users as well:

https://plus.google.com/101256420499771441772/posts/bURxFhrKfcq

Well newbies thats why bitcoin consider a near 100% transaction confirmed only once it hits the god damm 6 confirmations @ minimum. Exchanges and other services rely on txid to simply cut the long time you have to wait for the 6 confirmations.

Yes but there isn't anything magical about 6 confirmations.  I would say the network considers a transaction confirmed once it is confirmed.  How many confirmations you should wait depends on your risk threshold.  For most tx 2 confirmations provides a high level of security.  For some transactions you probably want to wait more than 6.

Satoshi never indicated 6 was some magical barrier it simply was the output of his example on the risk of reversal.  If an attacker has 10% of the network, and you want a less than 0.1% chance of the attacker being able to reverse your transaction you need to wait for 6 confirmations.   However if the attacker has say 20% of the network you would need to wait for 10 confirmations to reduce the attackers chances to 0.3%.

Meni wrote a good paper on the economics of transaction reversing because the attacker has a cost (in terms of potentially lost block rewards) trying to re-org the blockchain.  So the more important factor is what is the VALUE of your transaction.

For example if you assume the attacker has 48% of the network (if they have 51% no amount of confirmations will keep you safe) then you need at least this many confirmations to make the attack non-economical

48%
<= 4 BTC = 1 confirmation
6 BTC = 2 confirmations
8 BTC = 3 confirmation
9 BTC = 4 confirmation
10 BTC = 5 confirmations
12 BTC = 6 confirmations
13 BTC = 7 confirmations
14 BTC = 8 confirmations
15 BTC = 9 confirmations
16 BTC = 10 confirmations

Hopefully we can eventually kill the "6 is good for everyone" way of thinking.
https://bitcoil.co.il/Doublespend.pdf

Many merchants hinder the user experience by demanding an excessive amount of confirmations relative to the transaction risk.  For example someone accepting 0.01 BTC for some game credits shouldn't be demanding 6 confirmations.  The user wants to play right away and making them wait 30-120 minutes just creates the (false) perception that Bitcoin is slow.  Even 1 confirmation provides a higher level of security than other payment methods.

All this is true.. confirmed tx is what matters, but this attack is very annoying. It happened to me again today, but this time the clone tx confirmed first and I had to delete mine with pywallet. I have no problem with that but the regular user probably would.

The QT client (and all clients) should be patched to delete or "hide" duplicates, and give user the option to no spend unconfirmed change.  

That would make the "mutate tx attacks" a non-issue (other than you can't assume tx id won't change which is more of an issue for service providers than end users).

Agreed. I have similar issues poping up with my QT

I thinkt he quick fix would be to do a rescan scheduled as maintenance once a night or whatever, if people still have issues they would need to manually dump their priv key and import it into a fresh install (renew their blockchain).

Everybody is. Not only a visual annoyance but also a potencial pain in the ass if you do a lot of transactions per day, some of your transactions might break because of unconfirmed change.

My bitcoin-QT just forced me to reindex the block chain - its about halfway after 12 minutes and hogging my ram. hopefully this will clear my issue where the wallet balance is different from the transaction-log-based balance.

I 100% agree that a simple 'hide duplicates' patch would solve the issue

Do alt-coins have this problem?

alt-coins are essentially carbon copies of bitcoin with hashing algorithm and names changed.  Any coin forked off the bitcoin or litecoin source would be equally affected.  A truly "custom" altcoin "may" have txid which are immutable but if you don't know for sure I would assume they are also affected.

yes. expect alt-coin havoc when griefers turn their attention to them. it would be wise for alt-coin maintainers to start applying the "don't spend unconfirmed change" patches.

To start with, stop calling it a double-spend. It's not double spend until it's in the blockchain, it's double-spend attempts. And double spend is not possible.

More fundamentally, all wallets need to assume a one-to-many relationship between txids and transactions and update their UIs accordingly.

This is why pro's use coin control variant clients like omg.

And yes, please... these are not double spends. Stop calling it that.

Someone is running malicious code that receives tx and then retransmits them mutated.  Only one gets incorporated into the block chain eventually. Kind of a nuisance, i guess they're trying to mess up every exchange right now that operates on txids. Bitpay, coinbase, coinvoice all use custom daemons anyway so not a huge issue.

+1

this is not a big issue, thanks for pointing that

it's a big issue for casual users who wonder why their balance is wrong and transactions are unconfirmed: https://bitcointalk.org/index.php?topic=460944.0