|
Title: Mt. Gox wallet bug - rumor, or reality? Post by: Nagle on February 10, 2014, 04:48:28 AM There is a claim on Reddit (http://www.reddit.com/r/Bitcoin/comments/1x93tf/some_irc_chatter_about_what_is_going_on_at_mtgox/cf99yac) that the Mt. Gox wallet program has a bug. The claim is that the signature algorithm is adding extra junk zeroes to signatures, which are ignored by some, but not all, clients. These provide the opportunity for a third party to modify the transaction by removing the junk zeroes, resulting in a valid transaction with a new transaction ID, which Mt. Gox's wallet does not recognize as its own. This allows spending Bitcoins sent by Mt. Gox, while Mt. Gox's own accounting treats the transaction as failed.
This is a checkable claim. If it's true, there should be such broken transactions in Mt. Gox's transaction list. Are there? Also, this fix (https://github.com/jgarzik/python-bitcoinlib/commit/4c64603ab60b0fa23c51090b3112be2f163aeeac) is supposed to fix the problem. But it takes bytes off the end of the signature string, not the beginning. Is that valid? |