Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: monsterer on February 11, 2014, 08:57:56 PM


Title: [PSA Developers] if you credit bitcoins at 0 confirms you are vulnerable!
Post by: monsterer on February 11, 2014, 08:57:56 PM
I know there are a few sites which credit at 0 confirms. If you are a site owner doing this, you are vulnerable to the transaction malleability problem which is appearing in the press right now.

Your attack will work like this:

  • You credit a user's deposit at 0 confirms.
  • An attacker changes the hash and retransmits the transaction, which somehow gets into a block.
  • You see this as a new transaction, because the TXID is different.
  • You credit the user again for the same transaction.
  • You are in trouble.

Be aware.

Cheers, Paul.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines