|
Title: Double spending while spending bitcoin on stores Post by: Josef27 on March 13, 2015, 03:02:54 PM Do you think it's possible and dangerous?
Because it needs around a minute to 2 hours to confirm a block, and there is no way to wait a confirmation while you on the queqe line. Let just say they're "okay" with no current block confirmation and let you leave the store, but what if someone just sent a payment with no fees, make them not included and confirmed in the next block, Then after he leaves he quickly create a new transaction into his new wallet, make a double spending. What do you think? Title: Re: Double spending while spending bitcoin on stores Post by: Meuh6879 on March 13, 2015, 03:05:30 PM you can't double spend in an open environment ...
you can double-spend with a isolated bitcoin core server and local network ... and a wallet with "trusted IP" pointed on this server (to accept 0-confirmation transaction). in real world, you can't have this ... even if you want. ;D Title: Re: Double spending while spending bitcoin on stores Post by: Josef27 on March 13, 2015, 03:08:02 PM you can't double spend in an open environment ... Really? But I ever do double spending while my current transaction isn't confirmed because no fees a long time ago..you can double-spend with a isolated bitcoin core server and local network ... and a wallet with "trusted IP" pointed on this server (to accept 0-confirmation transaction). in real world, you can't have this ... even if you want. ;D Title: Re: Double spending while spending bitcoin on stores Post by: Meuh6879 on March 13, 2015, 03:12:21 PM a time ago ... that the point.
with 0.8.6 perhaps. with 0.9.0 = No, really no ... Title: Re: Double spending while spending bitcoin on stores Post by: Mitchell on March 13, 2015, 03:15:19 PM Double spends are possible, but really hard to do because you would have to send both of them quickly and to two different parts of the network and hope that the seller picks up the one you are going to drop and the miners the one you want to be confirmed. Once a miner has seen a transaction it will reject any address that contains the same inputs.
I'm sure DannyHamilton or DeathAndTaxes can explain this a lot better. See this (https://bitcointalk.org/index.php?topic=329314.msg3535651#msg3535651) post by DeathAndTaxes for more information about sellers that accept 0 confirmation transactions. Title: Re: Double spending while spending bitcoin on stores Post by: Josef27 on March 13, 2015, 03:17:33 PM a time ago ... that the point. Oh, maybe I kinda out of the loop here. Thanks for pointing it out, gonna try it again someday (For testing purpose only of course)with 0.8.6 perhaps. with 0.9.0 = No, really no ... Double spends are possible, but really hard to do because you would have to send both of them quickly and too two different parts of the network. Once a miner has seen a transaction it will reject any address that contains the same inputs. Gonna check it, thanks!I'm sure DannyHamilton or DeathAndTaxes can explain this a lot better. See this (https://bitcointalk.org/index.php?topic=329314.msg3535651#msg3535651) post by DeathAndTaxes for more information about sellers that accept 0 confirmation transactions. Title: Re: Double spending while spending bitcoin on stores Post by: cramved on March 13, 2015, 03:50:34 PM Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.
Title: Re: Double spending while spending bitcoin on stores Post by: Josef27 on March 13, 2015, 03:56:49 PM Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong. I ever heard about that too, but the one I ever experience that one of them get processed and the other aren't.Title: Re: Double spending while spending bitcoin on stores Post by: Lorenzo on March 13, 2015, 04:05:31 PM OP's scenario seems to describe a race attack:
Quote Race attack Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain. Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker. The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections. Link: http://en.bitcoin.it/wiki/Double-spending Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong. The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally. Title: Re: Double spending while spending bitcoin on stores Post by: cramved on March 13, 2015, 04:06:56 PM OP's scenario seems to describe a race attack: Quote Race attack Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain. Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker. The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections. Link: http://en.bitcoin.it/wiki/Double-spending Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong. The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally. Is it possible to know which one it will invalidate or is random? Title: Re: Double spending while spending bitcoin on stores Post by: CIYAM on March 13, 2015, 04:09:22 PM Is it possible to know which one it will invalidate or is random? It isn't really possible to know (although fees could make one tx more likely than another to confirm). But assuming that the fees are the same then it would effectively be random (as it will depend on which tx got included in the best PoW chain). My guess is that services like BitPay already detect such attempts and would warn their clients ASAP. Title: Re: Double spending while spending bitcoin on stores Post by: cramved on March 13, 2015, 04:13:16 PM Is it possible to know which one it will invalidate or is random? It isn't really possible to know (although fees could make one tx more likely than another to confirm). But assuming that the fees are the same then it would effectively be random (as it will depend on which tx got included in the best PoW chain). So that makes it hard to use it as a way to change your mind about a transaction, which is a good thing. Title: Re: Double spending while spending bitcoin on stores Post by: Lorenzo on March 13, 2015, 04:25:14 PM OP's scenario seems to describe a race attack: Quote Race attack Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain. Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker. The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections. Link: http://en.bitcoin.it/wiki/Double-spending Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong. The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally. Is it possible to know which one it will invalidate or is random? Miners can choose which transaction to include in the next block. Most pools will choose the one that came first although some (e.g. BitUndo (http://www.bitundo.com/)) will choose the one with the higher fee. So in most situations, the second transaction would be invalidated and never included in the blockchain. If you want to read a good explanation of how it works, see the first answer below: http://bitcoin.stackexchange.com/questions/26926/could-any-standard-fee-transaction-be-double-spent-by-using-a-higher-fee EDIT: Actually it seems that the above is only true if the transactions were sent very far apart since it assumes that the first transaction has been fully propagated by the network. If they were sent almost simultaneously (which is what would happen in most double spend attempts), whether or not the first or second transaction goes through would be essentially random. This is because while the reference client is designed to accept the first transaction received, there would be no way for all nodes in the network to agree on which transaction was first sent. Sending two double spend transactions to different nodes a few seconds apart would result in some nodes seeing A first and others B. If one of these happen to be the one that mines the next block, then the first transaction that it receives will be added to the next block (exceptions like BitUndo aside). Title: Re: Double spending while spending bitcoin on stores Post by: cramved on March 13, 2015, 04:35:23 PM OP's scenario seems to describe a race attack: Quote Race attack Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain. Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker. The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections. Link: http://en.bitcoin.it/wiki/Double-spending Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong. The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally. Is it possible to know which one it will invalidate or is random? Miners can choose which transaction to include in the next block. Most pools will choose the one that came first although some (e.g. BitUndo (http://www.bitundo.com/)) will choose the one with the higher fee. So in most situations, the second transaction would be invalidated and never included in the blockchain. If you want to read a good explanation of how it works, see the first answer below: http://bitcoin.stackexchange.com/questions/26926/could-any-standard-fee-transaction-be-double-spent-by-using-a-higher-fee The bitundo actually sounds like a good idea but wouldn't they have to find the block for it to work? Title: Re: Double spending while spending bitcoin on stores Post by: Lorenzo on March 13, 2015, 05:18:10 PM OP's scenario seems to describe a race attack: Quote Race attack Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain. Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker. The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections. Link: http://en.bitcoin.it/wiki/Double-spending Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong. The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally. Is it possible to know which one it will invalidate or is random? Miners can choose which transaction to include in the next block. Most pools will choose the one that came first although some (e.g. BitUndo (http://www.bitundo.com/)) will choose the one with the higher fee. So in most situations, the second transaction would be invalidated and never included in the blockchain. If you want to read a good explanation of how it works, see the first answer below: http://bitcoin.stackexchange.com/questions/26926/could-any-standard-fee-transaction-be-double-spent-by-using-a-higher-fee The bitundo actually sounds like a good idea but wouldn't they have to find the block for it to work? Yes, they would need to find a block. Fortunately, they are a tiny pool with a tiny hashrate so their success rate is very low. From their FAQ: Quote Q: How likely is it to undo my transaction A: The likelihood is approximately the same as the percentage of mines using bitundo. Right now, this is pretty low. Title: Re: Double spending while spending bitcoin on stores Post by: picolo on March 13, 2015, 05:33:06 PM Double spends are possible, but really hard to do because you would have to send both of them quickly and to two different parts of the network and hope that the seller picks up the one you are going to drop and the miners the one you want to be confirmed. Once a miner has seen a transaction it will reject any address that contains the same inputs. I'm sure DannyHamilton or DeathAndTaxes can explain this a lot better. See this (https://bitcointalk.org/index.php?topic=329314.msg3535651#msg3535651) post by DeathAndTaxes for more information about sellers that accept 0 confirmation transactions. Hard to do, not successfull open and it would be considered a fraud when done successfully so the shop would investigate and find a picture of you from the surveillance camera and get you next time you shop with them. Title: Re: Double spending while spending bitcoin on stores Post by: cramved on March 13, 2015, 05:33:46 PM OP's scenario seems to describe a race attack: Quote Race attack Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain. Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker. The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections. Link: http://en.bitcoin.it/wiki/Double-spending Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong. The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally. Is it possible to know which one it will invalidate or is random? Miners can choose which transaction to include in the next block. Most pools will choose the one that came first although some (e.g. BitUndo (http://www.bitundo.com/)) will choose the one with the higher fee. So in most situations, the second transaction would be invalidated and never included in the blockchain. If you want to read a good explanation of how it works, see the first answer below: http://bitcoin.stackexchange.com/questions/26926/could-any-standard-fee-transaction-be-double-spent-by-using-a-higher-fee The bitundo actually sounds like a good idea but wouldn't they have to find the block for it to work? Yes, they would need to find a block. Fortunately, they are a tiny pool with a tiny hashrate so their success rate is very low. From their FAQ: Quote Q: How likely is it to undo my transaction A: The likelihood is approximately the same as the percentage of mines using bitundo. Right now, this is pretty low. I guess if you make a large mistake then it is probably better than nothing! Title: Re: Double spending while spending bitcoin on stores Post by: manselr on March 13, 2015, 06:10:00 PM Do you think it's possible and dangerous? It's so unlikely improvable that it's like worrying that your credit card may or not may have confirmed the payment through your bank. People dont worry about this, they seem to think credit cards are instantaneous.. people should think like that about BTC but its even more secure.Because it needs around a minute to 2 hours to confirm a block, and there is no way to wait a confirmation while you on the queqe line. Let just say they're "okay" with no current block confirmation and let you leave the store, but what if someone just sent a payment with no fees, make them not included and confirmed in the next block, Then after he leaves he quickly create a new transaction into his new wallet, make a double spending. What do you think? Title: Re: Double spending while spending bitcoin on stores Post by: Rude Boy on March 13, 2015, 06:16:19 PM you can double spend yout bits with some scripting skill.
But unfortunately, updated wallets are not allowing you to double spend :P Title: Re: Double spending while spending bitcoin on stores Post by: jbrnt on March 13, 2015, 06:25:11 PM I think someone must have tried double spending to test the network and so far there is no successful double spending attempts. Back to OP's question on buying a coffee with a transaction without a fee. I think merchants can assess the likelihood of it confirming and decide to accept or reject your payment.
Title: Re: Double spending while spending bitcoin on stores Post by: Lorenzo on March 13, 2015, 06:39:41 PM Do you think it's possible and dangerous? It's so unlikely improvable that it's like worrying that your credit card may or not may have confirmed the payment through your bank. People dont worry about this, they seem to think credit cards are instantaneous.. people should think like that about BTC but its even more secure.Because it needs around a minute to 2 hours to confirm a block, and there is no way to wait a confirmation while you on the queqe line. Let just say they're "okay" with no current block confirmation and let you leave the store, but what if someone just sent a payment with no fees, make them not included and confirmed in the next block, Then after he leaves he quickly create a new transaction into his new wallet, make a double spending. What do you think? I think someone must have tried double spending to test the network and so far there is no successful double spending attempts. Back to OP's question on buying a coffee with a transaction without a fee. I think merchants can assess the likelihood of it confirming and decide to accept or reject your payment. A distinction should be made between double spending where the same coins are spent twice and both transactions are confirmed and included in the blockchain and double spending where two transactions are broadcasted at roughly the same time and only one of these transactions actually goes through. The former scenario would only be possible in a 51 percent attack while the latter one is very much possible today. you can double spend yout bits with some scripting skill. But unfortunately, updated wallets are not allowing you to double spend :P Most wallets don't allow for double spending. As you said - in order to attempt it, you would need to make the transaction using a custom script. Title: Re: Double spending while spending bitcoin on stores Post by: Meuh6879 on March 13, 2015, 08:42:04 PM oh, and ... by the way ... the reality of nodes x 6400 ;D
http://img15.hostingpics.net/pics/7325807919.jpg Title: Re: Double spending while spending bitcoin on stores Post by: rikkie on March 14, 2015, 08:59:03 PM you can't double spend in an open environment ... This is not true.....well unless it is assumed that the attacker does not control any mining hardware and only executes his attack with nodes. you can double-spend with a isolated bitcoin core server and local network ... and a wallet with "trusted IP" pointed on this server (to accept 0-confirmation transaction). in real world, you can't have this ... even if you want. ;D If an attacker were to broadcast a particular transaction that is accepted by the nodes and then confirms a valid block that double spends at least one of the inputs from the transaction then the original transaction will no longer be valid and will fall out of the node's memory pool. Another alternative to confirming the double spend themselves would be to pay a pool to confirm a specific tx that happens to double spend at least one input from the unconfirmed transaction in question, I know there at least used to be at least one pool that offered this "service" Title: Re: Double spending while spending bitcoin on stores Post by: picolo on March 15, 2015, 12:04:09 AM you can't double spend in an open environment ... This is not true.....well unless it is assumed that the attacker does not control any mining hardware and only executes his attack with nodes. you can double-spend with a isolated bitcoin core server and local network ... and a wallet with "trusted IP" pointed on this server (to accept 0-confirmation transaction). in real world, you can't have this ... even if you want. ;D If an attacker were to broadcast a particular transaction that is accepted by the nodes and then confirms a valid block that double spends at least one of the inputs from the transaction then the original transaction will no longer be valid and will fall out of the node's memory pool. Another alternative to confirming the double spend themselves would be to pay a pool to confirm a specific tx that happens to double spend at least one input from the unconfirmed transaction in question, I know there at least used to be at least one pool that offered this "service" It is possible but complicated, costly and the shop will know so you can't shop there anymore without risking getting caught. Title: Re: Double spending while spending bitcoin on stores Post by: superresistant on June 24, 2015, 11:27:23 AM Is there such thing as a "well trusted and connected nodes list " ? I put myself in a situation of a merchant that want to prevent race attack. Title: Re: Double spending while spending bitcoin on stores Post by: turvarya on June 24, 2015, 11:37:06 AM you can't double spend in an open environment ... This is not true.....well unless it is assumed that the attacker does not control any mining hardware and only executes his attack with nodes. you can double-spend with a isolated bitcoin core server and local network ... and a wallet with "trusted IP" pointed on this server (to accept 0-confirmation transaction). in real world, you can't have this ... even if you want. ;D If an attacker were to broadcast a particular transaction that is accepted by the nodes and then confirms a valid block that double spends at least one of the inputs from the transaction then the original transaction will no longer be valid and will fall out of the node's memory pool. Another alternative to confirming the double spend themselves would be to pay a pool to confirm a specific tx that happens to double spend at least one input from the unconfirmed transaction in question, I know there at least used to be at least one pool that offered this "service" Title: Re: Double spending while spending bitcoin on stores Post by: Soros Shorts on June 24, 2015, 11:38:50 AM Is there such thing as a "well trusted and connected nodes list " ? I put myself in a situation of a merchant that want to prevent race attack. The one you quietly build yourself with servers colocated around the globe and with persistent connections to the biggest pools. |
