|
Title: technical question - is a fake unconfirmed transaction possible? Post by: og kush420 on August 19, 2013, 09:07:38 PM is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain.
sorry if this is a noob question. and i did search google before asking this... Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: TierNolan on August 19, 2013, 09:13:17 PM is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain. sorry if this is a noob question. and i did search google before asking this... Fake in what way? The process for spending money is to create a transaction and send it the 8+ nodes you are connected to. They verify it and then send it onward. I think they might not forward transactions unless they know about all the inputs. Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: gmaxwell on August 19, 2013, 09:45:50 PM Depends on what you mean by fake and who you trust to tell you about it (https://people.xiph.org/~greg/21mbtc.png) (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug).
Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: og kush420 on August 19, 2013, 09:57:15 PM Depends on what you mean by fake and who you trust to tell you about it (https://people.xiph.org/~greg/21mbtc.png) (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug). woh, nice haha, that is what im talking about, how did you do that?Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: og kush420 on August 19, 2013, 10:01:34 PM is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain. sorry if this is a noob question. and i did search google before asking this... Fake in what way? The process for spending money is to create a transaction and send it the 8+ nodes you are connected to. They verify it and then send it onward. I think they might not forward transactions unless they know about all the inputs. Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: gmaxwell on August 19, 2013, 10:07:58 PM I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface. The site pretty much validated nothing in the past.
These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week. before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6" is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to." Absent bugs the reference software can't be tricked this way.Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: og kush420 on August 20, 2013, 01:57:23 AM I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface. The site pretty much validated nothing in the past. How did you pull of the xss? im guessing you put javascript in the comment thing? i have seen them on the page These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week. before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6" is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to." Absent bugs the reference software can't be tricked this way.Code: Public Note: Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: gmaxwell on August 20, 2013, 02:14:41 AM How did you pull of the xss? im guessing you put javascript in the comment thing? i have seen them on the page No, I put javascript in the actual script of a transaction (https://blockchain.info/tx/59bd7b2cff5da929581fc9fef31a2fba14508f1477e366befb1eb42a8810a000?show_adv=true) with it decoded and displayed without escaping.Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: smolen on August 20, 2013, 02:35:51 AM No, I put javascript in the actual script of a transaction (https://blockchain.info/tx/59bd7b2cff5da929581fc9fef31a2fba14508f1477e366befb1eb42a8810a000?show_adv=true) with it decoded and displayed without escaping. :D :D :DThe next thing to worry are SQL injections Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: Andrey on November 18, 2013, 11:42:47 PM I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface. The site pretty much validated nothing in the past. These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week. before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6" is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to." Absent bugs the reference software can't be tricked this way.I am not very good in bitcoin internals, but it seems some tricks are still could be done with blockchain.info . Here is the fake transaction trying to make public believe that bitbonanza auction deposit was done by bitbonanza itself. https://blockchain.info/ru/address/12kBb6UA5ZCXkDgrivpBa9jwmbquH7MGod Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: e4xit on November 19, 2013, 10:58:18 AM Depends on what you mean by fake and who you trust to tell you about it (https://people.xiph.org/~greg/21mbtc.png) (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug). Holy shitballs dude, decent coinflow through your address ;) https://blockchain.info/address/1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM?offset=650&filter=0 Also, what is your opinion on the blockchain.info coinjoin implementation? Now that it is running at 0% fee, is it worth sticking everything through the 10 iterations, or what? Title: Re: technical question - is a fake unconfirmed transaction possible? Post by: michagogo on November 19, 2013, 12:05:04 PM Holy shitballs dude, decent coinflow through your address ;) https://blockchain.info/address/1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM?offset=650&filter=0 I don't think that 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM is his address. I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface. The site pretty much validated nothing in the past. |