|
macbook-air
|
 |
March 12, 2013, 06:22:02 PM |
|
All time UTC+08:00:
08:08 – Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee.
09:30 – The transaction was included in version 0.8's fork, block 225446
10:08 – Deposit completed, $9800 credited to my BTC-e account
12:53 – After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction.
13:01 – The double spend transaction was included in pre-0.8 fork block 225446
You should know what happens next...
I bet merchants would think twice before they decide to accept Bitcoins after the incident.
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
|
|
|
Jan
Legendary
 Offline
Activity: 1042
|
|
March 12, 2013, 06:38:27 PM |
|
All time UTC+08:00:
08:08 – Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee.
09:30 – The transaction was included in version 0.8's fork, block 225446
10:08 – Deposit completed, $9800 credited to my BTC-e account
12:53 – After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction.
13:01 – The double spend transaction was included in pre-0.8 fork block 225446
You should know what happens next...
I bet merchants would think twice before they decide to accept Bitcoins after the incident.
Ouch... |
Mycelium let's you hold your private keys private.
|
|
|
bg002h
Donator
Legendary
Offline
Activity: 1288
Got GLIPH? https://gli.ph/m *p-d-d
|
|
March 12, 2013, 06:38:59 PM |
|
All time UTC+08:00:
08:08 – Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee.
09:30 – The transaction was included in version 0.8's fork, block 225446
10:08 – Deposit completed, $9800 credited to my BTC-e account
12:53 – After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction.
13:01 – The double spend transaction was included in pre-0.8 fork block 225446
You should know what happens next...
I bet merchants would think twice before they decide to accept Bitcoins after the incident.
Good thing someone honest was the cause of the double spend... |
|
|
|
Jan
Legendary
Offline
Activity: 1042
|
|
March 12, 2013, 06:42:19 PM |
|
|
Mycelium let's you hold your private keys private.
|
|
|
Elwar
Legendary
Offline
Activity: 1904
www.bitpools.com
|
|
March 12, 2013, 06:47:22 PM |
|
Ugh...this is worse than we thought.
Is this the first double spend?
|
|
|
|
|
yokosan
|
|
March 12, 2013, 06:51:50 PM |
|
|
|
|
|
|
|
alir
|
|
March 12, 2013, 06:52:54 PM |
|
Guess they don't owe you anymore.
|
|
|
|
|
Largo
|
|
March 12, 2013, 07:00:44 PM |
|
Thats why merchants should have stopped accepting bitcoin deposits, at least those handing out some other form of cash instantly.
The problem was that 0.8 clients were thinking they are in the right fork (because that was actually the case before miners switched to 0.7) so it didnt stop the RPC interface like the 0.7 clients did.
|
|
|
|
|
Isokivi
|
|
March 12, 2013, 07:01:52 PM |
|
Heres a merchant giving 0-fucks about double spends, go for it. www.btctrinkets.com Every single payment goes trough a payment processor (mtgox) and I verify every single payment by hand. |
Bitcoin trinkets now on my online store: btc trinkets.com <- Bitcoin Tiepins, cufflinks, lapel pins, keychains, card holders and challenge coins. |
|
|
etotheipi
Legendary
Offline
Activity: 1428
Core Armory Developer
|
|
March 12, 2013, 07:04:49 PM |
|
Any guesses as to the reason it didn't show up in the pre-0.8 branch? I don't see any reason that the original transaction could be systematically rejected by one branch and not the other. Even transactions that hadn't made it into blocks in the pre-0.7 branch should still be in the nodes' memory pools and double-spends rejected.
gmaxwell pointed out that this could happen if an attacker started by flooding the system with duplicate transactions hoping to create disagreement, but it sounds like macbook-air did not do that.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1344
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
March 12, 2013, 07:13:20 PM |
|
A serious solution is simply for several major stakeholders to publish signed endorsements and/or kills to blocks. Users can subscribe to them, and if a supermajority agrees to kill a block, the merchant at the very least can be configured to stop and go into safe mode.
I have thought of this long ago, now others might take the idea seriously. It was aggressively rejected in the past under the pretense it was too "centralized". I believe we need it to raise the bar on the risk of a 51% attack.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper wallets instead.
|
|
|
elux
Legendary
Offline
Activity: 1453
|
|
March 12, 2013, 07:16:18 PM |
|
All time UTC+08:00:
08:08 – Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee.
09:30 – The transaction was included in version 0.8's fork, block 225446
10:08 – Deposit completed, $9800 credited to my BTC-e account
12:53 – After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction.
13:01 – The double spend transaction was included in pre-0.8 fork block 225446
You should know what happens next...
I bet merchants would think twice before they decide to accept Bitcoins after the incident.
Ouch... And the other: http://blockchain.info/tx-index/59996016The "unconfirmed" transaction was included in http://blockchain.info/block-index/357971, later orphaned. Story seems to check out. How many confirmations did the first transaction get? |
|
|
|
|
TheButterZone
Legendary
Offline
Activity: 1554
Nemo me impune lacessit
|
|
March 12, 2013, 07:18:04 PM |
|
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 1960
|
|
March 12, 2013, 07:20:09 PM |
|
gmaxwell pointed out that this could happen if an attacker started by flooding the system with duplicate transactions hoping to create disagreement, but it sounds like macbook-air did not do that.
One way would be for miners on the other fork to already have long mempool queues, and so the transaction was just waiting to get mined but they had it. The miners were restarted to switch from 0.8 to 0.7 and in doing so that instantly expires their mempools, and nothing will resync them. Once an entry is mempool expired then all it takes it the transaction managing to get relayed to one of them. |
|
|
|
|
|
MrCrabs
|
|
March 12, 2013, 07:21:24 PM |
|
How serious is this please. Double spends I thought were impossible .  |
|
|
|
|
Melbustus
Legendary
Offline
Activity: 1554
|
|
March 12, 2013, 07:26:35 PM |
|
How serious is this please. Double spends I thought were impossible . Was only an issue while there were two chains; ie, for a couple hours last night. The possibility was well-known, which is why it was recommended that merchants, exchanges, etc, stop taking payments/deposits until the issue was resolved, which it now is. |
Bitcoin is the first monetary system to credibly offer perfect information to all economic participants. But Bitcointalk & /r/bitcoin are heavily censored. bitco.in/forum, forum.bitcoin.com, and /r/btc are open. Best info on Casascius coins: http://spotcoins.com/casascius |
|
|
|
nevafuse
|
|
March 12, 2013, 07:35:06 PM |
|
Any guesses as to the reason it didn't show up in the pre-0.8 branch? I don't see any reason that the original transaction could be systematically rejected by one branch and not the other. Even transactions that hadn't made it into blocks in the pre-0.7 branch should still be in the nodes' memory pools and double-spends rejected.
Is this the only successful double spend from last night? Maybe the difference will be easier to spot if there are others. Sounds like there may be other fork issues besides the database problem. |
The only reason to limit the block size is to subsidize non-Bitcoin currencies
|
|
|
Spekulatius
Legendary
Offline
Activity: 1022
|
|
March 12, 2013, 07:35:34 PM |
|
@ OP: Did you repay OK? 
|
|
|
|
|
|
Ivica
|
|
March 12, 2013, 07:37:14 PM |
|
@ OP: Did you repay OK? Nope, until they repay 64.91410001 BTC. |
|
|
|
Nick
Jr. Member
Offline
Activity: 54
|
|
March 12, 2013, 07:41:05 PM |
|
A serious solution is simply for several major stakeholders to publish signed endorsements and/or kills to blocks. Users can subscribe to them, and if a supermajority agrees to kill a block, the merchant at the very least can be configured to stop and go into safe mode.
I have thought of this long ago, now others might take the idea seriously. It was aggressively rejected in the past under the pretense it was too "centralized". I believe we need it to raise the bar on the risk of a 51% attack.
I have just read this on the reddit thread: Merchants like this probably need to build something into their systems to automatically go into a safe mode if a 2-3 block fork is detected. This might be an equally effective but less centralized approach. What do you think? |
|
|
|
|
blablahblah
Legendary
Offline
Activity: 775
|
|
March 12, 2013, 07:41:23 PM |
|
How serious is this please. Double spends I thought were impossible . Was only an issue while there were two chains; ie, for a couple hours last night. The possibility was well-known, which is why it was recommended that merchants, exchanges, etc, stop taking payments/deposits until the issue was resolved, which it now is. Yep, I guess strictly speaking it's "single-spend in 2 currencies". But of course, having multiple chains is ideological anathema, therefore there seems to be no infrastructure to handle it. |
|
|
|
|
RodeoX
Legendary
Offline
Activity: 2058
The revolution will be monetized!
|
|
March 12, 2013, 07:44:07 PM |
|
If I am reading this correctly, it could only happen during this weird period when we had several blockchains floating around. Is that correct?
|
|
|
|
Piper67
Legendary
Offline
Activity: 994
|
|
March 12, 2013, 07:45:06 PM |
|
If I am reading this correctly, it could only happen during this weird period when we had several blockchains floating around. Is that correct?
Yes, the "Schroedinger Cat period" during which the coins are both alive and dead. As soon as the blockchain became whole again, either one or the other has to materialise. |
|
|
|
|
Elwar
Legendary
Offline
Activity: 1904
www.bitpools.com
|
|
March 12, 2013, 07:45:27 PM |
|
This might be an equally effective but less centralized approach. What do you think?
How does one detect a fork? Some guy in his basement can create a fork with his own new code but be useless due to most transactions going with the main fork, but it would still be a fork. |
|
|
|
Spaceman_Spiff
Legendary
Offline
Activity: 1344
|
|
March 12, 2013, 07:47:39 PM |
|
This might be an equally effective but less centralized approach. What do you think?
How does one detect a fork? Some guy in his basement can create a fork with his own new code but be useless due to most transactions going with the main fork, but it would still be a fork. That is what waiting for x confirmations is for . |
|
|
|
|
|
Atheros
|
|
March 12, 2013, 07:48:09 PM |
|
This might be an equally effective but less centralized approach. What do you think?
How does one detect a fork? Some guy in his basement can create a fork with his own new code but be useless due to most transactions going with the main fork, but it would still be a fork. Run several versions of Bitcoin and if they start to mutually deviate over three blocks then that is either a fork or is, a least, sufficient reason for merchants to go into safe mode. Sounds to me like a business opportunity. Actually, if this is implemented, it would make it much safer for alternative full Bitcoin clients to operate because we could detect the inevitable chain splits quickly and safely. |
BM-GteJMPqvHRUdUHHa1u7dtYnfDaH5ogeY Bitmessage.org - Decentralized, trustless, encrypted, authenticated messaging protocol and client. |
|
|
somenick
Legendary
Offline
Activity: 1308
|
|
March 12, 2013, 07:48:16 PM |
|
I've heard he was already catched  |
|
|
|
|
RodeoX
Legendary
Offline
Activity: 2058
The revolution will be monetized!
|
|
March 12, 2013, 07:48:55 PM |
|
If I am reading this correctly, it could only happen during this weird period when we had several blockchains floating around. Is that correct?
Yes, the "Schroedinger Cat period" during which the coins are both alive and dead. As soon as the blockchain became whole again, either one or the other has to materialise. Haha, I like that analogy. |
|
|
|
|
mccorvic
|
|
March 12, 2013, 07:49:56 PM |
|
This might be an equally effective but less centralized approach. What do you think?
How does one detect a fork? Some guy in his basement can create a fork with his own new code but be useless due to most transactions going with the main fork, but it would still be a fork. I have a whole drawer full of forks, but so far all have been ignored  |
|
|
|
Micon
Legendary
Offline
Activity: 1218
I'm not the law, but I represent justice
|
|
March 12, 2013, 08:05:47 PM |
|
Excuse my non-technical, conceptual-only questions / thoughts / checking if I have this right in my head: 1) There was no *permanent* "double spend" right? i.e. the transaction on the .8 fork would have eventually been orphaned / dumped / never credited to the address specified in the .8 block? 2) The risk here (and reason why SwC shut off all deposits / withdraws for a few hrs until this was resolved) was that during this very odd period a sophisticated user could use multiple 0-conf services that would all at the same time believe they were getting the same coins, but after the blockchain becomes 1 again only 1 of the transactions would actually be included in the "real" blockchain? also, if this ever happens again, I think we should use this pic:  and sorry if there has already been a 2 Chainz reference. |
|
|
|
|
iddo
|
|
March 12, 2013, 08:09:01 PM |
|
A serious solution is simply for several major stakeholders to publish signed endorsements and/or kills to blocks. Users can subscribe to them, and if a supermajority agrees to kill a block, the merchant at the very least can be configured to stop and go into safe mode.
I have thought of this long ago, now others might take the idea seriously. It was aggressively rejected in the past under the pretense it was too "centralized". I believe we need it to raise the bar on the risk of a 51% attack.
Your centralized protocol with few designated major stakeholders is indeed a terrible idea imho, for the reasons that we discussed in your thread. Fully decentralized proof-of-stake protocol can be sound, and can have several additional features that are very beneficial (in exchange for the additional complexity in the work that the nodes perform), but the security analysis should take into account bribe attacks etc., as discussed in the PoA thread. Peer review for the best protocol that we came up with so far would be very welcome, see here. |
|
|
|
|
|
mccorvic
|
|
March 12, 2013, 08:15:07 PM |
|
Excuse my non-technical, conceptual-only questions / thoughts / checking if I have this right in my head:
1) There was no *permanent* "double spend" right? i.e. the transaction on the .8 fork would have eventually been orphaned / dumped / never credited to the address specified in the .8 block?
2) The risk here (and reason why SwC shut off all deposits / withdraws for a few hrs until this was resolved) was that during this very odd period a sophisticated user could use multiple 0-conf services that would all at the same time believe they were getting the same coins, but after the blockchain becomes 1 again only 1 of the transactions would actually be included in the "real" blockchain?
Your points are my understanding. The double spend was allowed only because the service provider here wasn't on the ball. |
|
|
|
Gabi
Legendary
Offline
Activity: 1050
|
|
March 12, 2013, 08:28:30 PM |
|
That is why bitcoin is still beta software
|
|
|
|
|
|
impulse
|
|
March 12, 2013, 08:34:44 PM |
|
Excuse my non-technical, conceptual-only questions / thoughts / checking if I have this right in my head:
1) There was no *permanent* "double spend" right? i.e. the transaction on the .8 fork would have eventually been orphaned / dumped / never credited to the address specified in the .8 block?
2) The risk here (and reason why SwC shut off all deposits / withdraws for a few hrs until this was resolved) was that during this very odd period a sophisticated user could use multiple 0-conf services that would all at the same time believe they were getting the same coins, but after the blockchain becomes 1 again only 1 of the transactions would actually be included in the "real" blockchain?
Your points are my understanding. The double spend was allowed only because the service provider here wasn't on the ball. Yeah, I think it's important to distinguish here for non-techie people that this is not a double-spend within the merged blockchain, this is a double-spend against OKPAY because of their clearing policy and the unusal circumstances of last night. This does not violate the promise that the blockchain prohibits double spends. |
|
|
|
|
Gabi
Legendary
Offline
Activity: 1050
|
|
March 12, 2013, 08:36:09 PM |
|
Forcing the 0.7 clients to upgrade to 0.8 instead of orphaning the chain would have avoided that... but would require everyone in the bitcoin world to upgrade...
|
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 12, 2013, 08:36:23 PM |
|
This might be an equally effective but less centralized approach. What do you think?
How does one detect a fork? Some guy in his basement can create a fork with his own new code but be useless due to most transactions going with the main fork, but it would still be a fork. Run several versions of Bitcoin and if they start to mutually deviate over three blocks then that is either a fork or is, a least, sufficient reason for merchants to go into safe mode. Sounds to me like a business opportunity. Cool idea! And yes, this _is_ a business opportunity of, some size even. The clients could not only be of different codebase (differnt versions and different clients), but also try to be connected to different "parts" of the network in order to also be able to detect a network split. Now add different configuration options and you have a whole bunch of instances you need to run and maintain. Hmm, that begs the question: why run the instances yourself in the first place? Why not simply ask a bunch of clients about their opinion about the latest block (height and hash or whatever) via the protocol itself? Would that also be workable or does that approach have a problem? |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 12, 2013, 08:38:55 PM |
|
Any guesses as to the reason it didn't show up in the pre-0.8 branch? I don't see any reason that the original transaction could be systematically rejected by one branch and not the other. Even transactions that hadn't made it into blocks in the pre-0.7 branch should still be in the nodes' memory pools and double-spends rejected.
Has this been answered? |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Gabi
Legendary
Offline
Activity: 1050
|
|
March 12, 2013, 08:47:22 PM |
|
Any guesses as to the reason it didn't show up in the pre-0.8 branch? I don't see any reason that the original transaction could be systematically rejected by one branch and not the other. Even transactions that hadn't made it into blocks in the pre-0.7 branch should still be in the nodes' memory pools and double-spends rejected.
Has this been answered? Indeed, this is a good question. Every client should have refused the second transaction, since it was a double spend. So what happened? A miner somehow received it and confirmed it because of the higher fee? |
|
|
|
|
|
pera
|
|
March 12, 2013, 08:48:58 PM |
|
[..]
Hmm, that begs the question: why run the instances yourself in the first place? Why not simply ask a bunch of clients about their opinion about the latest block (height and hash or whatever) via the protocol itself? Would that also be workable or does that approach have a problem?
could be something like this be implemented on the client to measure a potential fork? |
キタ━━━━(゚∀゚)━━━━ッ!!
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 12, 2013, 08:49:45 PM |
|
Any guesses as to the reason it didn't show up in the pre-0.8 branch? I don't see any reason that the original transaction could be systematically rejected by one branch and not the other. Even transactions that hadn't made it into blocks in the pre-0.7 branch should still be in the nodes' memory pools and double-spends rejected.
Has this been answered? Indeed, this is a good question. Every client should have refused the second transaction, since it was a double spend. So what happened? A miner somehow received it and confirmed it because of the higher fee? Stupid question: did everyones 0.7-client crash (or restart or clear the mempool) upon failure to commit the big block? That would explain it, no? If that's the reason, maybe the "mempool" should be a "diskpool". |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Wekkel
Legendary
Offline
Activity: 1372
|
|
March 12, 2013, 08:50:27 PM |
|
A great opportunity to upgrade the software  |
Like this post? you can tip me (BTC) 1LGi2DMhectdFSkBid5srrnHk8WHgD3V1d or very WoW (Doge) D9p6FZQb1sKkq9hApy4tnjSduYfdnc74bb
|
|
|
Gabi
Legendary
Offline
Activity: 1050
|
|
March 12, 2013, 08:51:57 PM |
|
Clients didn't crash, they just refused the "weird" block. Or did they crash?
|
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 12, 2013, 08:52:26 PM |
|
[..]
Hmm, that begs the question: why run the instances yourself in the first place? Why not simply ask a bunch of clients about their opinion about the latest block (height and hash or whatever) via the protocol itself? Would that also be workable or does that approach have a problem?
could be something like this be implemented on the client to measure a potential fork? probably. I don't know enough about the protocol myself to answer this question. But say you have 8 connections and one reports a different hash for the newest block (or a lower chain height)... this wouldn't in itself mean much. You'd have to have access to a larger sample, so maybe it'd make sense to implement this as a service with an api that publishes some kind of "alert level" to be used by merchants to halt accepting bitcoin above a certain treshold. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
etotheipi
Legendary
Offline
Activity: 1428
Core Armory Developer
|
|
March 12, 2013, 09:01:34 PM |
|
gmaxwell answered it: a large majority of mining power switched to running 0.7 -- which meant restarting the miners and clearing their memory pools. With the right dynamics, a rebroadcast would not repropagate because most nodes had not been restarted and would not rebroadcast it. Thus, those miners that restarted, started mining without it, and accepted the double-spend as a first-spend.
That particular theory, if correct, suggests that it's safer to have saved memory pools between loads, to make the keep/drop decision deterministic. It would also appease those that want to do far-future locked transactions, whose transactions cannot, by definition, survive a software update cycle. At least it would give clients/miners a choice about their locked-tx policy, rather than having it decided for them (drop all tx on restart).
|
|
|
|
|
jago25_98
|
|
March 12, 2013, 09:11:05 PM |
|
Out of interest, how far did the spend get before the 0.8 chain went dominant? I take it that it didn't even get to 1 confirmation? How many confirmations was OKPay requiring at the time? 6 confirms at gox annoys me so it's a useful case study.
|
|
|
|
|
dooglus
Legendary
Offline
Activity: 1946
|
|
March 12, 2013, 09:14:07 PM |
|
That particular theory, if correct, suggests that it's safer to have saved memory pools between loads
Would that have helped in this situation? The first spend had already been mined on the 0.8 chain, and so wouldn't have been in the mempool any more. Even if the mempool persisted when the miner switched to 0.7, the first spend wouldn't be known and so the double spend would still be added to the mempool when broadcast. |
|
|
|
|
Aseras
|
|
March 12, 2013, 09:18:06 PM |
|
Any guesses as to the reason it didn't show up in the pre-0.8 branch? I don't see any reason that the original transaction could be systematically rejected by one branch and not the other. Even transactions that hadn't made it into blocks in the pre-0.7 branch should still be in the nodes' memory pools and double-spends rejected.
Has this been answered? Perfect timing, the second transaction went in because it was mined, and at the same time enough pools reverted while the chain was reloaded that it was 51% and the other block was considered orphaned so it was included. |
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 12, 2013, 09:24:54 PM |
|
gmaxwell answered it: a large majority of mining power switched to running 0.7 -- which meant restarting the miners and clearing their memory pools. With the right dynamics, a rebroadcast would not repropagate because most nodes had not been restarted and would not rebroadcast it. Thus, those miners that restarted, started mining without it, and accepted the double-spend as a first-spend.
gmaxwell and gwillen just enlightened me a little further on #bitcoin-dev. The scenario seems likely to me now especially after I got the info that only about 10% of the miners had been on 0.7 before the split. They probably had the initial TX, but just didn't find a block in time. I also understand why the 0.7 chain was chosen: if the 0.8 chains was chosen, double-spends would even now still be possible against merchants who are still asleep about the issue, which is worse. A question still: rebroadcast? How does that work? Who would rebroadcasts the tx and triggered by what? That particular theory, if correct, suggests that it's safer to have saved memory pools between loads, to make the keep/drop decision deterministic.
Saved memory pools, or maybe something in the protocol that enables syncing of the mempool from other peers? Sounds good, but again I don't know enough. EDIT: fixed 0.7/0.8 mixup |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 12, 2013, 09:27:57 PM |
|
That particular theory, if correct, suggests that it's safer to have saved memory pools between loads
Would that have helped in this situation? The first spend had already been mined on the 0.8 chain, and so wouldn't have been in the mempool any more. Even if the mempool persisted when the miner switched to 0.7, the first spend wouldn't be known and so the double spend would still be added to the mempool when broadcast. Probably true. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
TheSeven
|
|
March 12, 2013, 09:34:21 PM |
|
I also understand why the 0.8 chain was chosen: if the 0.7 chains was chosen, double-spends would even now still be possible against merchants who are still asleep about the issue, which is worse. That's exactly the wrong way round. The 0.7 chain was chosen, because this would have happened if the 0.8 one would have been chosen. |
My tip jar: 13kwqR7B4WcSAJCYJH1eXQcxG5vVUwKAqY
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 12, 2013, 09:42:24 PM |
|
I also understand why the 0.8 chain was chosen: if the 0.7 chains was chosen, double-spends would even now still be possible against merchants who are still asleep about the issue, which is worse. That's exactly the wrong way round. The 0.7 chain was chosen, because this would have happened if the 0.8 one would have been chosen. thanks, fixed in my post |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
bitcoinbetas
|
|
March 12, 2013, 09:48:43 PM |
|
If I am reading this correctly, it could only happen during this weird period when we had several blockchains floating around. Is that correct?
Correct. Nothing to see here.... |
|
|
|
|
|
Largo
|
|
March 12, 2013, 09:52:40 PM |
|
I also understand why the 0.8 chain was chosen: if the 0.7 chains was chosen, double-spends would even now still be possible against merchants who are still asleep about the issue, which is worse. That's exactly the wrong way round. The 0.7 chain was chosen, because this would have happened if the 0.8 one would have been chosen. If the 0.8 chain was chosen, no double spends would have happened since RPC interface on 0.7 clients was stopped and client showed a 'you might need to upgrade/downgrade' message. At least for me, ironically it made me upgrade to 0.8, because i noticed it before the threads started. |
|
|
|
Fiyasko
Legendary
Offline
Activity: 1428
Okey Dokey Lokey
|
|
March 12, 2013, 10:51:45 PM |
|
Oh my god... Do we blame the services? Or the client upgrade?
|
|
|
|
|
|
|
|
Piper67
Legendary
Offline
Activity: 994
|
|
March 12, 2013, 11:37:38 PM |
|
|
|
|
|
|
iCEBREAKER
Legendary
Offline
Activity: 1456
Crypto is the separation of Power and State.
|
|
March 12, 2013, 11:44:58 PM |
|
How does one detect a fork?
Run several versions of Bitcoin and if they start to mutually deviate over three blocks then that is either a fork or is, a least, sufficient reason for merchants to go into safe mode. Sounds to me like a business opportunity. Actually, if this is implemented, it would make it much safer for alternative full Bitcoin clients to operate because we could detect the inevitable chain splits quickly and safely. You're reading my mind bro. Any service handling serious amounts of BTC should be running a .7 (stable) and a .8 (beta) while checking the outputs for diff. Also, why didn't .7's large block problem show up on testnet? |
|
|
|
jubalix
Legendary
Offline
Activity: 1288
|
|
March 13, 2013, 12:03:37 AM |
|
well this is a fine mess one block chain goes sailing of into the abyss, but on the way people still think it ok and so cash in on int
it was the *other block chain* that was actually the real one, with no record of what is no longer the truth.
Oh look my moneys back!!!
Oh look i did not get those bitcoins!
|
::CoinWatch:: watch your PPC/BTC/LTC addresses and get a running balance, no QT, no private keys, no passwords, no logins no, sign ups.
|
|
|
|
sd
|
|
March 13, 2013, 12:22:57 AM |
|
Also, why didn't .7's large block problem show up on testnet?
I suspect because nobody was testing for this problem. Client testing needs to be radically improved if bitcoin is going to be a success. |
|
|
|
|
arklan
Legendary
Offline
Activity: 1204
Just along for the ride...
|
|
March 13, 2013, 12:24:25 AM |
|
Also, why didn't .7's large block problem show up on testnet?
I suspect because nobody was testing for this problem. Client testing needs to be radically improved if bitcoin is going to be a success. agreed. unfortunately it's kinda difficult. i mean, as someone involved in the testing of bitcoin, i have one pc, with one OS. the tests i can do are limited. |
|
|
|
|
|
makomk
|
|
March 13, 2013, 12:27:40 AM |
|
Excuse my non-technical, conceptual-only questions / thoughts / checking if I have this right in my head:
1) There was no *permanent* "double spend" right? i.e. the transaction on the .8 fork would have eventually been orphaned / dumped / never credited to the address specified in the .8 block?
2) The risk here (and reason why SwC shut off all deposits / withdraws for a few hrs until this was resolved) was that during this very odd period a sophisticated user could use multiple 0-conf services that would all at the same time believe they were getting the same coins, but after the blockchain becomes 1 again only 1 of the transactions would actually be included in the "real" blockchain?
In theory this didn't just affect 0-confirmation services. The transaction on the 0.8 side of the double-spend got 15 confirmations on that fork before it was invalidated by the conflicting transaction from the 0.7 side of the fork, which is more confirmations than anyone requires. |
Quad XC6SLX150 Board: 860 MHash/s or so. SIGS ABOUT BUTTERFLY LABS ARE PAID ADS |
|
|
|
oakpacific
|
|
March 13, 2013, 01:06:33 AM |
|
Excuse my non-technical, conceptual-only questions / thoughts / checking if I have this right in my head:
1) There was no *permanent* "double spend" right? i.e. the transaction on the .8 fork would have eventually been orphaned / dumped / never credited to the address specified in the .8 block?
2) The risk here (and reason why SwC shut off all deposits / withdraws for a few hrs until this was resolved) was that during this very odd period a sophisticated user could use multiple 0-conf services that would all at the same time believe they were getting the same coins, but after the blockchain becomes 1 again only 1 of the transactions would actually be included in the "real" blockchain?
In theory this didn't just affect 0-confirmation services. The transaction on the 0.8 side of the double-spend got 15 confirmations on that fork before it was invalidated by the conflicting transaction from the 0.7 side of the fork, which is more confirmations than anyone requires. So I think the 6-confirmation recommendation should be changed: tell the merchants to wait for as many as possible if time permits, or if the amount is large. |
|
|
|
datafish
Donator
Full Member
Offline
Activity: 125
Swimming in a sea of data
|
|
March 13, 2013, 02:50:28 AM |
|
So I think the 6-confirmation recommendation should be changed: tell the merchants to wait for as many as possible if time permits, or if the amount is large.
How about 6 confirmations plus the length of the longest fork difference, which is usually 0 or 1. I think we need an automated fork monitoring system, with red alerts to the devs, miners and merchants when it gets greater than 2 blocks. |
|
|
|
|
|
oakpacific
|
|
March 13, 2013, 03:00:12 AM |
|
So I think the 6-confirmation recommendation should be changed: tell the merchants to wait for as many as possible if time permits, or if the amount is large.
How about 6 confirmations plus the length of the longest fork difference, which is usually 0 or 1. I think we need an automated fork monitoring system, with red alerts to the devs, miners and merchants when it gets greater than 2 blocks. There would be no way of knowing whether the longest one is the correct one, i.e., someone mined an orphan block and is immediately rejected, yet the main chain's difference to the orphaned chain will still continue to grow, but the monitoring system is a good idea, if both branches are detected to have two or more blocks, everyone gets an alert, and the merchant will keep requesting new confirmations until one branch stops growing for a certain period of time. |
|
|
|
|
DBordello
|
|
March 13, 2013, 03:19:23 AM |
|
Currently the merchant just polls the transaction for the number of confirmations. The client never says "this one is non-reversible". This kind of monitoring system would require the client to make a judgement call.
|
www.BTCPak.com - Exchange your bitcoins for MP: Secure, Anonymous and Easy!
|
|
|
iCEBREAKER
Legendary
Offline
Activity: 1456
Crypto is the separation of Power and State.
|
|
March 13, 2013, 03:30:57 AM |
|
Also, why didn't .7's large block problem show up on testnet?
I suspect because nobody was testing for this problem. Client testing needs to be radically improved if bitcoin is going to be a success. agreed. unfortunately it's kinda difficult. i mean, as someone involved in the testing of bitcoin, i have one pc, with one OS. the tests i can do are limited. Really? You can't emulate testnets-in-a-VM and try ranges of values for different parameters to see what breaks? |
|
|
|
|
oakpacific
|
|
March 13, 2013, 03:35:59 AM |
|
Currently the merchant just polls the transaction for the number of confirmations. The client never says "this one is non-reversible". This kind of monitoring system would require the client to make a judgement call.
I don't think you even need to change the client, it's about if the merchant delivers the final goods or not, so it could be an additional system that just checks the blockchain for possible forks. |
|
|
|
Maged
Legendary
Offline
Activity: 1260
|
|
March 13, 2013, 03:36:32 AM |
|
So I think the 6-confirmation recommendation should be changed: tell the merchants to wait for as many as possible if time permits, or if the amount is large.
How about 6 confirmations plus the length of the longest fork difference, which is usually 0 or 1. I think we need an automated fork monitoring system, with red alerts to the devs, miners and merchants when it gets greater than 2 blocks. There would be no way of knowing whether the longest one is the correct one, i.e., someone mined an orphan block and is immediately rejected, yet the main chain's difference to the orphaned chain will still continue to grow, but the monitoring system is a good idea, if both branches are detected to have two or more blocks, everyone gets an alert, and the merchant will keep requesting new confirmations until one branch stops growing for a certain period of time. More importantly, if there is ever an orphan chain that appears to have more than a few percent of the hashing power, ALL clients should enter safe mode. The only time we wouldn't want that is if we did an intentional hard fork, but in that case the incompatible ("new") chain should have over 90% of the hashing power |
|
|
|
robbonz
Newbie
Offline
Activity: 25
|
|
March 13, 2013, 04:25:21 AM |
|
|
|
|
|
|
eldentyrell
Donator
Legendary
Offline
Activity: 966
felonious vagrancy, personified
|
|
March 13, 2013, 05:04:25 AM |
|
Merchants like this probably need to build something into their systems to automatically go into a safe mode if a 2-3 block fork is detected. This might be an equally effective but less centralized approach. What do you think? Yeah, this is probably the solution. The Satoshi client already watches for long invalid chains -- a chain it thinks is malformed but yet has had more hashpower thrown at it than any other. The 0.7 clients saw this happen; it's what triggered the "maybe you need to upgrade" message. Unfortunately this never happened from the perspective of 0.8 clients. From their perspective the whole network suddenly colluded to perform a massive 51% attack by orphaning a huge part of the chain. Unfortunately it doesn't look like this can be ruled out in the future -- a situation where the miners have to choose between orphaning a huge branch vs permanently splitting the network (I hope they'll continue choosing the former). So watching not only for long er invalid chains but also for unusually-long-but-not-longest branches is probably something that needs to happen. How does one detect a fork?
Run several versions of Bitcoin You can do it without having to run multiple clients. Example: if there is a branch more than six blocks long and the forking point is less than 144 blocks (~24 hours) back, stay in safe mode until this is no longer true. This will protect users on both sides of the fork so long as (a) nobody's trusting transactions with less than six confirmations and (b) the problem is discovered within 24 hours. |
The printing press heralded the end of the Dark Ages and made the Enlightenment possible, but it took another three centuries before any country managed to put freedom of the press beyond the reach of legislators. So it may take a while before cryptocurrencies are free of the AML-NSA-KYC surveillance plague.
|
|
|
jl2012
Legendary
Offline
Activity: 1470
|
|
March 13, 2013, 05:06:05 AM |
|
Is this the only sucessful double spend yesterday? Has anyone made a detailed analysis?
|
Donation address: 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517 Bitcoin Wizards Wiki: https://8333.info/ |
|
|
arklan
Legendary
Offline
Activity: 1204
Just along for the ride...
|
|
March 13, 2013, 05:24:09 AM |
|
Also, why didn't .7's large block problem show up on testnet?
I suspect because nobody was testing for this problem. Client testing needs to be radically improved if bitcoin is going to be a success. agreed. unfortunately it's kinda difficult. i mean, as someone involved in the testing of bitcoin, i have one pc, with one OS. the tests i can do are limited. Really? You can't emulate testnets-in-a-VM and try ranges of values for different parameters to see what breaks? while obviously that's possible, i'm sad ot admit it's beyond my knowledge, currently. |
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 13, 2013, 06:42:54 AM |
|
So I think the 6-confirmation recommendation should be changed: tell the merchants to wait for as many as possible if time permits, or if the amount is large.
How about 6 confirmations plus the length of the longest fork difference, which is usually 0 or 1. I think we need an automated fork monitoring system, with red alerts to the devs, miners and merchants when it gets greater than 2 blocks. +1 |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2086
|
|
March 13, 2013, 06:44:19 AM |
|
Currently the merchant just polls the transaction for the number of confirmations. The client never says "this one is non-reversible". This kind of monitoring system would require the client to make a judgement call.
I don't think you even need to change the client, it's about if the merchant delivers the final goods or not, so it could be an additional system that just checks the blockchain for possible forks. it's not quite that simple: which blockchain? |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
Prattler
|
|
March 13, 2013, 09:22:38 AM |
|
Well to be fair, OKpay did a pretty lousy job.
Cheap, fast, secure – you can only choose 2.
1. Cheap and secure: wait for a big number of confirmations, depending on the transaction size and business type.
2. Fast and secure: you need to have people and automatic warning systems to hold payments when something goes bad.
3. Cheap and fast: don't allow users to cash out big sums.
OKpay went with option 3. It's unfortunate it happened, they would have avoided trouble, had they gone with options 1 or 2.
I don't think this will seriously damage bitcoin. If anything, payment processors will implement warning systems that will automatically suspend payments and prevent this in the future.
|
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1414
|
|
March 13, 2013, 09:46:14 AM |
|
You already have your 64.xxxx BTC. Unconfirmed yet. Now you can sleep |
|
|
|
Grami
Jr. Member
Offline
Activity: 38
|
|
March 13, 2013, 09:48:17 AM |
|
|
|
|
|
|
OKPAY
Jr. Member
Offline
Activity: 32
OKPAY Inc. representative
|
|
March 13, 2013, 09:49:16 AM |
|
This is not the way to do customer service. If not this incident, I don't know when they start to care me and return me the 64.xxx BTC.
The payment has been successfully completed http://blockchain.info/tx/cf7121622d6b208357b2a115cc75a9be283f8996dd7d6f612923b30f600bcaddYup the "duplicate" payment has been payed out and thus the amount of 64 BTC was put on hold before user agreed to return the faulty payment. So everything could be solved much faster and easier by contacting support. I suppose it's always a tempting to try to get away with something that not belongs to you. |
Bitcoin >> OKPAY payments are instant. We require 6 confirmations to complete a transfer.
|
|
|
S-Fattah
Newbie
Offline
Activity: 27
|
|
March 13, 2013, 10:16:47 AM |
|
Well done, guys.
One question: This guy has returned your money?
|
|
|
|
|
OKPAY
Jr. Member
Offline
Activity: 32
OKPAY Inc. representative
|
|
March 13, 2013, 10:25:08 AM |
|
Yes we resolved this situation.
|
Bitcoin >> OKPAY payments are instant. We require 6 confirmations to complete a transfer.
|
|
|
|
oakpacific
|
|
March 13, 2013, 10:28:06 AM |
|
Currently the merchant just polls the transaction for the number of confirmations. The client never says "this one is non-reversible". This kind of monitoring system would require the client to make a judgement call.
I don't think you even need to change the client, it's about if the merchant delivers the final goods or not, so it could be an additional system that just checks the blockchain for possible forks. it's not quite that simple: which blockchain? The simplest way is to just query a third party, e.g., blockchain.info's API, I am sure there are many other methods, to those who are on the orphaned chain, the main chain is just their orphaned chain, you only need to decide if there is a big difference between the two chains, no need to decide which one is right. |
|
|
|
|
luv2drnkbr
|
|
March 14, 2013, 02:12:13 AM |
|
Currently the merchant just polls the transaction for the number of confirmations. The client never says "this one is non-reversible". This kind of monitoring system would require the client to make a judgement call.
I don't think you even need to change the client, it's about if the merchant delivers the final goods or not, so it could be an additional system that just checks the blockchain for possible forks. it's not quite that simple: which blockchain? the longest one. that's always the main chain. that's why the two forks were called the 0.8 chain and the 0.7 chain. chains that aren't the longest are the forks. for a while the 0.7 chain was the fork until miners agreed with gavin that they should switch to it. then it became the longest. |
|
|
|
AndrH
Newbie
Offline
Activity: 7
|
|
March 14, 2013, 11:53:44 AM |
|
Yes we resolved this situation.
Happy end =) |
|
|
|
|
matt4054
Legendary
Offline
Activity: 1092
BitcoinQueue.com
|
|
March 14, 2013, 12:45:29 PM |
|
I was wondering if this was the reason why OKPAY has still not resumed Bitcoin operations since the fork, while others already have?
I use OKPAY services including Bitcoin on a regular basis and I would hate that such events have long term consequences on OKPAY operations as well as other payment providers.
|
|
|
|
allthingsluxury
Legendary
Offline
Activity: 910
allthingsluxury.biz
|
|
March 14, 2013, 03:04:07 PM |
|
Yes we resolved this situation.
Good job. |
All Things Luxury is proud to accept Bitcoin and Litecoin. Simulated Diamond Engagement Rings, Crystal Necklaces, Men's Bling, plus much more. 37 Items Worth More Than Gold in a Collapse.Gold & Silver News: Eric Sprott Blog, Silver Liberation, Gold & Silver News, Jim Rickards Blog, Marc Faber Blog, Jim Rogers Blog, Peter Schiff Blog, David Morgan Blog, Mike Maloney Blog, James Turk Blog, Gold Silver Liberty, Gerald Celente Blog
|
|
|
Piper67
Legendary
Offline
Activity: 994
|
|
March 14, 2013, 03:10:45 PM |
|
Yes we resolved this situation.
On behalf of those of us wanting to use OKPAY and Bitcoin, please don't let the wilful actions of one individual affect your operations too much. By his own admission, he attempted a double spend once he saw what was happening... clearly, a hard fork is not desirable, but the last time there was one was in 2010 (technically, orphaned blocks happen all the time and could be considered mini forks, but we're talking about one that went beyond six confirmations). |
|
|
|
|
paraipan
Legendary
Offline
Activity: 924
Firstbits: 1pirata
|
|
March 14, 2013, 05:15:59 PM |
|
Yes we resolved this situation.
Nice to hear that. To prevent this happening again in the future consider implementing " bitcoind alerts", and do automatic emergency stop on all bitcoin transactions if an alert ever shows up. It's an elegant and easy way to be warned by the community, and with enough time to avoid being "double-spent". |
BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 1946
WILL PAID LOAN !
|
|
March 14, 2013, 09:24:25 PM |
|
I later manually corrected the issue with another transaction, thus double spend. For post-mortem analysis, would you mind sharing how that raw transaction was broadcast? Through bitcoin-Qt/bitcoind I presume? But was this just connecting to peers or had you actually explicitly connected to a mining pool or well connected node? The question is that most peers would have rejected it because they should already have known of the original transaction (12814b8ad57ce5654ba69eb26a52ddae1bff42093ca20cef3ad96fe7fd85d195) and not relayed your double spend (762443f6373b7c8b3833d4ad23578fc3099cc29b86d1359d0c0565e3c8614f91). With all the nodes reverting to 0.7 and/or starting up with an empty memory pool it is not impossible for your node to have reached one of them with no knowledge of the original transaction and then because your double spend transaction was perfectly valid for that node to relay your transaction got relayed to other new nodes as well. Eventually then there would be a path that would reach the miner who eventually mined 225466 (the block with the double spend) -- BTC Guild [Edit: Yes, confirmed BTC Guild, per the coinbase]. |
|
|
|
JeromeS
Jr. Member
Offline
Activity: 55
|
|
March 15, 2013, 01:14:14 AM |
|
Been meaning to do this since The Night of the Two Chains, finally got the time to do it today. A list of all transactions included in the .8 fork but not the (current) main chain. i.e. possible double spends. 270 transactions out of 11914 fit that description (2.26%). (got the data from here, for some reason that page doesn't work anymore) I might go through all of these later and try to find any "special" ones. For now though I have to study... : / p.s. sorry for the huge post. [spoiler] tag not working. how do I spoiler stuff on this forum ? |
1MHMLCSdxzyaBEYQsQYYNPYkaBjeV1aSNZ
|
|
|
|
macbook-air
|
|
March 15, 2013, 02:02:08 AM |
|
I later manually corrected the issue with another transaction, thus double spend. For post-mortem analysis, would you mind sharing how that raw transaction was broadcast? Through bitcoin-Qt/bitcoind I presume? But was this just connecting to peers or had you actually explicitly connected to a mining pool or well connected node? The question is that most peers would have rejected it because they should already have known of the original transaction (12814b8ad57ce5654ba69eb26a52ddae1bff42093ca20cef3ad96fe7fd85d195) and not relayed your double spend (762443f6373b7c8b3833d4ad23578fc3099cc29b86d1359d0c0565e3c8614f91). With all the nodes reverting to 0.7 and/or starting up with an empty memory pool it is not impossible for your node to have reached one of them with no knowledge of the original transaction and then because your double spend transaction was perfectly valid for that node to relay your transaction got relayed to other new nodes as well. Eventually then there would be a path that would reach the miner who eventually mined 225466 (the block with the double spend) -- BTC Guild [Edit: Yes, confirmed BTC Guild, per the coinbase]. $ git diff src/rpcrawtransaction.cpp
diff --git a/src/rpcrawtransaction.cpp b/src/rpcrawtransaction.cpp
index e634ed7..1f045e8 100644
--- a/src/rpcrawtransaction.cpp
+++ b/src/rpcrawtransaction.cpp
@@ -164,8 +164,6 @@ Value listunspent(const Array& params, bool fHelp)
CBitcoinAddress address(input.get_str());
if (!address.IsValid())
throw JSONRPCError(RPC_INVALID_ADDRESS_OR_KEY, string("Invalid Bitcoin address: ")+input.get_str());
- if (setAddress.count(address))
- throw JSONRPCError(RPC_INVALID_PARAMETER, string("Invalid parameter, duplicated address: ")+input.get_str());
setAddress.insert(address);
}
}
@@ -520,9 +518,11 @@ Value sendrawtransaction(const Array& params, bool fHelp)
{
// push to local node
CTxDB txdb("r");
- if (!tx.AcceptToMemoryPool(txdb))
- throw JSONRPCError(RPC_DESERIALIZATION_ERROR, "TX rejected");
-
+ if (!tx.AcceptToMemoryPool(txdb)) {
+ SyncWithWallets(tx, NULL, true);
+ RelayMessage(CInv(MSG_TX, hashTx), tx);
+ throw JSONRPCError(RPC_DESERIALIZATION_ERROR, string("TX rejected, relay anyway ")+hashTx.GetHex());
+ }
SyncWithWallets(tx, NULL, true);
}
RelayMessage(CInv(MSG_TX, hashTx), tx);
$ bitcoin createrawtransaction '[{"txid": "e6ee06cec15f8fab2c1aa81037e6ba9b1d7c7c4073a2795e847aa9ca5b84daf1", "vout": 1}]' '{"1J1F3U7gHrCjsEsRimDJ3oYBiV24wA8FuV": 137.35368622}'
0100000001f1da845bcaa97a845e79a273407c7c1d9bbae63710a81a2cab8f5fc1ce06eee60100000000ffffffff01ae17b132030000001976a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac00000000
$ bitcoin signrawtransaction 0100000001f1da845bcaa97a845e79a273407c7c1d9bbae63710a81a2cab8f5fc1ce06eee60100000000ffffffff01ae17b132030000001976a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac00000000 '[{"txid": "e6ee06cec15f8fab2c1aa81037e6ba9b1d7c7c4073a2795e847aa9ca5b84daf1", "vout": 1, "scriptPubKey": "76a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac"}]'
{
"hex" : "0100000001f1da845bcaa97a845e79a273407c7c1d9bbae63710a81a2cab8f5fc1ce06eee6010000008c493046022100d6e0dec64778c669a4869a73dc057959ac6f8c6fa390e9ceb03bb040d3eb0933022100f3dc55dccbde883e7aadf737a5d8531847fdab1cc2b80a2357ce5dc5378a8485014104054f0d458c4dc3d0a4bb35cd17e624eb76ea99b702561bd0bea0aefe34c6c860fafca4faae957bb009e0ece9cba07cccd30dc008512a9a3021dbcfd2127938fcffffffff01ae17b132030000001976a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac00000000",
"complete" : true
}
$ bitcoin createrawtransaction '[{"txid": "b53cbbf160f1a5c470dba13672338908c5c9099985f6fdc37d44a5facae957df", "vout": 1}]' '{"1J1F3U7gHrCjsEsRimDJ3oYBiV24wA8FuV": 62.64371378}'
0100000001df57e9cafaa5447dc3fdf6859909c9c50889337236a1db70c4a5f160f1bb3cb50100000000ffffffff01b2b86275010000001976a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac00000000
$ bitcoin signrawtransaction 0100000001df57e9cafaa5447dc3fdf6859909c9c50889337236a1db70c4a5f160f1bb3cb50100000000ffffffff01b2b86275010000001976a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac00000000 '[{"txid": "b53cbbf160f1a5c470dba13672338908c5c9099985f6fdc37d44a5facae957df", "vout": 1, "scriptPubKey": "76a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac"}]'
{
"hex" : "0100000001f1da845bcaa97a845e79a273407c7c1d9bbae63710a81a2cab8f5fc1ce06eee6010000008c493046022100d6e0dec64778c669a4869a73dc057959ac6f8c6fa390e9ceb03bb040d3eb0933022100f3dc55dccbde883e7aadf737a5d8531847fdab1cc2b80a2357ce5dc5378a8485014104054f0d458c4dc3d0a4bb35cd17e624eb76ea99b702561bd0bea0aefe34c6c860fafca4faae957bb009e0ece9cba07cccd30dc008512a9a3021dbcfd2127938fcffffffff01ae17b132030000001976a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac00000000",
"complete" : true
}
$ while true; do bitcoin sendrawtransaction 0100000001f1da845bcaa97a845e79a273407c7c1d9bbae63710a81a2cab8f5fc1ce06eee6010000008c493046022100d6e0dec64778c669a4869a73dc057959ac6f8c6fa390e9ceb03bb040d3eb0933022100f3dc55dccbde883e7aadf737a5d8531847fdab1cc2b80a2357ce5dc5378a8485014104054f0d458c4dc3d0a4bb35cd17e624eb76ea99b702561bd0bea0aefe34c6c860fafca4faae957bb009e0ece9cba07cccd30dc008512a9a3021dbcfd2127938fcffffffff01ae17b132030000001976a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac00000000; sleep 10; bitcoin sendrawtransaction 0100000001f1da845bcaa97a845e79a273407c7c1d9bbae63710a81a2cab8f5fc1ce06eee6010000008c493046022100d6e0dec64778c669a4869a73dc057959ac6f8c6fa390e9ceb03bb040d3eb0933022100f3dc55dccbde883e7aadf737a5d8531847fdab1cc2b80a2357ce5dc5378a8485014104054f0d458c4dc3d0a4bb35cd17e624eb76ea99b702561bd0bea0aefe34c6c860fafca4faae957bb009e0ece9cba07cccd30dc008512a9a3021dbcfd2127938fcffffffff01ae17b132030000001976a914ba85dc466140d3ef2eac3f7e42088ec501315a4b88ac00000000; sleep 10; done
15e8729f4632f9542790e12e7e6891ac42ca9d109c38656e7259b58ee9133d2e
22b85b88ac4f18afaab9c06ee70b47df7da23201bd2ad646ca0b202d775aa999
15e8729f4632f9542790e12e7e6891ac42ca9d109c38656e7259b58ee9133d2e
22b85b88ac4f18afaab9c06ee70b47df7da23201bd2ad646ca0b202d775aa999
15e8729f4632f9542790e12e7e6891ac42ca9d109c38656e7259b58ee9133d2e
22b85b88ac4f18afaab9c06ee70b47df7da23201bd2ad646ca0b202d775aa999
......
(I cannot remember whether the last command returns simply txid or "error: {"code":-22,"message":"TX rejected, relay anyway txid"})
No. My fully synced bitcoind refused to execute any commands except getinfo. It simply reports error message: "Warning: Displayed transactions may not be correct! You may need to upgrade, or other nodes may need to upgrade." and exit. So I had to set up a new bitcoind in Parallels Desktop's Ubuntu virtual machine and this bitcoind was not yet fully synced with the network. And it shouldn't have many connections as it was behind NAT. |
|
|
|
|
Yurock
|
|
April 17, 2013, 09:30:32 AM |
|
Maybe the problem it that there is one implementation (bitcoind / bitcoin-qt) that decides what is right and what is not for the majority of the network. Bitcoin relies on a state when the vast majority of the network agree on the rules. That may not be the case when a single bug affects a large portion of the network. Under these conditions the whole proof of work mechanism becomes unreliable.
If we had a variety of implementations, a bug in one of them would have much smaller impact. Only users of the buggy client would be required to upgrade. We would not have to take the generally wrong way of downgrading to a buggy version.
|
|
|
|
|
arklan
Legendary
Offline
Activity: 1204
Just along for the ride...
|
|
April 17, 2013, 09:37:52 AM |
|
Maybe the problem it that there is one implementation (bitcoind / bitcoin-qt) that decides what is right and what is not for the majority of the network. Bitcoin relies on a state when the vast majority of the network agree on the rules. That may not be the case when a single bug affects a large portion of the network. Under these conditions the whole proof of work mechanism becomes unreliable.
If we had a variety of implementations, a bug in one of them would have much smaller impact. Only users of the buggy client would be required to upgrade. We would not have to take the generally wrong way of downgrading to a buggy version.
this is why the discussion of a "bitcoin spec" is ongoing and of worth. check the dev sub forum. |
|
|
|
|
Bitcoinpro
Legendary
Offline
Activity: 1134
|
|
April 17, 2013, 11:51:43 AM |
|
Just received a telephone call from OKPAY. The double spend money has been refunded to them. They promise me to send me my 64.xxx BTC within 15 minutes after they receive my refund. Please see if they respect their promise: 1J1F3U7gHrCjsEsRimDJ3oYBiV24wA8FuV This address should receive 64.xxx BTC before 09:30 UTC.
 This is not the way to do customer service. If not this incident, I don't know when they start to care me and return me the 64.xxx BTC. why is ok support using a comma and decimal point in the same post |
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1414
|
|
April 17, 2013, 12:18:45 PM |
|
why is ok support using a comma and decimal point in the same post
Probably both values copy pasted from previous messages or one of them c/p and the other written by the support person. |
|
|
|
jl2012
Legendary
Offline
Activity: 1470
|
|
April 08, 2014, 03:04:18 PM |
|
It has been more than a year. I think this is the only instance of successful double spending of a 6-confirmation transaction. Have anything been done to address this problem? Comparing with those fancy applications, this involves the very fundamental principle: transaction irreversibility. If it is not fixed, I am sure it will happen again when we have another unexpected fork and the harm could be much more serious.
|
Donation address: 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517 Bitcoin Wizards Wiki: https://8333.info/ |
|
|
arklan
Legendary
Offline
Activity: 1204
Just along for the ride...
|
|
April 08, 2014, 03:12:55 PM |
|
It has been more than a year. I think this is the only instance of successful double spending of a 6-confirmation transaction. Have anything been done to address this problem? Comparing with those fancy applications, this involves the very fundamental principle: transaction irreversibility. If it is not fixed, I am sure it will happen again when we have another unexpected fork and the harm could be much more serious.
Because this required a fork, I don't think there's anything that can be done. I mean, the entire system of bitcoin relies on forks not occurring. I'm no Dev though, so don't take my word as law. |
|
|
|
|
drawingthesun
Legendary
Offline
Activity: 896
|
|
April 08, 2014, 03:16:04 PM |
|
It has been more than a year. I think this is the only instance of successful double spending of a 6-confirmation transaction. Have anything been done to address this problem? Comparing with those fancy applications, this involves the very fundamental principle: transaction irreversibility. If it is not fixed, I am sure it will happen again when we have another unexpected fork and the harm could be much more serious.
I wonder how it can be fixed? Perhaps the client once seeing two similar chains is put into safe mode until an obvious longer chain emerges. Once one chain is perhaps 6 confirm ahead then automatically go out of safe mode and resume using the longest chain. This solution would require no central control and can be automated by the nodes. The important aspect would be the detection mechanism and watching two chains until there is a clear winner. |
|
|
|
|
franky1
Legendary
Offline
Activity: 1470
|
|
April 08, 2014, 03:19:17 PM |
|
It has been more than a year. I think this is the only instance of successful double spending of a 6-confirmation transaction. Have anything been done to address this problem? Comparing with those fancy applications, this involves the very fundamental principle: transaction irreversibility. If it is not fixed, I am sure it will happen again when we have another unexpected fork and the harm could be much more serious.
technically its not a double spend.. there is only one "receipt" of BTC that got confirmed on this main blockchain, meaning there is not 2 bunches of bitcoins that originated from one single bitcoin source on this main blockchain. what happened is that businesses did not update the clients to be using the correct blockchain. thus the business does not see the correct transaction and ends out paying FIAT twice. what needs to be done is to ensure forks dont happen, and in the small chance that a fork does occur, that businesses are not lazy about updating their clients, or double checking transactions before releasing different forms of funds or goods. (which would have prevented malleability issues if businesses had proper double checking methods in place) there is not one single extra bitcoin on the blockchain that was cloned or not originate from a verified block reward. ill say it again a double spend is where 1 btc can be used twice. no coin has been used twice. all that has happened is that businesses have not had adequate checking processes in place. the bitcoin protocol and the blockchain does not show more confirmed coins then what has been released through blockchain rewards |
Do not take any information given on this forum on face value. Please do your own due diligence and respect what is written here as both opinion and information gleaned from experience. If you wish to seek legal FACTUAL advice, then seek the guidance of a LEGAL specialist
|
|
|
|
zolace
|
|
April 08, 2014, 03:25:24 PM |
|
All time UTC+08:00:
08:08 – Well before I knew what later have happened, I deposited $10000-worth Bitcoins to BTC-e over OKPAY's Bitcoin payment, I paid OKPAY address 12z2n8YCJw1BEsJhhQPLCTuLqwH341nKnE 211.9093 BTC and 0.0005 BTC as transaction fee.
09:30 – The transaction was included in version 0.8's fork, block 225446
10:08 – Deposit completed, $9800 credited to my BTC-e account
12:53 – After some study, I recognized, the transaction, though included in version 0.8's fork, was never confirmed by the pre-0.8 fork, so I decided to make two double spend transactions on two of the vins of the OKPAY transaction, and broadcasted them with the raw transaction API, 0.001 BTC transaction fee included in each transaction.
13:01 – The double spend transaction was included in pre-0.8 fork block 225446
You should know what happens next...
I bet merchants would think twice before they decide to accept Bitcoins after the incident.
well this is why there should be inventory watchers, and this is why there has to be someone to over look these transactions as this can be avoided. |
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ |
|
|
RodeoX
Legendary
Offline
Activity: 2058
The revolution will be monetized!
|
|
April 08, 2014, 03:28:31 PM |
|
There has never been a double spend.
|
|
|
|
Peter R
Legendary
Offline
Activity: 924
|
|
April 08, 2014, 03:48:19 PM |
|
It has been more than a year. I think this is the only instance of successful double spending of a 6-confirmation transaction. Have anything been done to address this problem? Comparing with those fancy applications, this involves the very fundamental principle: transaction irreversibility. If it is not fixed, I am sure it will happen again when we have another unexpected fork and the harm could be much more serious.
Like others have said, the same coin has never been spent twice in the history of bitcoin; when we say "double spend," we mean that someone thought they got paid but later found out that they didn't. There are many ways one can protect himself against such events. In the case described in the OP, the event took place during a planned hard fork of the protocol. If we feel it necessary to fork the code again (and we likely will), I think it would be wise for exchanges to require a full day of confirmations for large deposits. Once it is clear that the fork was handled properly, services can reduce the confirmation requirements back to normal. Non-planned forks (large orphans) are rare. It is rarer still that the funds confirmed in the now-orphaned chain wouldn't also be confirmed in the new longest chain (it would strongly imply malicious intent, careful planning, and a large financial investment). But one should still dynamically track confirmed coins and in the very very unlikely event that coins are not confirmed in the new chain, the service should immediately freeze the accounts in question. There is also nothing special about the number "6": personally, if I ran a large exchange I would likely require less than 6 confirmations for most deposits, but more than 6 for, say, 10 000 BTC. |
|
|
|
00ph8al
Jr. Member
Offline
Activity: 30
|
|
April 08, 2014, 03:52:12 PM |
|
There has never been a double spend.
It seems like many have to believe this for their world to continue spinning but it is patently ludicrous to put your faith in a negative statement that by definition cannot be proven. There HAVE been double spends and there will continue to be double spends. If we truly want this experiment to survive we must identify these edge cases and provide solutions instead of burying our heads in the sand afraid of the bad publicity. |
|
|
|
|
jl2012
Legendary
Offline
Activity: 1470
|
|
April 08, 2014, 04:01:35 PM |
|
ok, if you guys think it is not "double spend", let's call it "reversed transaction". That's not the main point here. what happened is that businesses did not update the clients Actually the opposite is true. OKPAY got cheated because they were using the latest client (0. . If they did not update, they would never see the original transaction confirmed. |
Donation address: 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517 Bitcoin Wizards Wiki: https://8333.info/ |
|
|
RodeoX
Legendary
Offline
Activity: 2058
The revolution will be monetized!
|
|
April 08, 2014, 05:23:55 PM |
|
There has never been a double spend.
It seems like many have to believe this for their world to continue spinning but it is patently ludicrous to put your faith in a negative statement that by definition cannot be proven. There HAVE been double spends and there will continue to be double spends. If we truly want this experiment to survive we must identify these edge cases and provide solutions instead of burying our heads in the sand afraid of the bad publicity. Maybe your right? Please point me to a double spend. |
|
|
|
Syke
Legendary
Offline
Activity: 2030
|
|
April 08, 2014, 05:34:48 PM |
|
Because this required a fork, I don't think there's anything that can be done. I mean, the entire system of bitcoin relies on forks not occurring. I'm no Dev though, so don't take my word as law.
Good thing you added that last line, because you are dead wrong. Forks are expected. They will always happen. That is a core feature in how Bitcoin is designed. |
Buy & Hold
|
|
|
|
Joshuar
|
|
April 08, 2014, 05:37:38 PM |
|
Correct me if I'm wrong, but forks are only possible with a certain amount of hash power, and to gain enough hash to fork the Bitcoin chain would be very expensive and thus impractical.
|
|
|
|
|
skooter
|
|
April 08, 2014, 06:12:50 PM |
|
Correct me if I'm wrong, but forks are only possible with a certain amount of hash power, and to gain enough hash to fork the Bitcoin chain would be very expensive and thus impractical.
yeah you're wrong. Forks happen anytime 2 miners solve a block referencing the same previous block. |
|
|
|
|
b¡tco¡n
Member
Offline
Activity: 84
Correct Horse Battery Staple
|
|
April 08, 2014, 09:28:29 PM |
|
Correct me if I'm wrong, but forks are only possible with a certain amount of hash power, and to gain enough hash to fork the Bitcoin chain would be very expensive and thus impractical.
yeah you're wrong. Forks happen anytime 2 miners solve a block referencing the same previous block. But usually one of the forks gets chosen by consensus right? And after 6 of so confirmations it is extremely unlikely to change. When this thread was opened there was a bug (or bug fixed) with the latest version of the software which means that the new version of the software chose a different branch to the old, which is a very different and horrible problem. IIRC the developers told people to downgrade to the old version and the associated fork became the chosen fork, and thus losing transactions made in the unchosen fork. Hammer me if this isn't 100% accurate but I think it is the gist. Usually forks are OK and get resolved. This thread is about a different 'hard' fork cause by software issues. |
|
|
|
Meuh6879
Legendary
Offline
Activity: 1036
|
|
April 08, 2014, 09:47:09 PM |
|
How serious is this please. Double spends I thought were impossible . it's impossible. when you wait the 1 confirmation (1 block) ... anyway. |
|
|
|
Maged
Legendary
Offline
Activity: 1260
|
|
April 09, 2014, 02:55:47 AM |
|
It has been more than a year. I think this is the only instance of successful double spending of a 6-confirmation transaction. Have anything been done to address this problem?
Yes, the failures in the automated alert systems have been addressed, so services should be able to disable themselves when a long fork is detected: https://github.com/bitcoin/bitcoin/pull/2658 |
|
|
|
Bit_Happy
Legendary
Offline
Activity: 1414
A Great Time to Start Something!
|
|
April 09, 2014, 03:36:30 AM |
|
Your .gif was not accurate. 2013 turned out to be a great year for BTC.  |
15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
|
|
|
00ph8al
Jr. Member
Offline
Activity: 30
|
|
April 09, 2014, 06:08:09 PM |
|
There has never been a double spend.
It seems like many have to believe this for their world to continue spinning but it is patently ludicrous to put your faith in a negative statement that by definition cannot be proven. There HAVE been double spends and there will continue to be double spends. If we truly want this experiment to survive we must identify these edge cases and provide solutions instead of burying our heads in the sand afraid of the bad publicity. Maybe your right? Please point me to a double spend. What is your definition of double spend? Are you including operator error and self-inflicted (ie. allowing 0-confirmations)? The network (and access) isn't always fast enough for every use case either. |
|
|
|
|
RodeoX
Legendary
Offline
Activity: 2058
The revolution will be monetized!
|
|
April 09, 2014, 07:45:15 PM |
|
What is your definition of double spend?
Are you including operator error and self-inflicted (ie. allowing 0-confirmations)? The network (and access) isn't always fast enough for every use case either.
I think of a double spend as a spend with confirmation followed by another spend of the same balance. Without confirmation it seems to me that the protocol is behaving as designed and, as you mention, it's an operator error. I also don't think that it counts if it happened on the test net. A true double spend in the wild would spook me. If a method were found to do that, it would be the most serious threat to bitcoin so far. |
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 1946
WILL PAID LOAN !
|
|
April 12, 2014, 05:52:18 PM |
|
I think of a double spend as a spend with confirmation followed by another spend of the same balance.
Which is what happened in March, 2013. If you were using the v0.8 client there was a transaction that had more than six confirmations but later the fork which pre-v0.8 clients were mining surpassed the one the v0.8 were using and that transaction became invalid. What happened was a user noticed the fork, created a new transaction that spent the same funds, used a custom client that repeatedly broadcast the double spend attempt and eventually that new transaction got included in the pre-v0.8 blockchain fork. So yes, a double spend of a transaction that had six or more confirmations on what was at the time the longest chain is something that has occurred. The gist of the problem was that miners starting up with the v0.7 client had an empty memory pool and thus no knowledge of the transactions that had already confirmed in the blockchain fork mined by the v0.8 clients. So then it simply is a race -- whichever transaction (of the two that were spending the same coin) that reached those miners first is the one that was being hashed. For that specific weakness, there are solutions that had been discussed but not implemented as far as I know. For instance, when the miner is shut down the unconfirmed transactions in the memory pool could be written to the filesystem and then those transactions get loaded first when the miner starts back up. That would likely have made the result of that March 2013 fork be that no double spends had occurred. |
|
|
|
|
