Bitcoin Forum
June 21, 2018, 08:44:25 PM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: technical question - is a fake unconfirmed transaction possible?  (Read 1435 times)
og kush420
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
August 19, 2013, 09:07:38 PM
 #1

is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain.
sorry if this is a noob question. and i did search google before asking this...


◨▬▬▬▬▬▬◧ Fund Fantasy ◨▬▬▬▬▬▬◧
⦿ FANTASY TRADING PLATFORM⦿TOKEN SALE UPDATES ⦿
  Website  ▪  Whitepaper  ▪  Facebook  ▪ Twitter  ▪  Medium  ▪  Bitcointalk  ▪ Telegram
1529613865
Hero Member
*
Offline Offline

Posts: 1529613865

View Profile Personal Message (Offline)

Ignore
1529613865
Reply with quote  #2

1529613865
Report to moderator
There are several different types of Bitcoin clients. Hybrid server-assisted clients like Electrum get a lot of their network information from centralized servers, but they also check the server's results using blockchain header data. This is perhaps somewhat more secure than either server-assisted clients or header-only clients.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1529613865
Hero Member
*
Offline Offline

Posts: 1529613865

View Profile Personal Message (Offline)

Ignore
1529613865
Reply with quote  #2

1529613865
Report to moderator
TierNolan
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001


View Profile
August 19, 2013, 09:13:17 PM
 #2

is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain.
sorry if this is a noob question. and i did search google before asking this...

Fake in what way?

The process for spending money is to create a transaction and send it the 8+ nodes you are connected to.

They verify it and then send it onward.

I think they might not forward transactions unless they know about all the inputs.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2436
Merit: 1201



View Profile
August 19, 2013, 09:45:50 PM
 #3

Depends on what you mean by fake and who you trust to tell you about it (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug).

Bitcoin will not be compromised
og kush420
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
August 19, 2013, 09:57:15 PM
 #4

Depends on what you mean by fake and who you trust to tell you about it (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug).
woh, nice haha, that is what im talking about, how did you do that?



◨▬▬▬▬▬▬◧ Fund Fantasy ◨▬▬▬▬▬▬◧
⦿ FANTASY TRADING PLATFORM⦿TOKEN SALE UPDATES ⦿
  Website  ▪  Whitepaper  ▪  Facebook  ▪ Twitter  ▪  Medium  ▪  Bitcointalk  ▪ Telegram
og kush420
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
August 19, 2013, 10:01:34 PM
 #5

is it possible to send a fake/spoofed unconfirmed transaction? no i do not plan on doing this, but i just had the thought looking on blockchain.
sorry if this is a noob question. and i did search google before asking this...

Fake in what way?

The process for spending money is to create a transaction and send it the 8+ nodes you are connected to.

They verify it and then send it onward.

I think they might not forward transactions unless they know about all the inputs.
before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6"  is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."


◨▬▬▬▬▬▬◧ Fund Fantasy ◨▬▬▬▬▬▬◧
⦿ FANTASY TRADING PLATFORM⦿TOKEN SALE UPDATES ⦿
  Website  ▪  Whitepaper  ▪  Facebook  ▪ Twitter  ▪  Medium  ▪  Bitcointalk  ▪ Telegram
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2436
Merit: 1201



View Profile
August 19, 2013, 10:07:58 PM
 #6

I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface.  The site pretty much validated nothing in the past.

These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week.

before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6"  is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way.

Bitcoin will not be compromised
og kush420
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
August 20, 2013, 01:57:23 AM
 #7

I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface.  The site pretty much validated nothing in the past.

These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week.

before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6"  is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way.
How did you pull of the xss? im guessing you put javascript in the comment thing? i have seen them on the page
Code:
Public Note:


◨▬▬▬▬▬▬◧ Fund Fantasy ◨▬▬▬▬▬▬◧
⦿ FANTASY TRADING PLATFORM⦿TOKEN SALE UPDATES ⦿
  Website  ▪  Whitepaper  ▪  Facebook  ▪ Twitter  ▪  Medium  ▪  Bitcointalk  ▪ Telegram
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2436
Merit: 1201



View Profile
August 20, 2013, 02:14:41 AM
 #8

How did you pull of the xss? im guessing you put javascript in the comment thing? i have seen them on the page
No, I put javascript in the actual script of a transaction with it decoded and displayed without escaping.

Bitcoin will not be compromised
smolen
Hero Member
*****
Offline Offline

Activity: 524
Merit: 500


View Profile
August 20, 2013, 02:35:51 AM
 #9

No, I put javascript in the actual script of a transaction with it decoded and displayed without escaping.
Cheesy Cheesy Cheesy
The next thing to worry are SQL injections

Of course I gave you bad advice. Good one is way out of your price range.
Andrey
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


View Profile
November 18, 2013, 11:42:47 PM
 #10

I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface.  The site pretty much validated nothing in the past.

These days it seems to pass everything through a standard Bitcoin node, so its potentially less vulnerable to this kind of funny business, though it also fails to display a lot valid but unusual transactions. Though I did pull of an in-transaction XSS attack against it last week.

before it is verified, the recipient still knows there is an incoming transaction, even though is not verified, correct? i have seen this on clients, like " incoming transaction, 0/6"  is this correct? so what if you send bitcoins that don't exist without this step "send it the 8+ nodes you are connected to."
Absent bugs the reference software can't be tricked this way.

I am not very good in bitcoin internals, but it seems some tricks are still could be done with blockchain.info . Here is the fake transaction trying to make public believe that bitbonanza auction deposit was done by bitbonanza itself. https://blockchain.info/ru/address/12kBb6UA5ZCXkDgrivpBa9jwmbquH7MGod

e4xit
Sr. Member
****
Offline Offline

Activity: 302
Merit: 250



View Profile
November 19, 2013, 10:58:18 AM
 #11

Depends on what you mean by fake and who you trust to tell you about it (a real screenshot someone took of some fun and games I had at bc.i, ... they subsequently fixed that particular bug).

Holy shitballs dude, decent coinflow through your address Wink

https://blockchain.info/address/1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM?offset=650&filter=0

Also, what is your opinion on the blockchain.info coinjoin implementation? Now that it is running at 0% fee, is it worth sticking everything through the 10 iterations, or what?

If you don't have the private key for "your" bitcoins then you have no bitcoins.
There are a million bits in a bitcoin: 1 ฿ = 1,000,000 ƀ
michagogo
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
November 19, 2013, 12:05:04 PM
 #12

Holy shitballs dude, decent coinflow through your address Wink

https://blockchain.info/address/1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM?offset=650&filter=0

I don't think that 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM is his address.

I manually authored a transaction which claimed to spend some coin which belonged to someone else, and claimed to pay me 21m BTC... and submitted it through their raw txn submission interface.  The site pretty much validated nothing in the past.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!