Bitcoin Forum
November 10, 2024, 08:19:23 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: accidentally entered the address into amount  (Read 1132 times)
accord01 (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
December 05, 2013, 01:38:04 PM
 #1

So i was trying to withdraw btc from exchange, and I accidentally entered the address into the amount, everything else was correct, and it still went through...

does this mean i only sent 1 btc, since address starts with 1?
Leehoya
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
December 05, 2013, 01:49:41 PM
 #2

So i was trying to withdraw btc from exchange, and I accidentally entered the address into the amount, everything else was correct, and it still went through...

does this mean i only sent 1 btc, since address starts with 1?
I'm thinking about the last line. So, if i want to withdraw 100BTC, it only sent 1BTC since it starts with 1?
What you could do is to contact the support about this matter. Im sure the transaction was not sent as it needs a combination for it to be sendable. Should just contact the admin. Wiki says so:
https://en.bitcoin.it/wiki/Address#Addresses_are_case_sensitive_and_exact

accord01 (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
December 05, 2013, 03:27:16 PM
 #3

It sent 1 btc, so all is good!
Abdussamad
Legendary
*
Offline Offline

Activity: 3682
Merit: 1580



View Profile
December 05, 2013, 03:41:07 PM
 #4

It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Martijnvdc
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
December 05, 2013, 05:12:59 PM
 #5

Which exchange are you using?
That seems quite ridiculous... Why doesn't it check if the value entered is a number at all?!
kr105
Hero Member
*****
Offline Offline

Activity: 938
Merit: 501


View Profile
December 05, 2013, 06:34:48 PM
 #6

It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Please let us know what exchange you used, we need to know who is not validating their inputs Cheesy
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
December 05, 2013, 06:36:53 PM
 #7

It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Please let us know what exchange you used, we need to know who is not validating their inputs Cheesy

This please let everyone know so they can avoid it like the plague. 

Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc.

Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok.
zhinkk
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


View Profile
December 08, 2013, 03:20:13 PM
 #8

It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Please let us know what exchange you used, we need to know who is not validating their inputs Cheesy

This please let everyone know so they can avoid it like the plague. 

Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc.

Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok.

This. Although I think how the system might work is that if you enter a value more than you own (for some reason, works with address) it just sends all of your balance no matter what.
poordeveloper
Hero Member
*****
Offline Offline

Activity: 896
Merit: 527


₿₿₿₿₿₿₿


View Profile WWW
December 08, 2013, 03:22:26 PM
 #9

It sent 1 btc, so all is good!

Ask support to fix their freaking system. Basic input validation would be nice.
Please let us know what exchange you used, we need to know who is not validating their inputs Cheesy

This please let everyone know so they can avoid it like the plague. 

Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc.

Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok.

This. Although I think how the system might work is that if you enter a value more than you own (for some reason, works with address) it just sends all of your balance no matter what.
Still, that's not right. You might have added an extra 0 by error, and would send your entire balance to someone when the transaction should have failed.

🎰 Bitcoin Casinos ⭐⭐⭐⭐⭐
.
🔵 Buy Bitcoin (Visa / Mastercard / SEPA / Bank Transfer / Western Union / MoneyGram / RIA)
accord01 (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
December 10, 2013, 02:44:21 PM
 #10

I used bitfinex.com to make the transfer.
unclescrooge
aka Raphy
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
December 12, 2013, 04:12:15 PM
 #11

Hello,

If the address was changed to 1 (the number), then obviously the data has been filtered.

Furthermore, just because we do not check if the bitcoin address is not a valid bitcoin address doesn't mean we do not check for malicious input like SQL, HTML,... But don't take my word for it, go ahead, try to SQL inject or other attacks on Bitfinex and check the result. Every field is parsed and malicious content is removed (and a string like a BTC address is not a malicious content Smiley)

All in all, if the bitcoin address is a wrong string, it will be rejected and cancelled. If the amount contains string garbage, as long as it start by digits, the amount will be those digits. If you enter "10 BTC", then this will be converted to "10".

Thank you anyway
Raphael
unclescrooge
aka Raphy
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
December 12, 2013, 04:19:22 PM
 #12

To give you an example, there was so far 1 vulnerability, XSS one (so not a major one) on Bitfinex, for the GET variable "locale", where you could input javascript. This has been corrected a long time ago and was as i said the only vuln found.

it's not like we have not been "tried"...
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!