|
accord01 (OP)
|
 |
December 05, 2013, 01:38:04 PM |
|
So i was trying to withdraw btc from exchange, and I accidentally entered the address into the amount, everything else was correct, and it still went through...
does this mean i only sent 1 btc, since address starts with 1?
|
|
|
|
|
|
Leehoya
|
|
December 05, 2013, 01:49:41 PM |
|
So i was trying to withdraw btc from exchange, and I accidentally entered the address into the amount, everything else was correct, and it still went through...
does this mean i only sent 1 btc, since address starts with 1?
I'm thinking about the last line. So, if i want to withdraw 100BTC, it only sent 1BTC since it starts with 1? What you could do is to contact the support about this matter. Im sure the transaction was not sent as it needs a combination for it to be sendable. Should just contact the admin. Wiki says so: https://en.bitcoin.it/wiki/Address#Addresses_are_case_sensitive_and_exact |
|
|
|
|
accord01 (OP)
|
|
December 05, 2013, 03:27:16 PM |
|
It sent 1 btc, so all is good!
|
|
|
|
|
Abdussamad
Legendary
 Offline
Activity: 3640
Merit: 1571
|
|
December 05, 2013, 03:41:07 PM |
|
It sent 1 btc, so all is good!
Ask support to fix their freaking system. Basic input validation would be nice. |
|
|
|
|
|
Martijnvdc
|
|
December 05, 2013, 05:12:59 PM |
|
Which exchange are you using?
That seems quite ridiculous... Why doesn't it check if the value entered is a number at all?!
|
|
|
|
|
|
kr105
|
|
December 05, 2013, 06:34:48 PM |
|
It sent 1 btc, so all is good!
Ask support to fix their freaking system. Basic input validation would be nice. Please let us know what exchange you used, we need to know who is not validating their inputs  |
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
December 05, 2013, 06:36:53 PM |
|
It sent 1 btc, so all is good!
Ask support to fix their freaking system. Basic input validation would be nice. Please let us know what exchange you used, we need to know who is not validating their inputs This please let everyone know so they can avoid it like the plague. Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc. Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok. |
|
|
|
|
|
zhinkk
|
|
December 08, 2013, 03:20:13 PM |
|
It sent 1 btc, so all is good!
Ask support to fix their freaking system. Basic input validation would be nice. Please let us know what exchange you used, we need to know who is not validating their inputs This please let everyone know so they can avoid it like the plague. Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc. Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok. This. Although I think how the system might work is that if you enter a value more than you own (for some reason, works with address) it just sends all of your balance no matter what. |
|
|
|
|
|
poordeveloper
|
|
December 08, 2013, 03:22:26 PM |
|
It sent 1 btc, so all is good!
Ask support to fix their freaking system. Basic input validation would be nice. Please let us know what exchange you used, we need to know who is not validating their inputs This please let everyone know so they can avoid it like the plague. Any site not doing the most basic input validation is likely not doing a half dozen other important things like preventing cross site scripting attacks, SQL injection, session hijacking, etc. Utterly unbelievable a site would simply pass garbage input to bitcoind and hope everything works out ok. This. Although I think how the system might work is that if you enter a value more than you own (for some reason, works with address) it just sends all of your balance no matter what. Still, that's not right. You might have added an extra 0 by error, and would send your entire balance to someone when the transaction should have failed. |
|
|
|
|
accord01 (OP)
|
|
December 10, 2013, 02:44:21 PM |
|
I used bitfinex.com to make the transfer.
|
|
|
|
|
|
unclescrooge
|
|
December 12, 2013, 04:12:15 PM |
|
Hello, If the address was changed to 1 (the number), then obviously the data has been filtered. Furthermore, just because we do not check if the bitcoin address is not a valid bitcoin address doesn't mean we do not check for malicious input like SQL, HTML,... But don't take my word for it, go ahead, try to SQL inject or other attacks on Bitfinex and check the result. Every field is parsed and malicious content is removed (and a string like a BTC address is not a malicious content  ) All in all, if the bitcoin address is a wrong string, it will be rejected and cancelled. If the amount contains string garbage, as long as it start by digits, the amount will be those digits. If you enter "10 BTC", then this will be converted to "10". Thank you anyway Raphael |
|
|
|
|
|
unclescrooge
|
|
December 12, 2013, 04:19:22 PM |
|
To give you an example, there was so far 1 vulnerability, XSS one (so not a major one) on Bitfinex, for the GET variable "locale", where you could input javascript. This has been corrected a long time ago and was as i said the only vuln found.
it's not like we have not been "tried"...
|
|
|
|
|
|
