horsebox1
Newbie
 Offline
Activity: 36
Merit: 0
|
 |
February 10, 2014, 12:00:46 PM |
|
|
|
|
|
|
|
|
|
delulo
|
|
February 10, 2014, 12:05:56 PM |
|
Does all that mean, the dream of 100% uncompromisable P2P transfer is over? Does it mean an additional check by a quasi central authority is needed to augment security? I would appreciate an answer in layman terms.
No. Everything is just the same Let say bitcoin transaction is like a banknote. You can write something on a banknote but the note itself is still valid. When gox sending a banknote to its customer, they take a picture of the note, and use the picture of the note as an evidence of delivery. Some customer, however, write something on the note when they get it from gox, and claim they have not received the note. Since the note looks different from the photo, gox can't recognize it and wrongly believes that the note is not delivered, and send another note to the customer (so the customer gets double paid by exploiting the gox's bug). Since gox believe the original said note is not spent, they try to send it to a different customer. Of course this won't work and led to all those bitcoin withdraw problem we have seen. So gox now proposes to use a different method to track the banknote. Instead of taking a photo, they propose to use the unique serial number on every note for tracking propose. Bitcoin is still the bitcoin we know yesterday What are they looking at then? Following this analogy how do other exchanges tackle this problem? Simply they don't look only at hash to confirm transaction was sent. Same thing Gox now needs to implement What are they looking at then? |
|
|
|
|
killerstorm
Legendary
Offline
Activity: 1022
Merit: 1015
|
|
February 10, 2014, 12:13:16 PM |
|
Transactions are malleable. Deal with it. If a transaction is observed on the network that has the same input outpoints and the same outputs, it is the same transaction, and mtgox should treat it as such. This is a simple check to do, and trivial to automate.
The trivial fix it to use the hash which is used for signing as a transaction identifier. Should be fine for all standard transactions. |
|
|
|
OpenPay
Newbie
Offline
Activity: 26
Merit: 0
|
|
February 10, 2014, 12:16:41 PM |
|
I'm expecting the next note from MtGox to read something along the lines of "Thank you everyone for your patience while we drove down the market price. Thank you also for selling so cheap, we are now able to process withdrawls because we bought so cheaply on bitstamp. Again thank you and sorry we forgot the lube, but at least we only put in the tip this time."
|
|
|
|
|
rammy2k2
Legendary
Offline
Activity: 1974
Merit: 1003
|
|
February 10, 2014, 12:25:13 PM |
|
I'm expecting the next note from MtGox to read something along the lines of "Thank you everyone for your patience while we drove down the market price. Thank you also for selling so cheap, we are now able to process withdrawls because we bought so cheaply on bitstamp. Again thank you and sorry we forgot the lube, but at least we only put in the tip this time."
ROFL ... exactly what i was thinking |
|
|
|
|
il--ya
Newbie
Offline
Activity: 47
Merit: 0
|
|
February 10, 2014, 12:36:59 PM |
|
I'm expecting the next note from MtGox to read something along the lines of "Thank you everyone for your patience while we drove down the market price. Thank you also for selling so cheap, we are now able to process withdrawls because we bought so cheaply on bitstamp. Again thank you and sorry we forgot the lube, but at least we only put in the tip this time."
They buy cheaply on MtGox. Bitstamp is pricey. So they 1) reduce the number of their BTC liabilities 2) cover the remaining liabilities with cheap coins. |
|
|
|
|
il--ya
Newbie
Offline
Activity: 47
Merit: 0
|
|
February 10, 2014, 12:39:44 PM |
|
Maybe they were incompetent enough not to spot the attack for a longer time, automatically resubmitting same withdrawals again and again until they discovered that they are bankrupt.
I have spotted before withdrawals going as far back as 10 November 2013. http://www.reddit.com/r/Bitcoin/comments/1x4yqe/mtgox_btc_withdrawal_doublespending/So.. one can only guess. Update: ah, yes, and that's another lie in their filthy statement, that this has only started in the end of January. |
|
|
|
|
|
grau
|
|
February 10, 2014, 12:48:19 PM |
|
This is how one could have played the attack on Gox:
You need:
1. Some sizable Bitcoin deposit at Gox
2. A program that grabs the withdraw Gox sends, modifies it such that economics is the same but hash different, then re-sends.
3. Accounting system and Customer Support at Gox, that is incompetent to spot that it gets robbed.
I think 1. can be arranged and 3. is given, for 2 you need some skill and a direct link to some mining pools to increase the chances the altered transaction gets to them quicker than Gox's original.
4. Some luck and repeat
I Guess Gox was robbed over a longer period of time systematically and they were incompetent enough not to notice it until there were really no coins left.
|
|
|
|
|
il--ya
Newbie
Offline
Activity: 47
Merit: 0
|
|
February 10, 2014, 01:05:45 PM |
|
Here is the link to the thread, where the patch addressing malleability was discussed: https://bitcointalk.org/index.php?topic=8392.0The whole MtGox goxing was only possible because: 1) They were issuing transactions with sloppy signature format 2) This was accepted by the network for some time 3) New bitcoin client with tightened rules was released 4) Their sloppy transactions started being rejected 5) Exploiters "fixed" those transactions 6) MtGox sloppy software didn't notice transaction went through 7) Mt-gox sloppy software didn't notice output's were spent (making them unaware that they lose coins). It didn't even lock outputs which are used in pending transactions!!  MtGox incompetent customer support resubmitted transactions manually without looking into issue and alarming developers. Or maybe they did, but developers were too busy/confident/not able to fix the problem. Overall: MtGox are incompetent bunch of liers |
|
|
|
|
snooopy
Newbie
Offline
Activity: 40
Merit: 0
|
|
February 10, 2014, 01:09:25 PM |
|
5) Exploiters "fixed" those transactions
thats the point  |
|
|
|
|
|
spartacusrex
|
|
February 10, 2014, 01:20:51 PM |
|
Transactions are malleable. Deal with it. If a transaction is observed on the network that has the same input outpoints and the same outputs, it is the same transaction, and mtgox should treat it as such. This is a simple check to do, and trivial to automate.
The trivial fix it to use the hash which is used for signing as a transaction identifier. Should be fine for all standard transactions. Is it possible to get this hash value from bitcoind ? Or - How do you get this Hash ? |
Life is Code.
|
|
|
|
grau
|
|
February 10, 2014, 01:35:35 PM |
|
Transactions are malleable. Deal with it. If a transaction is observed on the network that has the same input outpoints and the same outputs, it is the same transaction, and mtgox should treat it as such. This is a simple check to do, and trivial to automate.
The trivial fix it to use the hash which is used for signing as a transaction identifier. Should be fine for all standard transactions. that would not spot modifications e.g. through removing/altering an unused push from script. The simple solution is to know what coins (UTXO) one owns and recognize if they are spend no matter with what hash. |
|
|
|
|
meelos
Newbie
Offline
Activity: 38
Merit: 0
|
|
February 10, 2014, 01:38:57 PM |
|
I'm expecting the next note from MtGox to read something along the lines of "Thank you everyone for your patience while we drove down the market price. Thank you also for selling so cheap, we are now able to process withdrawls because we bought so cheaply on bitstamp. Again thank you and sorry we forgot the lube, but at least we only put in the tip this time."
Haha! Lightened up my afternoon slightly.  |
|
|
|
|
Elo
Newbie
Offline
Activity: 14
Merit: 0
|
|
February 10, 2014, 01:44:06 PM |
|
Or - How do you get this Hash ?
Calculate it according to transaction signing rules, which are tricky. (But are implemented in the reference client, so you can copy that.) that would not spot modifications e.g. through removing/altering an unused push from script.
? Any modification that changes the signing hash would invalidate the signature. |
|
|
|
|
fairglu
Legendary
Offline
Activity: 1100
Merit: 1030
|
|
February 10, 2014, 01:45:09 PM |
|
You seem to totally be missing the point here. This does not affect mt gox deposits at all.
Which is exactly what I said This is *withdrawals* from mt gox....under their current system they track withdrawals that they sent to users via the transaction hash. Which is apparently a f***** way to track them. So they should track the withdrawals via the input/output/amount instead.
It's impossible that two withdrawals would have the same inputs/outputs; provided that mt gox use change addresses.
How is it impossible? MtGox doesn't control the destination address, so that can be the same. For MtGox to control the origin address it means they would have to spam the blockchain with internal transfers to intermediate addresses (that they could change) for withdrawals, so that a given address is only used once for a given amount in a given time-frame. |
|
|
|
dave111223
Legendary
Offline
Activity: 1190
Merit: 1001
|
|
February 10, 2014, 01:56:00 PM |
|
This is *withdrawals* from mt gox....under their current system they track withdrawals that they sent to users via the transaction hash. Which is apparently a f***** way to track them. So they should track the withdrawals via the input/output/amount instead.
It's impossible that two withdrawals would have the same inputs/outputs; provided that mt gox use change addresses.
How is it impossible? MtGox doesn't control the destination address, so that can be the same. For MtGox to control the origin address it means they would have to spam the blockchain with internal transfers to intermediate addresses (that they could change) for withdrawals, so that a given address is only used once for a given amount in a given time-frame. By default an address is only used once, the entire balance on the address is spent and any leftover coins are returned to a new change address. Mt Gox has literally millions of addresses. Address can be used once then discarded. This is not "spamming the blockchain" this is just the way bitcoin works by design. It's trivial for them to discard used change addresses. It's very easy for them to ensure that the same inputs/outputs/amount are never used more than once. |
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1097
|
|
February 10, 2014, 02:00:27 PM |
|
Does all that mean, the dream of 100% uncompromisable P2P transfer is over? Does it mean an additional check by a quasi central authority is needed to augment security? I would appreciate an answer in layman terms.
No. Everything is just the same Let say bitcoin transaction is like a banknote. You can write something on a banknote but the note itself is still valid. When gox sending a banknote to its customer, they take a picture of the note, and use the picture of the note as an evidence of delivery. Some customer, however, write something on the note when they get it from gox, and claim they have not received the note. Since the note looks different from the photo, gox can't recognize it and wrongly believes that the note is not delivered, and send another note to the customer (so the customer gets double paid by exploiting the gox's bug). Since gox believe the original said note is not spent, they try to send it to a different customer. Of course this won't work and led to all those bitcoin withdraw problem we have seen. So gox now proposes to use a different method to track the banknote. Instead of taking a photo, they propose to use the unique serial number on every note for tracking propose. Bitcoin is still the bitcoin we know yesterday Following this analogy how do other exchanges tackle this problem? I have a better analogy here and also answered your question: https://bitcointalk.org/index.php?topic=458386 |
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
|
newguy05
|
|
February 10, 2014, 02:07:43 PM |
|
How you want to verify transaction went trough?
Just check blockchain.info - it's trivial to find transaction knowing source and destination address, amount and approximate time. Least to say they have a signature and can look for it without the need for any tricks with hashing which they mentioned in their statement. Yes, It's not a technical issue mtgox is trying to solve but liquidity/price related. The news release is a sham just like their past usd halt release to fix "technical issues" when it turned out the us government froze their us bank assets as the real reason. |
|
|
|
|
grau
|
|
February 10, 2014, 02:09:21 PM |
|
that would not spot modifications e.g. through removing/altering an unused push from script.
? Any modification that changes the signing hash would invalidate the signature. Input scripts are not in the signature hash, otherwise signature would have to sign itself. In n-out-of-m multi signature one can even have any garbage in place of signatures not needed to verify. |
|
|
|
|
|
