Bitcoin Forum
May 08, 2024, 03:46:29 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > [PSA Developers] if you credit bitcoins at 0 confirms you are vulnerable!
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: [PSA Developers] if you credit bitcoins at 0 confirms you are vulnerable!  (Read 514 times)
monsterer (OP)
Legendary
*
Offline Offline

Activity: 1008
Merit: 1002


View Profile
February 11, 2014, 08:57:56 PM
 #1
I know there are a few sites which credit at 0 confirms. If you are a site owner doing this, you are vulnerable to the transaction malleability problem which is appearing in the press right now.

Your attack will work like this:

  • You credit a user's deposit at 0 confirms.
  • An attacker changes the hash and retransmits the transaction, which somehow gets into a block.
  • You see this as a new transaction, because the TXID is different.
  • You credit the user again for the same transaction.
  • You are in trouble.

Be aware.

Cheers, Paul.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > [PSA Developers] if you credit bitcoins at 0 confirms you are vulnerable!
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!