Bitcoin Forum
December 14, 2024, 04:12:18 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
Author Topic: Contrary to Mt.Gox’s Statement, Bitcoin is not at fault - Gavin Andresen 10/2/14  (Read 13159 times)
Syke
Legendary
*
Offline Offline

Activity: 3878
Merit: 1193


View Profile
February 11, 2014, 05:19:37 PM
 #61


Can someone explain how the malleability problem is manifest?

I thought Gox like other waited for 3x confirmations in the Blockchain before acknowledging transfers into or out of a Gox account?

Gox creates a withdrawal and makes note of the TXID. Then, before it is included in a block, someone else changes the transaction such that only the TXID changes, but the transaction is still the same. When the new TXID gets included in the blockchain, the customer who requested the withdrawal claims they never received it. But they actually did! Gox looks up the old TXID and doesn't find it, so they create a whole new transaction and send another withdrawal to the customer. The customer has now been paid twice!!! This is solely Gox's problem because they do not correctly track transactions.

Buy & Hold
un_ordinateur
Full Member
***
Offline Offline

Activity: 157
Merit: 100


View Profile
February 11, 2014, 05:37:50 PM
 #62

Gox creates a withdrawal and makes note of the TXID. Then, before it is included in a block, someone else changes the transaction such that only the TXID changes, but the transaction is still the same. When the new TXID gets included in the blockchain, the customer who requested the withdrawal claims they never received it. But they actually did! Gox looks up the old TXID and doesn't find it, so they create a whole new transaction and send another withdrawal to the customer. The customer has now been paid twice!!! This is solely Gox's problem because they do not correctly track transactions.

To clarify further: in an transaction, only the inputs, the outputs and the amount are signed. The TXID is -not- signed, and thus can be changed by anybody while keeping the transaction valid. It is -not- a bug, it's a design choice. The Bitcoin protocol never stated that the TXID was to be unchangeable, and thus nobody should have expected that in their software.

One can uniquely track transactions otherwise. Even if the TXID is changes, the inputs are not. Thus one can know if a transaction went trough by checking if a given input has been spent according to the blockchain.
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322
Merit: 252



View Profile
February 11, 2014, 05:52:08 PM
 #63

I wonder if all Mt. GOXXX threads will be moved to service discussion?  Hmmm... maybe just mine...

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
kneim
Legendary
*
Offline Offline

Activity: 1666
Merit: 1000


View Profile
February 11, 2014, 06:22:29 PM
 #64


Can someone explain how the malleability problem is manifest?

I thought Gox like other waited for 3x confirmations in the Blockchain before acknowledging transfers into or out of a Gox account?

Gox creates a withdrawal and makes note of the TXID. Then, before it is included in a block, someone else changes the transaction such that only the TXID changes, but the transaction is still the same. When the new TXID gets included in the blockchain, the customer who requested the withdrawal claims they never received it. But they actually did! Gox looks up the old TXID and doesn't find it, so they create a whole new transaction and send another withdrawal to the customer. The customer has now been paid twice!!! This is solely Gox's problem because they do not correctly track transactions.
Hopefully not. Can't believe they don't audit their balances continiously/from time to time an discover such drains just in time.

bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322
Merit: 252



View Profile
February 11, 2014, 06:55:50 PM
 #65

Hopefully not. Can't believe they don't audit their balances continiously/from time to time an discover such drains just in time.

Why can't you believe it?

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
quone17
Full Member
***
Offline Offline

Activity: 224
Merit: 104


View Profile WWW
February 11, 2014, 07:24:58 PM
 #66

Gox had a foolish way of checking whether people had been paid or not.  It's not inherently Bitcoin's fault that they did that.  It was clear that people would change transaction IDs so I really do think it was Gox that messed up.  Sure, Bitcoin and the Foundation can change it but it's not like BTC was inherently flawed.  It can be changed to make it easier in the future though.  But this selling, I do blame totally on Gox and I don't think you can disagree.

Bitcoin Exchange Guide- List of the Top Bitcoin Exchanges, Find Places to Buy, Sell and Trade Bitcoins.
Impaler
Sr. Member
****
Offline Offline

Activity: 826
Merit: 250

CryptoTalk.Org - Get Paid for every Post!


View Profile
February 11, 2014, 09:22:14 PM
 #67

Suspension of other exchanges now for the same problem discredits Gavin's initial statement that the fault was all with Gox. 

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
CryptoTalk.org| 
MAKE POSTS AND EARN BTC!
🏆
grifferz
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
February 11, 2014, 09:28:31 PM
 #68

Suspension of other exchanges now for the same problem discredits Gavin's initial statement that the fault was all with Gox. 
Why do you feel that it's unlikely that two exchanges can't both do it wrong, independently?

Surely the fact that bitcoin-qt isn't affected lends weight to Gavin's statements?
tvbcof
Legendary
*
Offline Offline

Activity: 4788
Merit: 1283


View Profile
February 11, 2014, 09:41:39 PM
 #69

Suspension of other exchanges now for the same problem discredits Gavin's initial statement that the fault was all with Gox. 

Not really.  All of these businesses are trying to make Bitcoin into something it is not (yet) and most of them took more or less the same easy, and somewhat ignorant, road to doing so.

If anyone based their accounting on the potentially mutable tx-id they were either ignorant of it's nature, or just flat out ignorant.  Either of these mistakes calls into question their viability as a financial services business.  Big time.  They'd probably fail for some other reason if not this.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
BitcoinTate
Full Member
***
Offline Offline

Activity: 224
Merit: 100


DigiByte Founder


View Profile
February 11, 2014, 10:14:30 PM
 #70

I'm just glad I stopped using Gox that last time I was "Goxxed" this past May. The hand writing has been on the wall since way before then. They need to die out before they do anymore damage to Bitcoin. How many times now has a crash, dip or negative Bitcoin media attention been preceded by some sort of Gox malfunction?

- aka The "DigiMan"
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322
Merit: 252



View Profile
February 12, 2014, 03:55:42 AM
 #71

I'm just glad I stopped using Gox that last time I was "Goxxed" this past May. The hand writing has been on the wall since way before then. They need to die out before they do anymore damage to Bitcoin. How many times now has a crash, dip or negative Bitcoin media attention been preceded by some sort of Gox malfunction?

I think maybe somebody, other than me because I'm lazy, should go through the forums and tally up all the GOXXXings.  I can think of at LEAST 3 big ones off the top of my head but I know there were more.

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
Barek
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
February 12, 2014, 03:58:40 AM
 #72

There be update.

https://bitcoinfoundation.org/blog/?p=422
ndrmutz
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
February 12, 2014, 04:41:38 AM
 #73

You say that like it shouldn't be somebody's responsibility to provide me with it?

You are responsible for doing your own homework.  Nobody else is.
corsaro
Legendary
*
Offline Offline

Activity: 1400
Merit: 1000


View Profile
February 12, 2014, 06:28:18 AM
Last edit: February 12, 2014, 06:39:04 AM by corsaro
 #74



from Bitcoin Foundation:
Update on Transaction Malleability
Gavin Andresen    Feb 11 2014

You may have noticed that some exchanges have temporarily suspended withdrawals and wondering what’s going on or more importantly, what’s being done about it. You can be rest assured that we have identified the issue and are collectively and collaboratively working on a solution.
 
Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions. This is exposing bugs in both the reference implementation and some exchange’s software.
 
We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds.
 
Users of the reference implementation who are bitten by this bug may see their bitcoins “tied up” in unconfirmed transactions; we need to update the software to fix that bug, so when they upgrade those coins are returned to the wallet and are available to spend again. Only users who make multiple transactions in a short period of time will be affected.
 
As a result, exchanges are temporarily suspending withdrawals to protect customer funds and prevent funds from being misdirected.
 
Thanks for your patience. Follow us @BTCFoundation for updates as we learn more and make progress.




really interesting...  so MTGox was 100% right.

Also bitstamp.net temporarily suspended withdrawals...
https://www.bitstamp.net/article/bitcoin-withdraws-suspended/

Anyway, bitcoin foundation is working to find a quick and effective solution, so our bitcoins are safe Wink
fairglu
Legendary
*
Offline Offline

Activity: 1100
Merit: 1032


View Profile WWW
February 12, 2014, 07:43:22 AM
 #75

As always on technology, the name of the game is "shit happens", and the subtitle is "the question is when, not if".

Hopefully some here will have learned a lesson: bitcoin is technology.

Technology is not about finger pointing or religious faith, it's about finding issues, fixing issues and moving everyone forward.

Everyone will mess up technology sooner or later, that's a fact, just like everyone will trip and fall someday.
Communities should be about helping those that fall get back on their feet, not kick them while they're down.

Great to see key proponents cooperating on this issue!

hgmichna
Hero Member
*****
Offline Offline

Activity: 695
Merit: 500


View Profile
February 12, 2014, 09:47:03 AM
 #76

[…]
To clarify further: in an transaction, only the inputs, the outputs and the amount are signed. The TXID is -not- signed, and thus can be changed by anybody while keeping the transaction valid. It is -not- a bug, it's a design choice. The Bitcoin protocol never stated that the TXID was to be unchangeable, and thus nobody should have expected that in their software.

One can uniquely track transactions otherwise. Even if the TXID is changes, the inputs are not. Thus one can know if a transaction went trough by checking if a given input has been spent according to the blockchain.

Why not sign the entire transaction including the TXID?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
February 12, 2014, 09:48:12 AM
 #77

[…]
To clarify further: in an transaction, only the inputs, the outputs and the amount are signed. The TXID is -not- signed, and thus can be changed by anybody while keeping the transaction valid. It is -not- a bug, it's a design choice. The Bitcoin protocol never stated that the TXID was to be unchangeable, and thus nobody should have expected that in their software.

One can uniquely track transactions otherwise. Even if the TXID is changes, the inputs are not. Thus one can know if a transaction went trough by checking if a given input has been spent according to the blockchain.

Why not sign the entire transaction including the TXID?

Sign it with which private key?  A tx can (and usually does) have multiple inputs.
FeedbackLoop
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
February 12, 2014, 09:59:01 AM
 #78

[…]
To clarify further: in an transaction, only the inputs, the outputs and the amount are signed. The TXID is -not- signed, and thus can be changed by anybody while keeping the transaction valid. It is -not- a bug, it's a design choice. The Bitcoin protocol never stated that the TXID was to be unchangeable, and thus nobody should have expected that in their software.

One can uniquely track transactions otherwise. Even if the TXID is changes, the inputs are not. Thus one can know if a transaction went trough by checking if a given input has been spent according to the blockchain.

Why not sign the entire transaction including the TXID?

Sign it with which private key?  A tx can (and usually does) have multiple inputs.

Any random one? Even with thousands of inputs an attacker wouldn't be able to sign a mutated ID with any of the inputs.

Looking around I actually get the feeling that one of the reasons why this minor issue was left on the shelf was because there's so many different people with so many possible different solutions.

fairglu
Legendary
*
Offline Offline

Activity: 1100
Merit: 1032


View Profile WWW
February 12, 2014, 10:17:28 AM
 #79

Sign it with which private key?  A tx can (and usually does) have multiple inputs.
Any random one, doesn't really matter as long as it can't be changed and can be verified, no?

A "good practice" could be to use that of the first or last input (to speed up verification). The (non-compulsory) ordering could be done when submitting (by the wallet) or when mining the transaction (as a courtesy from miners).

darkmule
Legendary
*
Offline Offline

Activity: 1176
Merit: 1005



View Profile
February 12, 2014, 03:36:31 PM
 #80

Anyway, bitcoin foundation is working to find a quick and effective solution, so our bitcoins are safe Wink

Your BITCOINS have ALWAYS been safe.  What has not been safe, necessarily, is balances in exchanges, which are not actually Bitcoins, any more than your money in a bank is actually dollars.
Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!