Bitcoin Forum
November 02, 2024, 08:56:54 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [FIX on the way] Flaw with fee calculation on strongcoin.  (Read 3590 times)
DiThi (OP)
Full Member
***
Offline Offline

Activity: 156
Merit: 100

Firstbits: 1dithi


View Profile
December 30, 2011, 02:01:23 PM
Last edit: January 05, 2012, 10:00:58 PM by DiThi
 #1

Edit: A fix is on the way!

A friend of mine sent 0.99999999 BTC with StrongCoin and the fee has been 10 BTC (in theory it should be 1%, 0.005 min, 1 max).

With blockchain.info, trying to do that yelds even weirder results, but hopefully that wallet is so great it lets you review all the details of the transaction before sending it. blockchain.info is not affected at all, it was an error on my part.

Please, fix it!

And to the rest of the people: don't try that at home! Well, can someone try sending something like 0.00999999 to test?

1DiThiTXZpNmmoGF2dTfSku3EWGsWHCjwt
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
January 03, 2012, 12:27:48 AM
 #2

wht software are you refering to that your friend input this amount into and was told there would be a 10BTC fee?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
DiThi (OP)
Full Member
***
Offline Offline

Activity: 156
Merit: 100

Firstbits: 1dithi


View Profile
January 03, 2012, 02:24:21 PM
Last edit: January 03, 2012, 02:39:41 PM by DiThi
 #3

Strongcoin. They sent me the missing 10 BTC and they're trying to fix the problem.

Also blockchain.info is affected (and maybe other bitcoinJS wallets), but as I said, you can review the transaction before sending it, so it's not a problem.

Clien-side online wallets are much more secure than server side ones. Don't ever use server-side wallets (such as the infamous and now extinct mybitcoin). The only client-side wallets I know are Strongcoin, Blockchain.info and Bitventory (this one may be more secure since the author can't change the code without you knowing it). None of them can access your private keys.

1DiThiTXZpNmmoGF2dTfSku3EWGsWHCjwt
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
January 03, 2012, 03:07:19 PM
 #4

I will give it a try with my strongcoin account.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 03, 2012, 03:10:55 PM
 #5

None of them can access your private keys.

The problem is that if any of these sites are compromised by attackers, and the attackers change the scripts in these pages so that they can access your private keys, this will have been a false sense of security.  Attackers gaining access to change html pages is actually a fairly common occurrence, so it's a realistic threat to be aware of.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
January 03, 2012, 03:27:21 PM
Last edit: January 03, 2012, 03:39:00 PM by bwagner
 #6

This is NOT fixed!

I just sent 0.99999999 from my StrongCoin account and the transaction went as follows:

0.99999999 Sent
0.99999999 StrongCoin Fee
0.99999999 Miner Fee
------------
2.99999997 TOTAL

This should have been

0.99999999 Sent
0.00500000 StrongCoin Fee
0.00500000 Miner Fee
------------
1.00999999 TOTAL

I was overcharged 1.9899998 BTC

I have contacted StrongCoin.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
DiThi (OP)
Full Member
***
Offline Offline

Activity: 156
Merit: 100

Firstbits: 1dithi


View Profile
January 03, 2012, 03:51:30 PM
 #7

Sorry, misleading title tag. Don't try until they confirm it's fixed.

1DiThiTXZpNmmoGF2dTfSku3EWGsWHCjwt
DiThi (OP)
Full Member
***
Offline Offline

Activity: 156
Merit: 100

Firstbits: 1dithi


View Profile
January 03, 2012, 04:08:03 PM
 #8

None of them can access your private keys.

The problem is that if any of these sites are compromised by attackers, and the attackers change the scripts in these pages so that they can access your private keys, this will have been a false sense of security.  Attackers gaining access to change html pages is actually a fairly common occurrence, so it's a realistic threat to be aware of.

It's much more difficult than directly accessing unencrypted keys, but I agree, it's a threat. Is there a browser plugin or userscript that guarantees that the code in a page hasn't changed? Or something that allows digitally signing HTML and JS.

1DiThiTXZpNmmoGF2dTfSku3EWGsWHCjwt
piuk
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1005



View Profile WWW
January 03, 2012, 04:33:09 PM
 #9

Edit: A fix is in the way!

A friend of mine sent 0.99999999 BTC with StrongCoin and the fee has been 10 BTC (in theory it should be 1%, 0.005 min, 1 max).

With blockchain.info, trying to do that yelds even weirder results, but hopefully that wallet is so great it lets you review all the details of the transaction before sending it.

Please, fix it!

And to the rest of the people: don't try that at home! Well, can someone try sending something like 0.00999999 to test?

Hi DiThi,

I have been unable to replicate this using blockchain.info. What browser and OS are you using? Could you please confirm the exact steps to replicate the bug and if possible include a screenshot of the transaction confirmation dialog.

For example this transaction of 0.999999 appears to be constructed correctly.


Jan
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
January 04, 2012, 08:48:13 AM
 #10

Strongcoin. They sent me the missing 10 BTC and they're trying to fix the problem.

Also blockchain.info is affected (and maybe other bitcoinJS wallets), but as I said, you can review the transaction before sending it, so it's not a problem.

Clien-side online wallets are much more secure than server side ones. Don't ever use server-side wallets (such as the infamous and now extinct mybitcoin). The only client-side wallets I know are Strongcoin, Blockchain.info and Bitventory (this one may be more secure since the author can't change the code without you knowing it). None of them can access your private keys.
Add BitcoinSpinner to your list of client-side wallets. Forum thread: https://bitcointalk.org/index.php?topic=52674.0

Mycelium let's you hold your private keys private.
DiThi (OP)
Full Member
***
Offline Offline

Activity: 156
Merit: 100

Firstbits: 1dithi


View Profile
January 05, 2012, 08:52:28 PM
Last edit: January 05, 2012, 09:06:02 PM by DiThi
 #11

Add BitcoinSpinner to your list of client-side wallets. Forum thread: https://bitcointalk.org/index.php?topic=52674.0

I was talking about "online" wallets, i.e. web browser based wallets. I use BitcoinSpinner as well and it's great!

By the way, blockchain.info is down the last times I've tried to access, and I need a private key I forgot to backup :/ It's up again.

1DiThiTXZpNmmoGF2dTfSku3EWGsWHCjwt
DiThi (OP)
Full Member
***
Offline Offline

Activity: 156
Merit: 100

Firstbits: 1dithi


View Profile
January 05, 2012, 09:55:21 PM
 #12

Hi DiThi,

I have been unable to replicate this using blockchain.info. What browser and OS are you using? Could you please confirm the exact steps to replicate the bug and if possible include a screenshot of the transaction confirmation dialog.

For example this transaction of 0.999999 appears to be constructed correctly.

You are right. I was about to send you an example but there was an error on my part when interpreting the tx. Thumbs up for such a great web app.

By the way, it says "A 1% or 0.01 BTC fee is charged on all outgoing transactions". 0.01 is the minimum? Fix the text to make it clear.

1DiThiTXZpNmmoGF2dTfSku3EWGsWHCjwt
ThiagoCMC
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000

฿itcoin: Currency of Resistance!


View Profile
January 17, 2012, 06:56:08 AM
 #13

In fact, Strongcoin is a modified version of Diaspora integrated with Electrum lightweight Bitcoin client  Huh
DiThi (OP)
Full Member
***
Offline Offline

Activity: 156
Merit: 100

Firstbits: 1dithi


View Profile
January 17, 2012, 02:16:36 PM
 #14

In fact, Strongcoin is a modified version of Diaspora integrated with Electrum lightweight Bitcoin client  Huh

I have no idea, and I don't know if they fixed the problem. I haven't used strongcoin since I opened this thread. I use blockchain.info and the official client importing the keys with pywallet.

1DiThiTXZpNmmoGF2dTfSku3EWGsWHCjwt
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!