[FALSE ALARM] Security issues in the console client plus use of recovery tools

[NASDAQEnema]

Bitcoin console client and storage needs fixing:

One of the odd things about wallets is that you can send more than what you have in an account to an address you already have as long as you do not send it to the outside world.

Having said that, it would be possible then to:
1. Get coins out of nowhere!
- send 1000 BTC from one account to an address in the same wallet.
- use extractKeys to get the private key for that address
- use pywallet GUI to add the 1000 BTC address to a new wallet

2. Intentionally remove coins out of the BTC economy!
- do #1
- start bogus investment service
- repeat #1 a la Madoff
- receive new investments
- wait until investment is 10x original amount
- destroy wallet containing the address with negative amount of coins
- send original coins back to the address with negative amount of coins
- send rest of coins to the same address
- microwave the hard drive and then hit it with a sledge hammer

3. Increase the number of bitcoins in your wallet
- do #1
- sell bitcoins at an upward ramp of prices in increasing quantities
- do #1 again
- sell bitcoins at a large quantity at a fixed price forcing the price downward
- do #1 again
- sell bitcoins at a downward ramp of prices in increasing quantities
- do #1 again
- sell bitcoins at a large quantity blocking any attempts to increase the price
- watch people panic
- buy coins as they fall
- do #1 again
- sell more to make it a steady drop
- buy like crazy up to a price point
- sell like crazy to drive the value of your coins way up
- return all the extra coins to the black hole in your wallet.

There must be a way to prevent the client or blockchain from storing negative numbers.

I sincerely hope this post makes fiat trained speculators' heads explode. Lulz.

[1714011825]

1714011825

[1714011825]

1714011825

[1714011825]

1714011825

[1714011825]

1714011825

[1714011825]

1714011825

[istar]

Would this really be possible in the network.

Any comments?

[scintill]

Would this really be possible in the network.

Any comments?

I don't think so. You could probably fool your client(s) into thinking you have more coins than you do, but the network won't let you clone bitcoins or anything like that.

It is also well known that bitcoins can be effectively lost, by destroying/losing wallets, or even making an incorrect transaction on the network (like sending to an invalid address, or to one that nobody has in their wallet)

[gmaxwell]

Would this really be possible in the network.Any comments?

No.
The parent post is borderline-gibberish that betrays fundamental misunderstandings of Bitcoin on several levels.
Yes, using editing tools you can make your wallet display crazy stuff. No, the crazy stuff has no influence on the outside world.  No, it's not a "security issue"— if you don't want your software displaying crazy stuff don't use recovery tools to twiddle with the non-user-serviceable parts. It's actually unlikely that the crazy values can will actually cause the loss of bitcoin, but not impossible (e.g. if you delete the private keys).
Any negative numbers are meaningless in the context of the whole system Bitcoin tracks coins (transactions) not balances, and it certainly doesn't track bitcoind _account_ balanaces which are a purely local book-keeping function.
As far as the rest goes— Yes, you can remove coins from Bitcoin forever but you don't need his elaborate series of steps. Just send coins to a wallet which has no backups and destroy the wallet data and the coins are lost.  Yippie! more scarcity for everyone else.

[NASDAQEnema]

Would this really be possible in the network.Any comments?

No.
The parent post is borderline-gibberish that betrays fundamental misunderstandings of Bitcoin on several levels.

Let's establish a standard test then.

I create a wallet with 0 BTC. This is the source.
I create two accounts.
I transfer 1 BTC from one account to another.
I take the private key from the address holding the BTC using extractKeysFromWallet.
I add the private key to a new wallet containing 0 BTC. This is the carrier.
I then spend the 1 BTC to another wallet. This is the destination.

That concludes our test of the Emergency Butthurt Awareness System.

Yes, using editing tools you can make your wallet display crazy stuff. No, the crazy stuff has no influence on the outside world.

I'm not editing any values. I'm using the console client to create an address with 1BTC.

No, it's not a "security issue"— if you don't want your software displaying crazy stuff don't use recovery tools to twiddle with the non-user-serviceable parts. It's actually unlikely that the crazy values can will actually cause the loss of bitcoin, but not impossible (e.g. if you delete the private keys).

Not using anything to edit. Just moving atomic objects around.

Any negative numbers are meaningless in the context of the whole system Bitcoin tracks coins (transactions) not balances, and it certainly doesn't track bitcoind _account_ balanaces which are a purely local book-keeping function.

I know that. What I will test is a transaction from one account to another. If I can spend it from another wallet, Bitcoin is in trouble.

As far as the rest goes— Yes, you can remove coins from Bitcoin forever but you don't need his elaborate series of steps.

If I pulled a Madoff with this and destroyed a wallet containing coins others trusted me with we'd have serious issues. This is not preventable on a small scale, but if this attack works I would be able to do it in such a way that it destroyed the faith anyone had in the system.

Just send coins to a wallet which has no backups and destroy the wallet data and the coins are lost.  Yippie! more scarcity for everyone else.

And loss of faith. Unfortunately most wouldn't see such an attack as equivalent to what the Fed does daily.

[DeathAndTaxes]

I know that. What I will test is a transaction from one account to another. If I can spend it from another wallet, Bitcoin is in trouble.

No it isn't.  Despite all your obfuscate by extracting keys it is no different then this.

Take wallet which has 1 BTC.

Make a copy and install it on another machine = 1 BTC.

Wow I just doubled my money right?  Of course not.  As soon as you spend the 1 BTC from one wallet the value of the other will go to zero.  If you try to spend from both wallets the network will reject one as a double spend.

Your "attacks" are nonsense.

[BurtW]

It is so much easier to pull a "I have a lot of BTC in my wallet" scam.  Just get the source, code it up so you can give yourself and display any number of BTC to any account, let's say 100,000.  I have 100,000 BTC in my wallet, yippee!

Of course the rest of the network will not accept your BTC.

I destroyed a few satoshi just the other day when I sent some BTC to the following public addresses:

Code:

11When1DieBuryMeDeepLayTwoXVEY5jv 
11SpeakersAtMyFeetAPairofXXTyrHor 
11HeadphonesonMyHeadAndXXXXYUSvnd 
11ALwaysPLayTheGratefuLDeadWdq4Xo

Very easy to destroy BTC.

[NASDAQEnema]

I know that. What I will test is a transaction from one account to another. If I can spend it from another wallet, Bitcoin is in trouble.

No it isn't.  Despite all your obfuscate by extracting keys it is no different then this.

Take wallet which has 1 BTC.

Make a copy and install it on another machine = 1 BTC.

Wow I just doubled my money right?  Of course not.  As soon as you spend the 1 BTC from one wallet the value of the other will go to zero.  If you try to spend from both wallets the network will reject one as a double spend.

Your "attacks" are nonsense.

That's not what I'm proposing.

The original wallet does not spend anything. It only transfers within. Once. I really don't think this is going to trigger the double spend filter. No double spend is occurring, the transactions are in series from address to address.

Of course this brings up an after the fact faith buster double spend alarm attack.

I'll attempt this as long as everyone here agrees that it will be for 1 BTC, all documented, and afterwards the 1 BTC will be destroyed.

[BurtW]

This is dumb.  Just do it.  If you can then you can.  But you can't.

And just so you can rest easy.  You can send your ill gotten extra BTC to any one of the addresses I show above and Jerry will get them in heaven.

[ArtForz]

Yep, another case of not understanding how bitcoin works.
I've watched people come up with the same or similar bullshit "attacks" several dozen times in the last 18 months.
I'm pretty sure there's even a FAQ entry for it on the wiki.
But hey, you don't have to trust anyone, just read the whitepaper, read the source code, think for a bit, if you still don't believe it *try it*
... and please post after you realize how clueless you've made yourself look.

[NASDAQEnema]

After discussion in irc, it is indeed impossible,

What needs to be clarified is the fact that every end point transactions are backtraced to the originating block.

A lot of people miss that. Even when you mention the word confirmation. People think of it as a receipt at the checkout counter, not an actual trace of all transactions involving a given coin.

[DeathAndTaxes]

That's not what I'm proposing.

The original wallet does not spend anything. It only transfers within. Once. I really don't think this is going to trigger the double spend filter. No double spend is occurring, the transactions are in series from address to address.

Of course this brings up an after the fact faith buster double spend alarm attack.

I'll attempt this as long as everyone here agrees that it will be for 1 BTC, all documented, and afterwards the 1 BTC will be destroyed.

Transfer = spend = transaction 

Period.

If you transfer coins from address A to address B but don't replicate that transaction to the network then any transaction from B will be rejected as invalid (it has invalid inputs because B has no value).

If you transfer coins from address A to address B AND DO replicate that transaction to the network then any transaction from A will be rejected as invalid (it has invalid inputs because A has no value).

You don't need anyone's permission.  Nobody cares.  Keep the BTC and make it 100K BTC if you want you can't have two transactions for the same coins on the network.

Even in a double spend only one transaction is accepted the coins aren't doubled the thief merely gains 2x the non-Bitcoin value.

[DeathAndTaxes]

After discussion in irc, it is indeed impossible,

What needs to be clarified is the fact that every end point transactions are backtraced to the originating block.

A lot of people miss that. Even when you mention the word confirmation. People think of it as a receipt at the checkout counter, not an actual trace of all transactions involving a given coin.

Well no transactions don't need to be backtraced to the origination block.  There are mechanism for pruning the blockchain.  Your "attack" would fail even if you only looked at the most recent block the inputs were involved in.

[jake262144]

Bitcoin console client and storage needs fixing...

Haven't you misteken wallet.dat for a Diablo II savegame??

This is sooo NOT how Bitcoin works, it's not even funny.
The network will laugh at your attempt at duping.
The client will show the correct values when it receives the next block. I imagine it'll be chuckling as well.

You really should get yourself up to speed on Bitcoin internals before spreading FUD with such astounding authority.

[BurtW]

After discussion in irc, it is indeed impossible,

What needs to be clarified is the fact that every end point transactions are backtraced to the originating block.

A lot of people miss that. Even when you mention the word confirmation. People think of it as a receipt at the checkout counter, not an actual trace of all transactions involving a given coin.

He admitted he made a mistaken.  I have made many as I learned exactly how it all worked.  We all have made at least one.

[gmaxwell]

Haven't you misteken wallet.dat for a Diablo II savegame??

OMG! is that why it's called Diablo miner???

He admitted he made a mistaken.  I have made many as I learned exactly how it all worked.  We all have made at least one.

Indeed, I probably had two dozen "oh heck yea, this breaks it! ... oh wait" moments while learning about it, reading the papers, reading the source, etc. I had the good sense, however, to not go all high and mighty on the forums until I had at least half a clue.  Listen before you speak is reasonable standard of behavior, and it's not wrong to hold people to it via an occasional bit of mockery when it results in a mock-worthy event.
FWIW, it's also good to point out testnet.  The OP claimed hesitance in attacking bitcoin proper: Thats a good thing, since it's a system many people use. But we have testnet mode specifically for this purpose.  You can test on testnet without fear of upsetting/hurting anyone and without losing much of value if you end up burning coins.   Bitcoin can be started in testnet mode with the -testnet parameter.

[jake262144]

Burt, it's not the mistake that's bugging me, it's the tone of his post that drives me up the wall.

OP is astoundingly authoritative in his tone for someone not having actually tried this attack.
I request the title be changed to something less alarming.
We have non-techie users here too and I'd hate for them to get confused and going on a linking spree:

OMG, we're doomed: https://bitcointalk.org/index.php?topic=57244.0
The sky is falling, run! https://bitcointalk.org/index.php?topic=57244.0
Bitcoin is broken!!!  https://bitcointalk.org/index.php?topic=57244.0
I told you Bitcoin wouldn't work. https://bitcointalk.org/index.php?topic=57244.0

OMG! is that why it's called Diablo miner???

Shhh, don't tell anyone