Double spending while spending bitcoin on stores

[Josef27]

Do you think it's possible and dangerous?

Because it needs around a minute to 2 hours to confirm a block, and there is no way to wait a confirmation while you on the queqe line.
Let just say they're "okay" with no current block confirmation and let you leave the store, but what if someone just sent a payment with no fees, make them not included and confirmed in the next block, Then after he leaves he quickly create a new transaction into his new wallet, make a double spending.

What do you think?

[Meuh6879]

you can't double spend in an open environment ...
you can double-spend with a isolated bitcoin core server and local network ... and a wallet with "trusted IP" pointed on this server (to accept 0-confirmation transaction).

in real world, you can't have this ... even if you want. 

[Josef27]

you can't double spend in an open environment ...
you can double-spend with a isolated bitcoin core server and local network ... and a wallet with "trusted IP" pointed on this server (to accept 0-confirmation transaction).

in real world, you can't have this ... even if you want. 

Really? But I ever do double spending while my current transaction isn't confirmed because no fees a long time ago..

[Meuh6879]

a time ago ... that the point.
with 0.8.6 perhaps.
with 0.9.0 = No, really no ...

[Mitchell]

Double spends are possible, but really hard to do because you would have to send both of them quickly and to two different parts of the network and hope that the seller picks up the one you are going to drop and the miners the one you want to be confirmed. Once a miner has seen a transaction it will reject any address that contains the same inputs.

I'm sure DannyHamilton or DeathAndTaxes can explain this a lot better. See this post by DeathAndTaxes for more information about sellers that accept 0 confirmation transactions.

[Josef27]

a time ago ... that the point.
with 0.8.6 perhaps.
with 0.9.0 = No, really no ...

Oh, maybe I kinda out of the loop here. Thanks for pointing it out, gonna try it again someday (For testing purpose only of course)

Double spends are possible, but really hard to do because you would have to send both of them quickly and too two different parts of the network. Once a miner has seen a transaction it will reject any address that contains the same inputs.

I'm sure DannyHamilton or DeathAndTaxes can explain this a lot better. See this post by DeathAndTaxes for more information about sellers that accept 0 confirmation transactions.

Gonna check it, thanks!

[cramved]

Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.

[Josef27]

Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.

I ever heard about that too, but the one I ever experience that one of them get processed and the other aren't.

[Lorenzo]

OP's scenario seems to describe a race attack:

Race attack

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.

Link: http://en.bitcoin.it/wiki/Double-spending

Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.

The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally.

[cramved]

OP's scenario seems to describe a race attack:

Race attack

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.

Link: http://en.bitcoin.it/wiki/Double-spending

Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.

The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally.

Is it possible to know which one it will invalidate or is random?

[CIYAM]

Is it possible to know which one it will invalidate or is random?

It isn't really possible to know (although fees could make one tx more likely than another to confirm).

But assuming that the fees are the same then it would effectively be random (as it will depend on which tx got included in the best PoW chain).

My guess is that services like BitPay already detect such attempts and would warn their clients ASAP.

[cramved]

Is it possible to know which one it will invalidate or is random?

It isn't really possible to know (although fees could make one tx more likely than another to confirm).

But assuming that the fees are the same then it would effectively be random (as it will depend on which tx got included in the best PoW chain).

So that makes it hard to use it as a way to change your mind about a transaction, which is a good thing.

[Lorenzo]

OP's scenario seems to describe a race attack:

Race attack

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.

Link: http://en.bitcoin.it/wiki/Double-spending

Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.

The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally.

Is it possible to know which one it will invalidate or is random?

Miners can choose which transaction to include in the next block. Most pools will choose the one that came first although some (e.g. BitUndo) will choose the one with the higher fee. So in most situations, the second transaction would be invalidated and never included in the blockchain.

If you want to read a good explanation of how it works, see the first answer below:

http://bitcoin.stackexchange.com/questions/26926/could-any-standard-fee-transaction-be-double-spent-by-using-a-higher-fee

EDIT: Actually it seems that the above is only true if the transactions were sent very far apart since it assumes that the first transaction has been fully propagated by the network. If they were sent almost simultaneously (which is what would happen in most double spend attempts), whether or not the first or second transaction goes through would be essentially random. This is because while the reference client is designed to accept the first transaction received, there would be no way for all nodes in the network to agree on which transaction was first sent. Sending two double spend transactions to different nodes a few seconds apart would result in some nodes seeing A first and others B. If one of these happen to be the one that mines the next block, then the first transaction that it receives will be added to the next block (exceptions like BitUndo aside).

[cramved]

OP's scenario seems to describe a race attack:

Race attack

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.

Link: http://en.bitcoin.it/wiki/Double-spending

Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.

The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally.

Is it possible to know which one it will invalidate or is random?

Miners can choose which transaction to include in the next block. Most pools will choose the one that came first although some (e.g. BitUndo) will choose the one with the higher fee. So in most situations, the second transaction would be invalidated and never included in the blockchain.

If you want to read a good explanation of how it works, see the first answer below:

http://bitcoin.stackexchange.com/questions/26926/could-any-standard-fee-transaction-be-double-spent-by-using-a-higher-fee

The bitundo actually sounds like a good idea but wouldn't they have to find the block for it to work?

[Lorenzo]

OP's scenario seems to describe a race attack:

Race attack

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.

Link: http://en.bitcoin.it/wiki/Double-spending

Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.

The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally.

Is it possible to know which one it will invalidate or is random?

Miners can choose which transaction to include in the next block. Most pools will choose the one that came first although some (e.g. BitUndo) will choose the one with the higher fee. So in most situations, the second transaction would be invalidated and never included in the blockchain.

If you want to read a good explanation of how it works, see the first answer below:

http://bitcoin.stackexchange.com/questions/26926/could-any-standard-fee-transaction-be-double-spent-by-using-a-higher-fee

The bitundo actually sounds like a good idea but wouldn't they have to find the block for it to work?

Yes, they would need to find a block. Fortunately, they are a tiny pool with a tiny hashrate so their success rate is very low.

From their FAQ:

Q: How likely is it to undo my transaction

A: The likelihood is approximately the same as the percentage of mines using bitundo. Right now, this is pretty low.

[picolo]

Double spends are possible, but really hard to do because you would have to send both of them quickly and to two different parts of the network and hope that the seller picks up the one you are going to drop and the miners the one you want to be confirmed. Once a miner has seen a transaction it will reject any address that contains the same inputs.

I'm sure DannyHamilton or DeathAndTaxes can explain this a lot better. See this post by DeathAndTaxes for more information about sellers that accept 0 confirmation transactions.

Hard to do, not successfull open and it would be considered a fraud when done successfully so the shop would investigate and find a picture of you from the surveillance camera and get you next time you shop with them.

[cramved]

OP's scenario seems to describe a race attack:

Race attack

Traders and merchants who accept a payment immediately on seeing "0/unconfirmed" are exposed to a double-spend occurring, if there was a fraudulent attempt that successfully communicated one transaction to the merchant yet communicated a different transaction that spends the same coin that was first to eventually make it into the block chain.

Merchants can take precautions (e.g., disable incoming connections, only connect to well connected nodes) to lessen the risk of a race attack but the risk cannot be eliminated. Therefore, the cost/benefit of the risk needs to be considered when accepting payment on 0/unconfirmed when there is no recourse against the attacker.

The research paper Two Bitcoins at the Price of One finds that the protocol allows a high degree of success by an attacker in performing race attacks. The method studied in the research paper depends on access to the merchant's Bitcoin node which is why that even prior to this paper, recommendations for merchants include disabling incoming connections and to choose specific outgoing connections.

Link: http://en.bitcoin.it/wiki/Double-spending

Would double spending cause the network to undo both spend attempts? That is how I thought I works, would someone correct me on this if I am wrong.

The network will see both transaction attempts and invalidate one of them. The other transaction attempt should proceed normally.

Is it possible to know which one it will invalidate or is random?

Miners can choose which transaction to include in the next block. Most pools will choose the one that came first although some (e.g. BitUndo) will choose the one with the higher fee. So in most situations, the second transaction would be invalidated and never included in the blockchain.

If you want to read a good explanation of how it works, see the first answer below:

http://bitcoin.stackexchange.com/questions/26926/could-any-standard-fee-transaction-be-double-spent-by-using-a-higher-fee

The bitundo actually sounds like a good idea but wouldn't they have to find the block for it to work?

Yes, they would need to find a block. Fortunately, they are a tiny pool with a tiny hashrate so their success rate is very low.

From their FAQ:

Q: How likely is it to undo my transaction

A: The likelihood is approximately the same as the percentage of mines using bitundo. Right now, this is pretty low.

I guess if you make a large mistake then it is probably better than nothing!

[manselr]

Do you think it's possible and dangerous?

Because it needs around a minute to 2 hours to confirm a block, and there is no way to wait a confirmation while you on the queqe line.
Let just say they're "okay" with no current block confirmation and let you leave the store, but what if someone just sent a payment with no fees, make them not included and confirmed in the next block, Then after he leaves he quickly create a new transaction into his new wallet, make a double spending.

What do you think?

It's so unlikely improvable that it's like worrying that your credit card may or not may have confirmed the payment through your bank. People dont worry about this, they seem to think credit cards are instantaneous.. people should think like that about BTC but its even more secure.

[Rude Boy]

you can double spend yout bits with some scripting skill.
But unfortunately, updated wallets are not allowing you to double spend

[jbrnt]

I think someone must have tried double spending to test the network and so far there is no successful double spending attempts. Back to OP's question on buying a coffee with a transaction without a fee. I think merchants can assess the likelihood of it confirming and decide to accept or reject your payment.