[Bitcoin-development] From the forums: one-confirmation attack
Joel Joonatan Kaartinen
joel.kaartinen at gmail.com
Thu Aug 18 15:36:23 UTC 2011
On Thu, 2011-08-18 at 10:00 -0400, Gavin Andresen wrote:
> The lessons are "don't accept 1-confirmation transactions" and "try
> to be well-connected."
>
> But maybe the deeper lesson is "don't trust information you get from
> only one peer." Or maybe "watch for peers that are trying to fool
> you."
This particular attack seems quite dependant on the target not using the
deposit Tx as input. I believe this whole class of attacks become
ineffective if each account has it's own separate wallet.
Also, receiving a block with a transaction that hasn't been broadcast to
the network is in itself quite suspect. Are there cases where that
happens legitimately? Perhaps in such a case, don't treat the block it
came in as a confirmation at all. Instead, start counting from the next
one.
- Joel
More information about the bitcoin-dev
mailing list