[Bitcoin-development] Malleability and MtGox's announcement

Gregory Maxwell gmaxwell at gmail.com
Mon Feb 10 20:40:03 UTC 2014


On Mon, Feb 10, 2014 at 11:47 AM, Oliver Egginger <bitcoin at olivere.de> wrote:
> As I understand this attack someone renames the transaction ID before
> being confirmed in the blockchain. Not easy but if he is fast enough it
> should be possible. With a bit of luck for the attacker the new
> transaction is added to the block chain and the original transaction is
> discarded as double-spend. Right?
>
> Up to this point the attacker has nothing gained. But next the attacker
> stressed the Gox support and refers to the original transaction ID. Gox
> was then probably fooled in such cases and has refunded already paid
> Bitcoins to the attackers (virtual) Gox-wallet.

At this point the attack should fail. Before crediting the funds back Gox
should form a new transaction moving at least one of the coins the prior
transaction was spending and wait for that transaction to confirm.

Without performing this step— even if there were no malleability at all
you'd have the risk that someone would go resurrect the old transaction
and get a miner to mine it. Then it goes through.

With performing it, even if they missed the mutated transaction in the chain
their cancellation transaction could not confirm (because its a double spend).

> So far everything is clear. But what I do not understand: Why apparently
> had so many customers of Gox payment defaults or severely delayed
> payments?

Back in September a lot of people were having stuck transactions and
when I looked it was because Mtgox was spending immature coins: newly
generated coins which cannot be spent for 100 blocks since their creation.
(A rule since Bitcoin's started)

Then later it was noticed that they were producing transactions with invalid
DER encodings (excessively padded signatures). The Bitcoin network used
to accept these transactions, but in order to more towards eliminating
malleability
Bitcoin 0.8 and later will not relay and mine them.

Then after people started using mutation to fix those excessively padded
transactions and/or someone was exploiting Gox's behavior— it seems that
Gox's wallet may have been in a state where it thought a lot of coins weren't
spent that were and was reusing them in new transansactions... this one
is harder to tell externally— I saw it appeared to be producing a LOT of
double spends with different destinations, but I'm guessing as to the exact
cause.




More information about the bitcoin-dev mailing list