[Bitcoin-development] Malleability and MtGox's announcement

[Tier Nolan]

On Mon, Feb 10, 2014 at 7:47 PM, Oliver Egginger <bitcoin at olivere.de> wrote:

> As I understand this attack someone renames the transaction ID before
> being confirmed in the blockchain. Not easy but if he is fast enough it
> should be possible. With a bit of luck for the attacker the new
> transaction is added to the block chain and the original transaction is
> discarded as double-spend. Right?
>

No, the problem was that the transaction MtGox produced was poorly
formatted.

It wouldn't cause a block containing the transaction to be rejected, but
the default client wouldn't relay the transaction or add it into a block.

This means that transaction stalls.

If the attacker has a direct connection to MtGox, they can receive the
transaction directly.

The attacker would fix the formatting (which changes the transaction id,
but doesn't change the signature) and then forward it to the network, as
normal.

The old transaction never propagates correctly.

Up to this point the attacker has nothing gained. But next the attacker
> stressed the Gox support and refers to the original transaction ID. Gox
> was then probably fooled in such cases and has refunded already paid
> Bitcoins to the attackers (virtual) Gox-wallet.
>

They sent out the transaction a second time.

The right solution is that the new transaction should re-spend at least one
of the coins that the first transaction spent.  That way only one can
possibly be accepted.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140210/a1da9e05/attachment.html>