[Bitcoin-development] Transaction malleability in the core code: update

Gavin Andresen gavinandresen at gmail.com
Thu Feb 20 15:40:34 UTC 2014

A quick update on the state of transaction malleability work in
Bitcoind/Bitcoin-Qt (aka Bitcoin Core). This is not about longer-term
malleability issues, just the very short-term work being done (or already
done) to the reference implementation.

First, the problems:

We've had a longstanding TODO to improve the way the core code deals with
double-spends. From the core code's point of view, malleable transactions
are just one particular form of double-spend.

Improving double-spend handling never made it to the top of the TODO list,
because the cases where it happened involved doing unsupported things (like
copying your wallet.dat to another machine and then spending on both

And because there is a heavy-handed workaround if a wallet becomes confused
because of a double-spend:  restore all of the keys, rescan for
transactions confirmed in the blockchain, and any outputs tied up in
double-spends get released. Coins (really, unspent transaction outputs)
were never permanently lost, but they could be tied up and unspendable when
associated with a 0-confirmation transaction that would never confirm.

So, work in progress or done:


These implements a kinder, gentler sledgehammer (-zapwallettxes) to fix a
confused wallet. If you have a wallet with 0-confirmation transactions that
are tying up bitcoins these should fix it.


These three merged pull requests implement a new command-line option:
-nospendzeroconfchange .  The best way to get a wallet confused is to spend
zero-confirmation change outputs that you created yourself; if the
transaction creating the change gets mutated, then the subsequent
transaction is invalid and will never confirm.

The core code spends unconfirmed change only as a last resort. If you are a
service using bitcoind that generates a lot of transactions then best
practice would be to run with -nospendzeroconfchange, and use "sendmany" to
batch payments only after previous payments have confirmed.


This tightens up the IsStandard() rule, so the easiest-to-implement method
of mutating transactions is blocked. Many big mining pools are already
running this patch.


These three get at the root of the problem; they rework the core wallet
code to implement "handle double spends better."  See the pull requests for

How can you help:

Testing and code review is, as always, the bottleneck for getting out a
release with these changes.

We have a chronic problem with people running Bitcoin services on top of
the core code waiting until there is an "official" release, and then
assuming that somebody else has done the hard work of reviewing and testing
the changes.

might trigger some edge-case bug that was missed, or perhaps the size of
your wallet triggers a performance problem introduced by a fix.

Or, in other words: do not treat the core development team as if we were a
commercial company that sold you a software library. That is not how open
source works; if you are making a profit using the software, you are
expected to help develop, debug, test, and review it.

Gavin Andresen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140220/6ba57731/attachment.html>

More information about the bitcoin-dev mailing list