[Bitcoin-development] Possible attack: Keeping unconfirmed transactions

Raúl Martínez rme at i-rme.es
Tue Jun 10 11:25:05 UTC 2014


I believe that the Payment Protocol works that way, the merchant broadcast
the Tx.
El 10/06/2014 13:23, "Chris D'Costa" <chrisjdcosta at gmail.com> escribió:

> I wonder if Raul is mistakenly under the impression that the transaction
> only reaches the Bitcoin network via Alice? In which case the premise of
> this "attack" is incorrect.
>
> *Chris D'Costa*
>
>
> Follow on Twitter: *@cjdcosta*
>
> *---------------------------------------------------------------------------------------*
> chris.dcosta at meek.io (Meek)
> chris.dcosta at sossee.com (Blog)
> chrisjdcosta at gmail.com <chris_dcosta at me.com> (Personal)
> chris.dcosta at bitcoinassociation.be (Belgian Bitcoin Association)
>
> ---------------------------------------------------------------------------------------
>
>
> On 7 June 2014 00:02, Raúl Martínez <rme at i-rme.es> wrote:
>
>> I dont know if this attack is even possible, it came to my mind and I
>> will try to explain it as good as possible.
>>
>> Some transacions keep unconfirmed forever and finally they are purged by
>> Bitcoin nodes, mostly due to the lack of fees.
>>
>>
>> Example:
>> ---------
>>
>> Alice is selling a pizza to Bob, Bob is now making the payment with
>> Bitcoin.
>> The main goal of this attack is to store a unconfirmed transaction send
>> by Bob for a few days (it will not be included in the blockchain because it
>> has no fee or due to other reason), Bob might resend the payment or might
>> just cancel the deal with Alice.
>>
>> Bob forgets about that failed trade but a couple of days later, Alice,
>> who has stored the signed transacion, relays the transaction to the network
>> (or mines it directly with his own hashpower).
>> Bob does not know what is happening, he believed that that transaction
>> was "canceled forever", he even does not remember the failed pizza deal.
>>
>> Alice has now the bitcoins and Bob does not know what happened with his
>> money.
>>
>> ---------
>>
>> This might also work with the Payment Protocol because when using it Bob
>> does not relay the transaction to the network, its Alices job to do it,
>> Alice stores it and tells Bob to resend the payment, Bob creates another
>> transaction (If has the same inputs as the first TX this does not work)
>> (this one is relayed by Alice to the network).
>>
>> Alice comes back a couple of days later and mines with his hashrate the
>> first transaction (the one she didnt relayed to the network).
>>
>> Alice now has two payments, Bob does not know what happened.
>>
>>
>> -----------
>>
>> I hope that I explained well this possible attack, I dont know if there
>> is already a fix for this problem or if it is simply impossible to execute
>> this kind of attack.
>>
>> Thanks for your time.
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140610/d7a8ec9c/attachment.html>


More information about the bitcoin-dev mailing list