Forum Home
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    Before I tweet this can someone technical please confirm...

    Feathercoin Discussion
    4
    5
    796
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chrisj Regular Member last edited by

      About 6 paragraphs down, is this an accurate summary of the TX problem?

      [quote]When you write an amount of money, say twenty-three thousand four hundred and twenty-two dollars and fifty-four cents, you typically write that as $23,422.54. But it would also be valid to write it as $0,023,422.54. Or $0,000,023,422.54. This fact – that one number can be written in many ways, all valid – is the malleability. (For the sake of completeness, it wasn’t the amount, but another number in the transaction record that was concerned.)
      This was tightened in the bitcoin protocol to only allow the shortest version of writing a number, $23,422.54, in this specific code change, which happened a whole year ago.
      This change was ignored by MtGox, if I may speculate, probably because â€Å"it kept working anyway”. That is, until bitcoin 0.8, when the core developers decided to enforce this change across the protocol, having had the tightening published for over a year. The moment bitcoin 0.8+ gained majority deployment on the network, such invalid transactions started getting rejected.[/quote]

      1 Reply Last reply Reply Quote 1
      • M
        Matl Regular Member last edited by

        This article seems to corroborate that:
        http://beforeitsnews.com/eu/2014/02/the-embarrassing-fact-mtgox-left-out-of-their-press-release-their-bad-code-hygiene-was-the-direct-cause-of-problems-2550398.html

        1 Reply Last reply Reply Quote 1
        • Bushstar
          Bushstar last edited by

          It seems to me that people are only starting to wake up to the malleability issue. Silk Road 2.0 had its coffers emptied yesterday and some people joke about it but it is big news and could happen elsewhere. In a similar way everybody’s hate on MtGox seemed to get in the way of what they were telling us, that there is a major flaw in crypto that is being exploited to withdraw more crypto from a system than allowed.

          My plan was to move to 0.8.6 next week and look at some of the difficulty tweaks put forward by Wrapper to thwart the continued abuse by multipools and increase block speed (while reducing block reward). I think that now it will be a case of moving to 0.8.6 and adding the upcoming fix for transaction malleability poste haste.

          Considering this flaw the markets are holding very well, I reckon that chap who sold down to $100 on BTC-e was reacting to this issue. This does sounds like the kind of flaw that kills crypto. I always imagined that the Bitcoin killer would be a technical fault and wonder if this is it.

          Here’s some words from Gavin that you may or may not have read yet.

          [b]Update on Transaction Malleability[/b] - [b][i]Gavin Andresen[/i][/b]
          [quote]You may have noticed that some exchanges have temporarily suspended withdrawals and wondering what’s going on or more importantly, what’s being done about it. You can be rest assured that we have identified the issue and are collectively and collaboratively working on a solution.

          Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions. This is exposing bugs in both the reference implementation and some exchange’s software.

          We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds.

          Users of the reference implementation who are bitten by this bug may see their bitcoins â€Å"tied up” in unconfirmed transactions; we need to update the software to fix that bug, so when they upgrade those coins are returned to the wallet and are available to spend again. Only users who make multiple transactions in a short period of time will be affected.

          As a result, exchanges are temporarily suspending withdrawals to protect customer funds and prevent funds from being misdirected.

          Thanks for your patience. Follow us [url=https://twitter.com/BTCFoundation]@BTCFoundation[/url] for updates as we learn more and make progress.[/quote]
          [i][size=8pt]Source: https://bitcoinfoundation.org/blog/?m=201402[/size][/i]

          Donate: 6hf9DF8H67ZEoW9KmPJez6BHh4XPNQSCZz

          1 Reply Last reply Reply Quote 1
          • K
            Kevlar Spammer last edited by

            [quote name=“Bushstar” post=“58983” timestamp=“1392369366”]
            It seems to me that people are only starting to wake up to the malleability issue. Silk Road 2.0 had its coffers emptied yesterday and some people joke about it but it is big news and could happen elsewhere. In a similar way everybody’s hate on MtGox seemed to get in the way of what they were telling us, that there is a major flaw in crypto that is being exploited to withdraw more crypto from a system than allowed.
            [/quote]

            Incorrect.

            There’s a major flaw in some custom wallet implementations in that they rely on the transaction id being verified to confirm transactions, and do the simply unthinkable thing of sending the withdraw again without checking the original inputs. There’s also a flaw in the reference client which can cause your balance to read incorrectly, but your coins are perfectly safe.

            This is a flaw with how accounting packages are tracking their withdraws, and has nothing to do with the blockchain protocol itself. This bug would be identical if the programmer who wrote the bank integration made a faulty assumption and started marking a bunch of transactions as having not been sent prompting the accounting packages to resend the transaction, even though they had been. This isn’t specific to crypto currencies, it’s specific to accounting packages.

            According to Defcon, the owner of SR2:
            [quote]
            Defcon alleged that six users colluded to exploit this bug with Silk Road 2’s automatic verification system to drain the entire centralized account of its bitcoins.
            [/quote]

            Let’s be very clear about this: The transaction malleability bug doesn’t allow users to spend coins that they otherwise couldn’t spend. What it does is expose a major flaw in how programmers assume transactions can be verified, an assumption that should never be made when dealing with people’s currency.

            [quote]
            This does sounds like the kind of flaw that kills crypto. I always imagined that the Bitcoin killer would be a technical fault and wonder if this is it.
            [/quote]

            No, no, a thousand times no! There’s NOTHING WRONG WITH CRYPTO. The protocol remains secure, and nothing can be stolen.

            From Gavin himself:
            [quote]
            This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds.
            [/quote]

            DoS attacks have happened on the network before, and yet the price went way up. You know what was a LOT scarier? The fork in the first quarter of 2013. That right there bears a lot closer resemblance to a crypto-killer: Suddenly there’s two blockchains, both of which you can spend your coins on, which is double spending.

            This is simply a temporary DDoS which is easily remedied and no ones coins were stolen as a result of an insecurity in the protocol, merely as the result of an insecurity of accounting package developers.

            Come on Bushstar, you’re in a position of power and you’re explicitly moving against the lead developers who are saying, “This isn’t a problem with crypto.” and spreading FUD. [u][b]That’s not cool at all[/b][/u]. Cryptos have a long and healthy life ahead of them, and if this was REALLY a problem with the protocol, you’d be seeing sub $100 prices, and it STAYING THERE. This isn’t a crash at all, it’s an adjustment, and an incredibly SMALL one compared to other exploit related adjustments, and it’s about as far away as you can get from a ‘Bitcoin killer’.

            1 Reply Last reply Reply Quote 0
            • Bushstar
              Bushstar last edited by

              Well it got me spooked even though I read it was reference implementations. I read a few ‘end of days’ articles on Bitcoin with people saying Bitcoin killer and I figured that if it was just people’s own implementation of Bitcoin then why the smeg doesn’t MtGox just fix their system and get on with it. I guess that I kind of need to see the issue for myself and see that the client can read the balance as normal.

              [quote name=“Kevlar” post=“59101” timestamp=“1392416990”]
              Come on Bushstar, you’re in a position of power and you’re explicitly moving against the lead developers who are saying, “This isn’t a problem with crypto.” and spreading FUD. [u][b]That’s not cool at all[/b][/u]. Cryptos have a long and healthy life ahead of them, and if this was REALLY a problem with the protocol, you’d be seeing sub $100 prices, and it STAYING THERE. This isn’t a crash at all, it’s an adjustment, and an incredibly SMALL one compared to other exploit related adjustments, and it’s about as far away as you can get from a ‘Bitcoin killer’.
              [/quote]

              Alright, I’ll keep my anxiety to myself in future.

              Donate: 6hf9DF8H67ZEoW9KmPJez6BHh4XPNQSCZz

              1 Reply Last reply Reply Quote 1
              • First post
                Last post