Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UFTdW-0003xM-9g for bitcoin-development@lists.sourceforge.net; Tue, 12 Mar 2013 18:09:18 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.178 as permitted sender) client-ip=209.85.217.178; envelope-from=gmaxwell@gmail.com; helo=mail-lb0-f178.google.com; Received: from mail-lb0-f178.google.com ([209.85.217.178]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UFTdS-00062v-0F for bitcoin-development@lists.sourceforge.net; Tue, 12 Mar 2013 18:09:18 +0000 Received: by mail-lb0-f178.google.com with SMTP id n1so217563lba.23 for ; Tue, 12 Mar 2013 11:09:07 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.152.125.239 with SMTP id mt15mr14855923lab.26.1363111747104; Tue, 12 Mar 2013 11:09:07 -0700 (PDT) Received: by 10.112.96.164 with HTTP; Tue, 12 Mar 2013 11:09:06 -0700 (PDT) In-Reply-To: References: <513ED35A.8080203@gmail.com> <201303121210.34515.luke@dashjr.org> Date: Tue, 12 Mar 2013 11:09:06 -0700 Message-ID: From: Gregory Maxwell To: Alan Reiner Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1UFTdS-00062v-0F Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Some PR preparation X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 18:09:18 -0000 On Tue, Mar 12, 2013 at 9:55 AM, Alan Reiner wrote: > I don't want to misrepresent what happened, but how much of that was really > a risk? The block was rejected, but the transactions were not. Some but not much. If someone flooded a bunch of duplicate concurrently announcing both spends to as many nodes as they could reach they would almost certainly gotten some conflicts into both chains. Then both chains would have gotten >6 confirms. Then one chain would pop and anyone on the popped side would see >6 confirm transactions undo. This attack would not require any particular resources, and only enough technical sophistication to run something like pynode to give raw txn to nodes at random. The biggest barriers against it were people being uninterested in attacking (as usual for all things) and there not being many (any?) good targets who hadn't shut down their deposits. They would have to have accepted deposits with <12 confirms and let you withdraw. During the event an attacker could have gotten of their deposit-able funds. On Tue, Mar 12, 2013 at 10:35 AM, Peter Vessenes wrote: > Can some enterprising soul determine if there were any double-spend attempts? > I'm assuming no, and if that's the case, we should talk about that publicly. There were circulating double-spends during the fork (as were visible on blockchain.info). I don't know if any conflicts made it into the losing chain, however. It's not too hard to check to see what inputs were consumed in the losing fork and see if any have been consumed by different transactions now. I agree it would be good to confirm no one was ripped off, even though we can't say there weren't any attempts.