1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
Return-Path: <pete@petertodd.org>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 01811BE7
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 15 Jul 2015 15:18:33 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from outmail149113.authsmtp.com (outmail149113.authsmtp.com
[62.13.149.113])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 394F11BC
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 15 Jul 2015 15:18:32 +0000 (UTC)
Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237])
by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t6FFIU19058776;
Wed, 15 Jul 2015 16:18:30 +0100 (BST)
Received: from savin.petertodd.org (75-119-251-161.dsl.teksavvy.com
[75.119.251.161]) (authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t6FFIPZb080223
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Wed, 15 Jul 2015 16:18:28 +0100 (BST)
Date: Wed, 15 Jul 2015 11:18:25 -0400
From: Peter Todd <pete@petertodd.org>
To: Tom Harding <tomh@thinlink.com>
Message-ID: <20150715151825.GB20029@savin.petertodd.org>
References: <24662b038abc45da7f3990e12a649b8a@airmail.cc>
<55A66FA9.4010506@thinlink.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="H+4ONPRPur6+Ovig"
Content-Disposition: inline
In-Reply-To: <55A66FA9.4010506@thinlink.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: bee89fa0-2b04-11e5-9f75-002590a135d3
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aAdMdwcUEkAYAgsB AmMbWlJeUVV7W2s7 bA9PbARUfEhLXhtr
VklWR1pVCwQmRRp3 cGd+OEtyfwVEen0+ bEJqXj4JCRFyfBAs
QlNWR20CeGZhPWUC WRZfch5UcAFPdx8U a1N6AHBDAzANdhEy
HhM4ODE3eDlSNhEd eQACK1McQE0CGCJ0 QxcZBjg0VUcUDyk0
MhYiJxsHBEsXPkQ0 PhM8X1kfNRETEAhT EyMFHDVQIUIITDYq CgVBNQAA
X-Authentic-SMTP: 61633532353630.1024:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 75.119.251.161/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Significant losses by double-spending unconfirmed
transactions
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 15:18:33 -0000
--H+4ONPRPur6+Ovig
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jul 15, 2015 at 07:35:21AM -0700, Tom Harding via bitcoin-dev wrote:
>=20
> You perform a valuable service with your demonstration, but you
> neglected to include the txid's to show that you actually did it.
=20
> Your advice is must-follow for anyone relying on an unconfirmed tx: it
> must pay a good fee and be highly relayable/minable.
Actually, I was looking at what I believe was (part of?) this attack
yesterday in the logs on my full-RBF nodes and the txs involved *did*
have good fees and were highly relayable/minable - the double-spent txs
had near 100% propagation on blockchain.info (who has unfortunately
purged the relevant data already)
Shapeshift.io depends on Blockcypher's "confidence factor" model(1)
under the hood - yet another one of those sybil attacking network
monitoring things - to estimate tx confirmation probability by looking
at the % of nodes a tx has propagated too. But miners frequently use
customized Bitcoin Core codebases that don't follow normal policies, so
those measurements don't actually tell you what you need to know.
hapeshift confirmed(2) the attack - confirming that they disabled
unconfirmed tx acceptance - said they're going to "improve" their
system... It'll be interesting to see what that actually entails.
1) https://medium.com/blockcypher-blog/from-zero-to-hero-bitcoin-transactio=
ns-in-8-seconds-7c9edcb3b734
2) https://www.reddit.com/r/Bitcoin/comments/3ddkhy/bitcoindev_significant_=
losses_by_doublespending/ct468p7
--=20
'peter'[:-1]@petertodd.org
000000000000000010bf087ed645cba129e2523930d5cde636ddbae9e03aef9c
--H+4ONPRPur6+Ovig
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
iQGrBAEBCACVBQJVpnm7XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAwODkyOTNiMzk0MDQ0ZTJiOTE0N2MyY2VlODRjZDQ3OGEy
MTJjN2FkZDEwOWNlZWIvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkftzJwf8DeAm5jQsEw+l8QAuM/Ke/gEU
rxUT4N+cO2vU+WAaG1AXzzfL8ZEBv1W0jNKTbUheNNo8WzgItYmtf5hqKZuF+T6B
9Rx4w4pB7l+S+bAHXa4xsaxcb3UQX+fHbZvnqD0XgEiH6n97VTQnUJnuBRIjgSNb
MuSMb1CXxGp7mv9lNKHEzTOrMflgdHGipxQ8e+tUcjgBNmzcP134QVOpZclEPMKg
1V9DVzkIJTelX5E1FRdZNEEVeI2mVsmzxSh2CziOniQtPljhAwck1uDC2A/dYaMa
JtjHE8yc7daLK/nBUOWJi46rQ8n9n1s9Caoq1kJlcSVAaGNf4OY4RL2sRALvug==
=zcmR
-----END PGP SIGNATURE-----
--H+4ONPRPur6+Ovig--
|