Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <dhuff@jrbobdobbs.org>) id 1QbOLk-0005UQ-LY
	for bitcoin-development@lists.sourceforge.net;
	Tue, 28 Jun 2011 02:48:28 +0000
X-ACL-Warn: 
Received: from mail-yx0-f175.google.com ([209.85.213.175])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-MD5:128)
	(Exim 4.76) id 1QbOLj-0003Nb-Jr
	for bitcoin-development@lists.sourceforge.net;
	Tue, 28 Jun 2011 02:48:28 +0000
Received: by yxe1 with SMTP id 1so2800600yxe.34
	for <bitcoin-development@lists.sourceforge.net>;
	Mon, 27 Jun 2011 19:48:22 -0700 (PDT)
Received: by 10.91.123.15 with SMTP id a15mr6050305agn.75.1309229301612;
	Mon, 27 Jun 2011 19:48:21 -0700 (PDT)
Received: from [10.253.253.32] (cpe-70-124-63-160.austin.res.rr.com
	[70.124.63.160])
	by mx.google.com with ESMTPS id w1sm6021416anh.3.2011.06.27.19.48.20
	(version=TLSv1/SSLv3 cipher=OTHER);
	Mon, 27 Jun 2011 19:48:20 -0700 (PDT)
Sender: Doug <mith@jrbobdobbs.org>
From: Doug Huff <dhuff@jrbobdobbs.org>
Content-Type: multipart/signed; protocol="application/pgp-signature";
	micalg=pgp-sha1; boundary="Apple-Mail-6-209616058"
Date: Mon, 27 Jun 2011 21:48:17 -0500
References: <D024B465-AD6C-4AAD-A07F-956223929B6F@jrbobdobbs.org>
To: Bitcoin Dev Development <bitcoin-development@lists.sourceforge.net>
Message-Id: <C9421AA2-D741-4989-9DA8-395D1F532F52@jrbobdobbs.org>
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Transfer-Encoding: 7bit
X-Pgp-Agent: GPGMail 1.3.3
X-Mailer: Apple Mail (2.1084)
X-Spam-Score: -0.3 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-0.3 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1QbOLj-0003Nb-Jr
Subject: [Bitcoin-development] Fwd: Live mtgox.com trade matching bug.
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2011 02:48:28 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-6-209616058
Content-Type: multipart/signed; boundary=Apple-Mail-5-209616051;
	protocol="application/pkcs7-signature"; micalg=sha1


--Apple-Mail-5-209616051
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8



Begin forwarded message:

> From: Doug Huff <mith@jrbobdobbs.org>
> Date: June 27, 2011 9:46:13 PM CDT
> To: full-disclosure@lists.grok.org.uk, "Mt.Gox" <info@mtgox.com>
> Cc: Bitcoin Dev Development =
<bitcoin-development@lists.sourceforge.net>
> Subject: Live mtgox.com trade matching bug.
>=20
> Step 1: Have USD available for spending on mtgox.com.
> Step 2: Put in a buy order large enough to drain your account. Low =
enough under the current trading price that it will not execute =
immediately.
> Step 3: Withdraw all USD funds.
> Step 4: Wait for market to fall enough to meet your order.
> Step 5: ...(self explanatory)...
>=20
> There's a bit of luck in being able to take advantage, obviously.
>=20
> I would suggest you take the site down asap until this is corrected or =
publicly show how this order will never execute:
>=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> Welcome <username removed> 0.00000000 =E0=B8=BFTC 424.44901
> Buying  138468.901  0.01  Active  1384.69  06/26 15:27  cancel
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> I cannot guarantee this order will execute but from everything I've =
observed about the new trade matching code I have no reason to believe =
it will not.
>=20
> At the very least this could be used to influence market conditions if =
it is only a display bug.
>=20
> --=20
> Douglas Huff
>=20
>=20

--=20
Doug Huff



--Apple-Mail-5-209616051
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKXDCCBN0w
ggPFoAMCAQICEHGS++YZX6xNEoV0cTSiGKcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCR0Ix
GzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwR
Q29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0w
NDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQx
FzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsx
ITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJz
dC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIx
B8dOtINknS4p1aJkxIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8
om+rWV6lL8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLmSGHG
TPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7Nl
yP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws6wIDAQABo4IBJzCCASMwHwYDVR0j
BBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59
MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAwewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5j
b21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu
Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDARBglghkgBhvhCAQEEBAMCAQYw
DQYJKoZIhvcNAQEFBQADggEBAJ2Vyzy4fqUJxB6/C8LHdo45PJTGEKpPDMngq4RdiVTgZTvzbRx8
NywlVF+WIfw3hJGdFdwUT4HPVB1rbEVgxy35l1FM+WbKPKCCjKbI8OLp1Er57D9Wyd12jMOCAU9s
APMeGmF0BEcDqcZAV5G8ZSLFJ2dPV9tkWtmNH7qGL/QGrpxp7en0zykX2OBKnxogL5dMUbtGB8SK
N04g4wkxaMeexIud6H4RvDJoEJYRmETYKlFgTYjrdDrfQwYyyDlWjDoRUtNBpEMD9O3vMyfbOeAU
TibJ2PU54om4k123KSZB6rObroP8d3XK6Mq1/uJlSmM+RMTQw16Hc6mYHK9/FX8wggV3MIIEX6AD
AgECAhEA3puo39RJhNVx/ssfdXafbjANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVT
VCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVU
Ti1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw0xMTA1MDEwMDAw
MDBaFw0xMjA0MzAyMzU5NTlaMCUxIzAhBgkqhkiG9w0BCQEWFGRodWZmQGpyYm9iZG9iYnMub3Jn
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZPhVmPPoaj999EiZAp6e/giHUrh0Pq2
/LjCFtVgP7clqtoStYyz7i9LojgmRqKu6cswpltUICp+rRskK6ISYRYkNf9w587D2xtqHVVjmoH8
afW/B0db4v+wC7wjzh+hFlXZ3q7sZApMqsFgAS3mdF+iEe5nNt9kGD7OhNlVimvNqcpIhJhRBhpW
7vi7/Rt8uVciDOYVARJq7Tb1zZe88wTFkVri075/nFYfikCgU3GccxvcnR9QwC7xoyGFtE/z8qjv
1h1Tn+eS7eEYQveQxMFNnEPHfoihpiSQpQUzEAJK96dwj8ED2CXtNpV6pQ9PCu2HWjXIVpZj+YNN
eOSRbwIDAQABo4ICFjCCAhIwHwYDVR0jBBgwFoAUiYJnfcSdJnAAS7RQSHzePa4Ebn0wHQYDVR0O
BBYEFGBmA3ruGdgBmCodBzi9QrRBvjz/MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMCAG
A1UdJQQZMBcGCCsGAQUFBwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYDVR0g
BD8wPTA7BgwrBgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2Rv
Lm5ldC9DUFMwgaUGA1UdHwSBnTCBmjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20vVVRO
LVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDBKoEigRoZEaHR0cDov
L2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3QtQ2xpZW50QXV0aGVudGljYXRpb25hbmRFbWFp
bC5jcmwwbAYIKwYBBQUHAQEEYDBeMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LmNvbW9kb2NhLmNv
bS9VVE5BQUFDbGllbnRDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv
bTAfBgNVHREEGDAWgRRkaHVmZkBqcmJvYmRvYmJzLm9yZzANBgkqhkiG9w0BAQUFAAOCAQEAj/Ck
hfsc3p7aoCSIMGOTVBzBjJBtCwWTUF1d/pnJ7ynWCiEOypIGGe0im5+Y1WH8+fVNgIwlifRSoZ1R
oloxXRuqiraKCevG5OC41Evkp67HmrrhlerLxUvoKLg7sDWfYtmQ24whfYEsd3Fm2u6KxoXboyyb
fdDhl5BLhWy+5kHHlIaoZjUoHHXOMuOZdhreIcJI54+wehddzwtdrhF0h2KUTm3tvA0e2kTX4Kzz
3JWIzFSsCmTdTx2UdiOBJmWZ8dgdskOSKRYByvSBT+/BsbF+JbJcjCHqDiEmmXQeTNuRDYeCPfkq
/HRSrEZMi/RORls1HSA79IOXjvj8RkAKyDGCA/8wggP7AgEBMIHEMIGuMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRS
VVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMt
VVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhEA3puo39RJhNVx
/ssfdXafbjAJBgUrDgMCGgUAoIICDzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3
DQEJBTEPFw0xMTA2MjgwMjQ4MThaMCMGCSqGSIb3DQEJBDEWBBS+SJ70+LtxAW0Z/SlFTTtzZ6ft
rDCB1QYJKwYBBAGCNxAEMYHHMIHEMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNV
BAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNV
BAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGll
bnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsAhEA3puo39RJhNVx/ssfdXafbjCB1wYLKoZIhvcN
AQkQAgsxgceggcQwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBM
YWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDov
L3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgRW1haWwCEQDem6jf1EmE1XH+yx91dp9uMA0GCSqGSIb3DQEBAQUABIIBACjt
Qxnz8O/Y3EnpezSXyfz/5RZ1+rHc+Egw/GrCkSmKdte8rwupVsmlUlm+VdpE8osvPTwhFREUK5+f
RShng1RRToCafsf6zyfjErtFnyXf5iXD9GUOekBfXrB9wv53DwcmDVnbjkh73chLmgOSbZLlKdPD
PkrCtjdJzXQ30F8vbX0i5XdTB5vW3UnW/e4gx8SUFFCP95m9pgQsCURT4k28uxNUzNKb6fjQiSwV
SVaTWE9wc4OFat9R3SRBQEwp7G5JNLJ/mjL48cPqiyalEHSSdC3zgJfVglbO8xtz18NyaiP46FMb
n3pDCyQEHd3XpI+fLEjjrLqdO2YCZwMIlJgAAAAAAAA=

--Apple-Mail-5-209616051--

--Apple-Mail-6-209616058
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJOCUDyAAoJEEPHkQabDWHPNekQAIrqNj7ZIUebGQCTKnJtS3Q0
nKNlkHuoWHRHFNOCldYz0MkpsbbMx3sXS9JZgsM3tkDuOcEokhysTAqgluVw1+HQ
sMfgSjXRPQXIGLWl478/9K2309+537oKYdJbYi6PX/G1awtrV2BWQ2ETQbTZ5cXM
q/wECfc3O4OABe7y4e7lu2OqE2ES0X6UMjOVjssL38fn1wWwM4s/3VTfQ78DUzB+
91eLWApW3xuksLTpg/nj3zrsm+IhJSkK8gT0cfxjGmwIHErbPDLuX3oWoPGFzYdX
FuTrAVGQDG7fayYTgZg1SdizQ2BGhLUxYBZO4OMtl3/EwZa4YuBAkMpCSTqbNqGk
YaY4cY/Ucnr5Jk66DQIM/KxAih4H14ACZDO5s0PBNlyRZph69SXCWoQG5HbnpOhe
my40Kk8gKtwuTWvorGsYQo7Wqk0kuTkuDA/jtRlJyNfRmAcIx+MKcANr31TT3Wkl
rEUqVuqaHDXr/g7zFMDuvteqqlFNMTAXFAafOkKBugG7LNuKb85RkEDS/dcF88Ic
gFJ9Pndd35du/TvPT29IU6DrP0oTqxWdpCbYZz6I0lUqlUhVFeFXj/B0I1JlsWoL
byzkTLJfbTWkfVr2lvo9oqkwIqitGAuggPZf4UgUoeh0P6H/1Sad+t9nhESk9kbs
wg/aJ6Nh749EPyntrVNL
=vWBx
-----END PGP SIGNATURE-----

--Apple-Mail-6-209616058--