Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: New transaction malleability attack wave? Another stresstest?
by
Zyklon87
on 12/10/2015, 10:59:58 UTC
Quote from: Perlover on October 12, 2015, 10:34:34 AM
Quote from: tl121 on October 11, 2015, 07:48:48 PM
Quote from: BitNow on October 11, 2015, 07:17:48 PM
Can somebody explains in a simple sentence (subject + verb + object) what's the problem with this attack, besides that can be a possible duplicate for your transaction that never gets accepted by the Blockchain and gets deleted by the Blockchain after 1 week (estimated time)?

There are two problems:

1. Some wallets get confused should they send a transaction that gets changed by the attack, giving wrong status information to the user.

2.  The attacker can increase the size of the memory pool of unconfirmed transactions, which uses extra processing resources, memory resources and network bandwidth, potentially causing sluggish performance of the network and crashing weak nodes.


I will tell more

I have Mycelium 2.5.2. It allows to spend from unconfirmed transactions (without this feature a user could not make a next transaction until a next block in blockchechain will be generated but user should have a right to spend a change al least for example from a previous payment without waiting)
But this attack has a biggest problem as you could think - now i cannot spend my money from HD account already 3 days because this attack affected my Mycelium wallet. How it happens:

I did Tx - A. After soon i did other Tx - B. The B uses inputs from Tx A. Both transactions were unconfirmed. But attacker rebroadcasted  a changed new transaction - A'. And this transaction was confirmed! After refreshing in the Mycelium wallet the last one forgot about A and replaced it by A' Tx. But after i had the A', the B transaction which used inputs from my other Txs and from the A! But the A already doesn't exist because it was double-spended for blockchain! And the Tx B looks like normal transaction (not double-spend!) because it has input from A transaction (other hash) - there is original TxID and its Tx was forgotten. Miners and full nodes think that they have the B transaction but didn't get a the A yet (other inputs refere to valid Txs of course). And this transaction hangs in mempool already three days and i cannot use other inputs! As a result of this - i as user cannot use other bitcoins already some days. I tried to archive account in Mycelium, wait 1-2 days and activate account again - and this "zombie" B Tx restored again (i see it happens because the Mycelium company has own bitcoin blockchain explorer which remembers this B Tx long time).

I think it problem is not only of the Mycelium wallet software.

While malleability will be in current protocol and the BIP62 doesn't work yet - any atacker will be able to make many shit to other user with wallet software - in this case there only one way to use bitcoin: to make one transaction in wallet -> wait until confirmation -> doing next transaction... It is stupid and very not comfortable way of bitcoin using.

What do you think about this?

P.S. I am as an advanced user exported xpriv key in Electrum and after this made new transaction and did double-spend of other inputs which were blocked by B Tx... But should what do not-advanced user? He will think that bitcoin sucks and he lost a money...

I updated Mycelium to v2.5.3 and I couldn't make 3-4tx in a row without being confirmed last tx, then try to send others, here what error I get when I try to send 2nd tx without being confirmed first one http://imgur.com/I7HDhQf which is bullshit as my wallet was synced !

As far as I know you could make tx from Mycelium without being confirmed or make tx like as much as you want before first, second .. tx without being confirmed, but I think these changes are from v.2.5.3 and I think it's better for begginers to wait until this attack is over or BIP62 or whatever is implemented to fix this issue/attack.