[Note: I was in the middle of writing this when ranochigo posted. Thus some of the redundancy.]
Run a full node for validation, too. SPV and other light clients can be fooled by certain attacks. I dont think an SPV node could be made to accept a fake transaction, in and of itself; but it could be misled onto a forkchain, which would allow feeding it a whole ledger full of fake transactions.
You are so technical and it isn't good for ordinary people.
If you dont want technical discussion, then why are you posting in Development &
Technical Discussion? Ask in another forum. I dumb things down for people over there, or I stay away. Also, I personally couldnt care less what you say is good for ordinary people.
But if you desire a technical education, this is an excellent place.
But i can't run a full node. Also i don't understand how a full node can detect a fake transaction before confirmations.
You never defined a fake transaction. I will infer a precise definition: A transaction which does one or more of (0) violating consensus rules, and/or (1) spending inputs which were already spent (
viz. a double-spend tx).
Protection against (1) is the purpose and the
only purpose of miners and confirmation. The technical term is that confirmation provides
Byzantine fault tolerance in the
ordering of transactions. Ordering is important, that is what chooses between multiple conflicting transactions in a double-spend scenario. Byzantine fault tolerance means in effect that untrusted and mutually untrusting parties with unreliable communications can reliably converge on a common agreement, excluding malicious cheaters.
Full protection against (0) is built into Core, which validates each and every transaction according to a stringent set of rules. Every bit and byte of each and every transaction must pass validation, or else the whole transaction is simply discarded. Full nodes also validate whole blocks of transactions, according to yet more rules; this prevents malicious miners from messing with the network. A Core node follows whichever
fully valid chain has the highest total proof-of-work.
If a transaction passes all consensus rule validation and has been confirmed, then by definition it is not fake.
If you cant run a full node, then what you are saying is that you cant have full validation. Theres no magical means to wave that away. The better light clients (such as
Electrum) are good enough for most light consumer use; but they will never have the security of a Core node.
I havent bothered to pick that apart and see whats going on. But as kahc noted, its probably just exploiting a bug in blockchain.infos (notoriously buggy) software. Solution: Run Core.
If youre worried about unconfirmed transactions, wellyou should be. Wait for confirmation. Unconfirmed transactions are insecure; they could turn out to be fake in the sense of a being overridden with a double-spend. Thats why the process of confirming transactions exists in the first place!
Double-spend isn't big problem here.
I can detect it by checking final balance and last transactions of sender address that all it's transactions are confirmed.
The
only way to protect against double-spends is with confirmations.
Unconfirmed transactions are never safe. They always have some possibility of being overridden with a double-spend. It is impossible that you could detect that; and if there were such a way, we wouldnt need miners. Whatever you are doing, it is not achieving what you suppose.
Also, if it is not a Segwit transaction, then before confirmation there is the tx malleability issue to worry about. Segwit fixes tx malleability.
I don't understand it. all BTC transactions after 1st aguest 2017 are Segwit, aren't?
Segwit, which activated 24th August 2017 at Block #481824, was a softfork. It still permits old-style transactions. Indeed, if your address starts with a 1, then you are still sending non-Segwit transactions
and vastly overpaying in fees. This is important if you want to save on fees (and also help the network), so I will briefly explain.
Oversimplifying a bit: Whether or not a transaction is a Segwit tx is determined by the address of the
sender. So if you want to send Segwit tx and get a sharp fee discount, you need to use a Segwit address. There are two kinds of Segwit addresses:
- Backwards-compatible P2WPKH-nested-in-P2SH addresses, such as the one in my signature: 36finjay27E5XPDtSdLEsPR1RypfhNW8D8. These start with a 3; but not all addresses starting with a 3 are Segwit addresses (just as all dogs are animals, but not all animals are dogs). There is no way to distinguish whether or not a 3 address is Segwit, just by looking at it. These addresses have some disadvantages, but one important advantage: Every Bitcoin client made in the past few years can send money to them.
- Bech32 addresses, which I call Bravo Charlie One addresses because they always start with bc1. Those look like this: bc1qnym7k9hfl77zgrstcrjhphm0llne5j4w0m3fuu Thats the Bitcoin address of the future, redesigned with error-correcting codes and no upper/lowercase distinction. But Bech32 has one temporary disadvantage: Only people who have upgraded to the newest software can send money to it. I want people to send me money, so Im still using nested P2SH; I hope to switch to Bech32 in about 612 months.
I do services and get BTC from people for it. I can't wait 5 days for confirmations. Bitcoin is not user-friendly any more. I think I should choose another coin very soon
Ok, bye! Dont let the door hit your butt on the way out.
Bitcoin doesnt need you. Big money is now involved, and big money is competing with itself. I am perpetually amused by how people dont realize that even if youre a whale, you need Bitcoin and Bitcoin does not need you. Youre not doing Bitcoin any favours.
So sell now, SELL SELL SELL, dump your BTC, and go away. You will be crying a few years from now, when the 2017 market looks like the 2012 market does now. But by then, it will be too late; and neither Bitcoin nor I will give a damn what happens to you.
Im happy to help people who love Bitcoin. I volunteer many hours of my time explaining how to get an
instant fee discount with Segwit, how to generate nested P2SH Segwit addresses with the popular Electrum wallet, etc., etc. See above! But if you choose another coin very soon, I will be pleased to laugh at your future regrets.