

Update on Transaction Malleability - sheetjs
https://bitcoinfoundation.org/blog/?p=422

======
TrainedMonkey
This puts a new spin on mtgox hate, for once something is not their fault and
it appears they were honest in their announcement.

~~~
nullc
If they were expressing a concern about a legitimate risk in the system
wouldn't something like the security list been the right avenue, and not an
accusatory press release?

You'll note that mtgox had funds taken from it, none of these other sites are.
They're just being flooded with junk that screws up their transaction
processing. It's not really the same thing at all.

~~~
sillysaurus2
_You 'll note that mtgox had funds taken from it_

Source, please? How much did mtgox lose?

~~~
nullc
I (Greg Maxwell) am the one of the two "Bitcoin core developers" mentioned in
the MtGox press release. My source is Mark Karpeles directly.

I do not know how much they lost. Most of my discussion with them was before I
think they knew exactly how much they lost. I had assumed, by the nature of
the issue, that it wasn't likely to be much. I'm a little less sure of it
based on their behavior since this weekend and due to finding out that there
software was automatically issuing reissuing transactions that it didn't think
had been paid out.

~~~
gojomo
An enterprising blockchain-spelunker _might_ be able to put a very rough
ballpark estimate on amounts lost by any affected repeat-payers, by:

(1) Find all confirmed transactions that have a signature that appears in non-
canonical form (and thus likely confirmed under an unexpected TXID);

(2) For those transactions, identify the paid-to addresses and amounts:
possible targets of make-up transactions. (Of course, it may be hard to
distinguish true targets from 'change'.)

(3) Find later transactions with the exact same paid-to addresses and amount:
these _may_ be erroneously-issued repeat payouts.

Of course, if the complaining user offers a different address for the make-up
transaction, this wouldn't work. On the other hand, a researcher already
working hard to correlate affiliated addresses, now or in the future, still
might be able to surmise when duplicate-amounts went to affiliated-addresses
in succession during the active exploitation period.

~~~
nullc
> (1) Find all confirmed transactions that have a signature that appears in
> non-canonical form (and thus likely confirmed under an unexpected TXID);

Unfortunately, you can't— MtGox had a long standing bug where they would
author transactions which were themselves non-canonical form (they encoded the
variable length values in DER as fixed length with excessive padding). This is
one of the reasons their transactions were getting stuck.

People mutating their transactions removed the padding, making them canonical.

~~~
gojomo
Aha, interesting. Seems someone could still run a similar process in reverse:
if MtGox's successful make-up transactions are non-canonical, find those
first, then look for canonical precursors, within the suspected-exploitation
timeframe.

That seems more prone to false-positives, though, and perhaps after some point
the flood of copycat non-canonicals becomes a problem. (On the other hand, if
MtGox was fairly unique for a while in issuing a particular kind of non-
canonical transaction, it could make mapping their affiliated addresses by
some larger effort easier.)

Some researchers might have records of most of the alternate transactions that
were circulating without being confirmed. For example, I don't know how
comprehensive Blockchain.info's double-spend report –
[https://blockchain.info/double-spends](https://blockchain.info/double-spends)
– is, but I imagine TXID-mutated variations might appear as double-spends
there. It's currently reporting 1126 detected double-spends - over 1000 in the
last 3 days, but before then, quite rare.)

------
mchusma
I think it is exciting to see mass attacks that aren't really bringing the
network down. It actually builds my confidence in Bitcoin.

~~~
ubernostrum
It is so exciting to know that a script kiddie can knock double-digit
percentages off the value of the currency while causing the community to
fragment into infighting and calling each other "full of shit". That really
builds my confidence in Bitcoin.

~~~
nullspace
That's really not fair. Bitcoin is still young and considering that it's
surprising we don't see more incidents like this.

Where is it written that it was a script kiddi. If this was the work of just a
script kiddie, we would be seeing incidents like this all the time.

