1

Say a malicious mobile bitcoin client is created, programmed to quickly send two or more double-send transactions whenever a payment is made.

Is this an attack vector we should be concerned of?
What could be done in order protect against such an attack?

Gary
  • 7,593
  • 3
  • 33
  • 59
nivs
  • 647
  • 4
  • 13

2 Answers2

2

What could be done in order protect against such an attack?

Wait for N confirmations before accepting a payment as successful.

o0'.
  • 5,240
  • 6
  • 39
  • 66
  • What happens if I have an Android app that broadcasts two transactions, spending the same input, to a different set of nodes whenever I pay for coffee? Only one of them will be mined into one of the next blocks, but does it mean I have to wait for ~10 minutes at the coffee shop? – nivs Apr 04 '13 at 12:44
  • @nivs exactly. Of course, for very small amounts that isn't important. In case it will ever be, that is fixed using third party services, similar to how debit cards work. – o0'. Apr 04 '13 at 12:46
  • Using third party services (especially for processing small payments) breaks one of the most important benefits of bitcoin. – nivs Apr 04 '13 at 12:53
  • @nivs or you can wait 10 minutes, if you prefer. – o0'. Apr 04 '13 at 12:54
  • 3
    @nivs With regards to the coffee shop situation, there still is some protection. I can look for that unconfirmed transaction. It isn't conclusive until its been mined and confirmed sufficiently, because a double spend could be hidingin an obscure part of the network and until the transaction is mined and confirmed it isn't 100% protected against that kind of deliberate double spend. But there are some risks with fiat currency as well (counterfeit, for example) and a vendor like a coffee shop will typically absorb those small risk in favor of customer convenience. – David Ogren Apr 04 '13 at 13:06
  • 1
    The coffee shop is also at risk that you'll run off without paying! In the future, escrow services like nivs mentions will exist but very few places will use them, because if the transaction is big enough, you can wait 60 minutes, and if it's small, you'll trust the customer not to run away, same as today. – Eyal Apr 08 '13 at 16:50
-3

If you try to spend the same coins twice, proper clients won't accept the block as valid. Read rules 9 and 14 here:

https://en.bitcoin.it/wiki/Protocol_rules#.22tx.22_messages

Double-spend could occur if the transaction history forks, but forks don't usually last very long. Having 6 confirmations after the transaction should be sufficient.

Eyal
  • 1,669
  • 9
  • 14