Author: Aaron Voisine 2017-01-06 07:07:34
Published on: 2017-01-06T07:07:34+00:00
Credit card transactions are commonly used but frequently face fraud and chargebacks. The risk of accepting gossip information from multiple random peers in unconfirmed Bitcoin transactions with a SPV client is still minimal. Random node operators have no incentive to send fake transactions, and would need to control all the nodes a client connects to, and find a non-false-positive address belonging to the victim's wallet. Fraud risk is not equal for everyone and people value speed and convenience over known fraud risk in different situations. There are much juicier targets for an attacker with the ability to sybil attack the entire bitcoin p2p network. Merchants are willing to accept credit card payments worth thousands of dollars and ship the goods despite the fact that the transaction can be reversed up to 60 days later. It's important to recognize that bitcoin serves a wide variety of use cases with different profiles for time sensitivity and fraud risk. Unconfirmed transactions are incredibly important but not over SPV against random peers. If you offer users/merchants a feature (SPV 0-conf against random peers), that is fundamentally insecure, it will – sooner or later – lead to some large scale fiasco, hurting Bitcoins reputation and trust from merchants. It is recommended to disable unconfirmed transactions during SPV against random peers, enable unconfirmed transactions when using SPV against a trusted peer with preshared keys after BIP150, show how it can be enabled if disabled, and educate users that a transaction with no confirmation can be "stopped" or "redirected" any time, also inform about the risks during low-conf phase (1-5).
Updated on: 2023-06-11T04:56:17.470562+00:00