Author: Arthur Gervais 2013-06-27 16:03:37
Published on: 2013-06-27T16:03:37+00:00
On June 27, 2013, Arthur Gervais informed Bitcoin developers of a vulnerability that could result in a double-spending attack in a fast payment scenario due to signature encoding incompatibilities between versions 0.8.2 (or 0.8.3) and earlier versions. He provided a detailed description of the vulnerability at a given link, but Gregory Maxwell suggested citing prior discussions of this transaction pattern. Maxwell cited examples of why taking non-reversible actions on unconfirmed transactions is unsafe. Meanwhile, Gervais clarified that their reported problem has nothing to do with fees, dust, nor is it necessary to send the two double-spending transaction at the same time. In their setting, double-spending still works if the second transaction is sent after minutes (and the first transaction has not yet been included into a block). They only aim to raise awareness for merchants who have to accept zero-confirmation transactions, suggesting they should be aware of the signature encoding difference between Bitcoin versions and the possible consequences.
Updated on: 2023-06-06T19:18:28.585469+00:00