Published on: 2014-06-10T11:25:05+00:00
A potential attack on Bitcoin transactions has been proposed on the Bitcoin-development mailing list. The attack involves storing an unconfirmed transaction sent by a payer for a few days and then relaying it back to the network or mining it using the receiver's hash power. In this attack, the receiver, Alice, can obtain the bitcoins without the knowledge of the payer, Bob. The attack can also be carried out when using the Payment Protocol, as Alice is responsible for relaying the transaction to the network. However, Toshi Morita argues that Alice cannot intercept the transaction and prevent the rest of the network from seeing it.An email conversation between Raúl Martínez and Andrew Poelstra further discusses the feasibility of such an attack. Poelstra emphasizes the importance of reusing inputs when resending a transaction to avoid spending twice as much money. He also warns that any user interface suggesting a "cancel" feature not based on respending inputs is dangerously broken. Once a signed transaction leaves the system, it cannot be undone, regardless of low fees or nonstandard status.The discussion on the Bitcoin-development mailing list clarifies that Alice cannot intercept a transaction made by Bob and prevent the rest of the network from seeing it. The merchant's server must determine the payment conditions before broadcasting the transaction on the Bitcoin peer-to-peer network. A possible attack scenario is presented where Alice stores an unconfirmed transaction for a few days and later relays it to the network, causing confusion for Bob. However, there is no known fix for this issue, and it remains uncertain if this type of attack is even possible.In summary, a potential attack on Bitcoin transactions involves storing an unconfirmed transaction for a few days and then relaying it to the network or mining it with the attacker's hash power. This allows the attacker to gain possession of the bitcoins without the payer's knowledge. The attack can work with or without using the Payment Protocol. It is unclear if there is a fix for this problem or if the attack is possible to execute.
Updated on: 2023-08-01T09:29:02.727830+00:00