Похоже, нашли способ с помощью active attacker ломать (перенаправлять) транзакции ДО того как они будут проверены майнерами и попадут в block chain
( Read more... )
But as I said before, in high value systems like Mtgox, even simple fixes aren't simple and it took them quite some time to deploy a fix. However, I believe that it is actually fixed now.
My current understanding and inference is that the remaining issues are because while MtGox was producing transactions of the bad form that the network won't relay anymore- some people decided to help out by 'fixing' these transactions like BC.i did for iphone users- making the signatures normal and broadcasting them. Of course, the new transactions- while functionally identical- have different TXIDs.
The difference here is that the MtGox wallet software appears to have not handled this case gracefully at all, and apparently simply wouldn't notice transactions that it "didn't make" spending its own coins.
As a result the Mtgox wallet believed some coins were available for spending which really had already been spent and it began double spending those inputs. This may have interacted particularly poorly with the earlier workaround I mentioned- trying to always use the oldest available coins- if they did implement that workaround.
Worse, some of this may have resulted in users getting paid multiple times and could have been intentionally triggered with that end in mind if someone helpfully fixed some transactions and then noticed they got paid twice. (I think this is unlikely to have caused large losses, before people run off worrying about that, both because of the reuse of the oldest inputs and because of the hot wallet/cold wallet split).
MtGox also had problems with occasionally producing invalid signatures. This would normally be a simple fix. E.g. here is an example where I fixed this type of issue in some python wallet code I've never used (but saw a lot of people were copying): https://github.com/jgarzik/python-bitcoinlib/commit/4c64603ab60b0fa23c51090b3112be2f163aeeac
But as I said before, in high value systems like Mtgox, even simple fixes aren't simple and it took them quite some time to deploy a fix. However, I believe that it is actually fixed now.
My current understanding and inference is that the remaining issues are because while MtGox was producing transactions of the bad form that the network won't relay anymore- some people decided to help out by 'fixing' these transactions like BC.i did for iphone users- making the signatures normal and broadcasting them. Of course, the new transactions- while functionally identical- have different TXIDs.
The difference here is that the MtGox wallet software appears to have not handled this case gracefully at all, and apparently simply wouldn't notice transactions that it "didn't make" spending its own coins.
As a result the Mtgox wallet believed some coins were available for spending which really had already been spent and it began double spending those inputs. This may have interacted particularly poorly with the earlier workaround I mentioned- trying to always use the oldest available coins- if they did implement that workaround.
Worse, some of this may have resulted in users getting paid multiple times and could have been intentionally triggered with that end in mind if someone helpfully fixed some transactions and then noticed they got paid twice. (I think this is unlikely to have caused large losses, before people run off worrying about that, both because of the reuse of the oldest inputs and because of the hot wallet/cold wallet split).
http://www.reddit.com/r/Bitcoin/comments/1x93tf/some_irc_chatter_about_what_is_going_on_at_mtgox/cf99yac
Reply
Leave a comment