Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Cancel the best block when a duplicate stake is received #75
Conversation
added a commit
that referenced
this pull request
Oct 18, 2014
sigmike
merged commit 6658331
into
peercoin:develop
Oct 18, 2014
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
dooglus
Aug 10, 2015
Does this make it easier to double-spend?
Here's the attack:
- I pay you for something
- I stake my transaction into a block
- You see the confirmation, and send me the goods
- I stake my transaction into another block at the same height - I am guaranteed to be able to do this with no extra work
- This code change cancels the block I staked, leaving my transaction unconfirmed
- I send the same coin to myself and try to stake that transaction into a block
- It's now a simple race to see whether my original transaction gets staked before my replacement one. You thought you had 1 confirmation on my payment to you, but I was able to "undo" that confirmation
Is there a problem with that attack? I think it would work (assuming you accept a single confirmation, of course).
dooglus
commented
Aug 10, 2015
|
Does this make it easier to double-spend? Here's the attack:
Is there a problem with that attack? I think it would work (assuming you accept a single confirmation, of course). |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
sigmike
Aug 10, 2015
Member
I guess in step 4 you actually don't stake your transaction into the duplicate block. Otherwise there's no way you could send the coins to yourself in the next block.
The behavior of the nodes when they cancel a block is to put all its transactions into the memory pool. So when they see the transaction sending the same coins to yourself they will just reject it. The next node that will find a block will include the same transactions.
If you're the one who finds the next block then you can do it. But with 2 consecutive blocks you can already double spend a single confirmation transaction even without this change.
|
I guess in step 4 you actually don't stake your transaction into the duplicate block. Otherwise there's no way you could send the coins to yourself in the next block. The behavior of the nodes when they cancel a block is to put all its transactions into the memory pool. So when they see the transaction sending the same coins to yourself they will just reject it. The next node that will find a block will include the same transactions. If you're the one who finds the next block then you can do it. But with 2 consecutive blocks you can already double spend a single confirmation transaction even without this change. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
dooglus
Aug 10, 2015
Maybe I misunderstand this pull request, but I was thinking that the duplicate stake in step 4 has the effect of cancelling both itself and its twin block. That leaves the coin unspent (on the blockchain, obviously it's still spent in my original transaction) and free for me to double-spend it if I can stake the next block.
Re. your last paragraph, currently to successfully double-spend a 1-confirmation transaction by finding 2 consecutive blocks, I need to be attempting to stake on top of the last-but-one block. This is likely to result in a loss of income for me, since unless I have a large percentage of the staking weight I'm unlikely to succeed in finding the required 2 blocks. It seems to me that this change makes it easier to double-spend confirmed transactions.
dooglus
commented
Aug 10, 2015
|
Maybe I misunderstand this pull request, but I was thinking that the duplicate stake in step 4 has the effect of cancelling both itself and its twin block. That leaves the coin unspent (on the blockchain, obviously it's still spent in my original transaction) and free for me to double-spend it if I can stake the next block. Re. your last paragraph, currently to successfully double-spend a 1-confirmation transaction by finding 2 consecutive blocks, I need to be attempting to stake on top of the last-but-one block. This is likely to result in a loss of income for me, since unless I have a large percentage of the staking weight I'm unlikely to succeed in finding the required 2 blocks. It seems to me that this change makes it easier to double-spend confirmed transactions. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
sigmike
Aug 10, 2015
Member
Maybe I misunderstand this pull request, but I was thinking that the duplicate stake in step 4 has the effect of cancelling both itself and its twin block.
You're right. The content of the block in step 4 doesn't matter.
currently to successfully double-spend a 1-confirmation transaction by finding 2 consecutive blocks, I need to be attempting to stake on top of the last-but-one block. This is likely to result in a loss of income for me,
What loss of income? The reward of the first block? It would only be delayed.
since unless I have a large percentage of the staking weight I'm unlikely to succeed in finding the required 2 blocks
In both scenarios you need 2 very close valid kernels (in the first scenario you create 3 blocks but you only use 2 kernels).
You're right. The content of the block in step 4 doesn't matter.
What loss of income? The reward of the first block? It would only be delayed.
In both scenarios you need 2 very close valid kernels (in the first scenario you create 3 blocks but you only use 2 kernels). |
sigmike commentedOct 5, 2014
No description provided.