š
Original date posted:2014-06-17
š Original message:quote:
> Mike Hearn, why don't we just have all nodes report attempted double spends
> through the node network. No need to involve the miners at all really, or
> do your suggestion but also report the double spend attempt. By waiting
> maybe 10-60 seconds (instead of 10 minutes for first conf), merchants can
> be more sure that a double spend attack was not tried. Attacker would have
> to hold back second tx by 10-60 seconds and hope that that second tx (with
> higher fee) get's into a solved block before the first one. This forced
> delay time ought to make the attack less successful (but not impossible).
>
What prevents the following steps from happening:
1. attacker sends first transaction, paying to the merchant
2. merchant waits 10-60 seconds
3. merchant confirms the payment as received
4. attacker sees merchant's confirmation
5. attacker sends double spend
The security improvement seems to be pretty much exactly the chance
that during the 10-60 seconds, a block is solved. Am I missing
something?
Regarding "reporting double spends", this would only help if it comes
with some kind of penalty for the double spend. Now what if the double
spend was not done on malicious motives? Maybe someone posted a
transaction which does not confirm for some reason, and wants to
recover his funds? Should we regard transactions which do not confirm
as forever lost, in order to get to an "every double spend is a
misbehaviour" policy?
Best regards,
Isidor
Isidor Zeuner [ARCHIVE] /
npub1wzā¦2jvxz
2023-06-07 15:22:49
in reply to nevent1qā¦j66w
Author Public Key
npub1wz2sm8h4ylh9dn28688vjzwrmhaxnh3jl04p8jk3qeq7umwf8cus72jvxzPublished at
2023-06-07 15:22:49Event JSON
{
"id": "57d2ac39a63b385baff297f341bebbc2c58226afaa406919b0f506e7f9b55148",
"pubkey": "70950d9ef527ee56cd47d1cec909c3ddfa69de32fbea13cad10641ee6dc93e39",
"created_at": 1686151369,
"kind": 1,
"tags": [
[
"e",
"ed0eede28e160c2ef8ddd5af1ee3069fdb0eb5f4c939c1c09a1a5f338c30c628",
"",
"root"
],
[
"e",
"5f3d5af0e2582ad04e945e4fed5f6e52a0d2dd83d84fecb33dcf557e1c43fb3c",
"",
"reply"
],
[
"p",
"dc329a02c970aabf03b87185ef51c86afe4586fe3a148508af898af3fabc56a3"
]
],
"content": "š
Original date posted:2014-06-17\nš Original message:quote:\n\u003e Mike Hearn, why don't we just have all nodes report attempted double spends\n\u003e through the node network. No need to involve the miners at all really, or\n\u003e do your suggestion but also report the double spend attempt. By waiting\n\u003e maybe 10-60 seconds (instead of 10 minutes for first conf), merchants can\n\u003e be more sure that a double spend attack was not tried. Attacker would have\n\u003e to hold back second tx by 10-60 seconds and hope that that second tx (with\n\u003e higher fee) get's into a solved block before the first one. This forced\n\u003e delay time ought to make the attack less successful (but not impossible).\n\u003e\n\nWhat prevents the following steps from happening:\n\n1. attacker sends first transaction, paying to the merchant\n\n2. merchant waits 10-60 seconds\n\n3. merchant confirms the payment as received\n\n4. attacker sees merchant's confirmation\n\n5. attacker sends double spend\n\nThe security improvement seems to be pretty much exactly the chance\nthat during the 10-60 seconds, a block is solved. Am I missing\nsomething?\n\nRegarding \"reporting double spends\", this would only help if it comes\nwith some kind of penalty for the double spend. Now what if the double\nspend was not done on malicious motives? Maybe someone posted a\ntransaction which does not confirm for some reason, and wants to\nrecover his funds? Should we regard transactions which do not confirm\nas forever lost, in order to get to an \"every double spend is a\nmisbehaviour\" policy?\n\nBest regards,\n\nIsidor",
"sig": "937c70aa716112cddbed7698d9d6d21336187d3be2a04c5d332399e410375e7ab02e7f7a2d4fe7bb22317e961fd456665f26aa2f2c65cffca330daf995b13caa"
}