📅 Original date posted:2015-12-18
📝 Original message:First of all, that's an expensive beer!
Second of all, any consensus rule change risks non-full-validating or
non-upgraded nodes seeing invalid confirmations...but assuming a large
supermajority (i.e. > 95%) of hashing power is behind the new rule, it
is extremely unlikely that very many invalid confirmations will ever be
seen by anyone. The number of confirmations you require depends on your
use case security requirements...and especially during a new rule
activation, it is probably not a good idea for non-validating nodes or
non-upgraded nodes to accept coins with low confirmation counts unless
the risk is accounted for in the use case (i.e. a web hosting provider
that can shut the user out if fraud is later detected).
Third of all, as long as the rule change activation is signaled in
blocks, even old nodes will be able to detect that something is fishy
and warn users to be more cautious (i.e. wait more confirmations or
immediately upgrade or connect to a different node that has upgraded,
etc...)
I honestly don't see an issue here - unless you're already violating
fundamental security assumptions that would make you vulnerable to
exploitation even without rule changes.
- Eric
------ Original Message ------
From: "Jonathan Toomim via bitcoin-dev"
<bitcoin-dev at lists.linuxfoundation.org>
To: "Pieter Wuille" <pieter.wuille at gmail.com>
Cc: "Bitcoin Dev" <bitcoin-dev at lists.linuxfoundation.org>
Sent: 12/17/2015 6:47:14 PM
Subject: Re: [bitcoin-dev] On the security of softforks
>
>On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev
><bitcoin-dev at lists.linuxfoundation.org> wrote:
>
>>1) The risk of an old full node wallet accepting a transaction that is
>>invalid to the new rules.
>>
>>The receiver wallet chooses what address/script to accept coins on.
>>They'll upgrade to the new softfork rules before creating an address
>>that depends on the softfork's features.
>>
>>So, not a problem.
>
>Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob
>runs the old rules. Bob creates a p2pkh address for Mallory to use.
>Mallory takes 1 BTC, and creates an invalid SegWit transaction that Bob
>cannot properly validate and that pays into one of Mallory's wallets.
>Mallory then immediately spends the unconfirmed transaction into Bob's
>address. Bob sees what appears to be a valid transaction chain which is
>not actually valid.
>
>Clueless Carol is one of the 4.9% of miners who forgot to upgrade her
>mining node. Carol sees that Mallory included an enormous fee in his
>transactions, so Carol makes sure to include both transactions in her
>block.
>
>Mallory gets free beer.
>
>Anything I'm missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20151218/a519b123/attachment.html>;
Eric Lombrozo [ARCHIVE] /
npub1az…t2krq
2023-06-07 19:46:46
in reply to nevent1q…l6kd
Author Public Key
npub1azvhdrf9fu6n0tm7yez4j6zcxcedp2ct6nrcq3z74naqs7kgpk8s5t2krqPublished at
2023-06-07 19:46:46Event JSON
{
"id": "f45089a536e940ae3618547977b717efeeeead1a872af83da23bd5d95f3853fa",
"pubkey": "e899768d254f3537af7e26455968583632d0ab0bd4c780445eacfa087ac80d8f",
"created_at": 1686160006,
"kind": 1,
"tags": [
[
"e",
"98cf2e35838fa134ae6f1ae02856ea7c4d6d5aae2f9a5a6272379073f8e32519",
"",
"root"
],
[
"e",
"c850edd94e1d0665e3adbff61d2729124c34ccf5286863b8817a583b68078368",
"",
"reply"
],
[
"p",
"0ff56c09ef879c89ea04bfa2d5f5e0d96000ed6eaf5ac38e7b538a9d92767569"
]
],
"content": "📅 Original date posted:2015-12-18\n📝 Original message:First of all, that's an expensive beer!\n\nSecond of all, any consensus rule change risks non-full-validating or \nnon-upgraded nodes seeing invalid confirmations...but assuming a large \nsupermajority (i.e. \u003e 95%) of hashing power is behind the new rule, it \nis extremely unlikely that very many invalid confirmations will ever be \nseen by anyone. The number of confirmations you require depends on your \nuse case security requirements...and especially during a new rule \nactivation, it is probably not a good idea for non-validating nodes or \nnon-upgraded nodes to accept coins with low confirmation counts unless \nthe risk is accounted for in the use case (i.e. a web hosting provider \nthat can shut the user out if fraud is later detected).\n\nThird of all, as long as the rule change activation is signaled in \nblocks, even old nodes will be able to detect that something is fishy \nand warn users to be more cautious (i.e. wait more confirmations or \nimmediately upgrade or connect to a different node that has upgraded, \netc...)\n\nI honestly don't see an issue here - unless you're already violating \nfundamental security assumptions that would make you vulnerable to \nexploitation even without rule changes.\n\n- Eric\n\n------ Original Message ------\nFrom: \"Jonathan Toomim via bitcoin-dev\" \n\u003cbitcoin-dev at lists.linuxfoundation.org\u003e\nTo: \"Pieter Wuille\" \u003cpieter.wuille at gmail.com\u003e\nCc: \"Bitcoin Dev\" \u003cbitcoin-dev at lists.linuxfoundation.org\u003e\nSent: 12/17/2015 6:47:14 PM\nSubject: Re: [bitcoin-dev] On the security of softforks\n\n\u003e\n\u003eOn Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev \n\u003e\u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e\n\u003e\u003e1) The risk of an old full node wallet accepting a transaction that is\n\u003e\u003einvalid to the new rules.\n\u003e\u003e\n\u003e\u003eThe receiver wallet chooses what address/script to accept coins on.\n\u003e\u003eThey'll upgrade to the new softfork rules before creating an address\n\u003e\u003ethat depends on the softfork's features.\n\u003e\u003e\n\u003e\u003eSo, not a problem.\n\u003e\n\u003eMallory wants to defraud Bob with a 1 BTC payment for some beer. Bob \n\u003eruns the old rules. Bob creates a p2pkh address for Mallory to use. \n\u003eMallory takes 1 BTC, and creates an invalid SegWit transaction that Bob \n\u003ecannot properly validate and that pays into one of Mallory's wallets. \n\u003eMallory then immediately spends the unconfirmed transaction into Bob's \n\u003eaddress. Bob sees what appears to be a valid transaction chain which is \n\u003enot actually valid.\n\u003e\n\u003eClueless Carol is one of the 4.9% of miners who forgot to upgrade her \n\u003emining node. Carol sees that Mallory included an enormous fee in his \n\u003etransactions, so Carol makes sure to include both transactions in her \n\u003eblock.\n\u003e\n\u003eMallory gets free beer.\n\u003e\n\u003eAnything I'm missing?\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20151218/a519b123/attachment.html\u003e",
"sig": "5845c03ee17b950eac05e16c0fc7fca4b739ffec6655d24fecb9669634dbeeaeb58bbb5a2a5c4268232d73251742d6d8dfed71af0cd915aa3c4167b46002c137"
}