Ask HN: How to "defend" against Transaction malleability?

2 points by tonylampada 12 years ago | 1 comment

After reading https://news.ycombinator.com/item?id=7244191 I think my website got affect by this. What's the best way to defend against it?

freedomsponsors.org is a crowdfunding service for open source software where "sponsors" can send Bitcoins to programmers for solving issues.

As soon as we confirm we received bitcoins from a sponsor, we keep a 3% fee send the rest to the programmer, using a Python API.

Sending through the API returns a transaction hash that we store in our database.

Later FS receives a notification with transaction details. If that notification contains a transaction hash that doesn't match anything on the database, freedomsponsors.org sends me an email that basically says: "HEADS UP: Blockchain is telling me there is an outgoing transaction that I don't know about, here is the transaction details...".

freedomsponsors.org is open source on Github, and the related code is here http://bit.ly/1bA2eiQ

Today, I got two of those emails and boy did that freak me out! I thought someone was stealing my coins. Only later I could investigate and understand what happened:

Transaction created by FS (hash returned by the API):

hash = 18311e095c3d8426025ab87fae87e988e1fbad09ba01db32586d066fc28ba87d

amount = 0.01570000

from = 14LkZoYgcheQCkj1mk6oEKqDsxcKHNAT7q

to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW

That hash cannot be found in the blockchain anymore. Instead there's

hash = a76f239a327e8b61f7c3f942d52066696c58ad13fb19e4ec7f523a342a12db59

amount = 0.01569999

from/to = the same

So... I can't trust transaction hashes anymore, is that it? Should I verify transactions based on "from" and "to" then? Or is there any more reliable way of telling whether money I sent has reached the wallet on the other side?

Thanks!

kens 12 years ago |

I'm not sure what is going on here, but it's not malleability, since malleability can't change the amount.

In addition, the transaction in the blockchain hasn't been modified by the malleability attack, since the script starts with 47 not 4d (i.e. regular push not modified OP_PUSHDATA2): https://blockchain.info/rawtx/a76f239a327e8b61f7c3f942d52066...

It looks to me like a floating point rounding error somewhere in the FS API changed the amount and thus the hash between the transaction that was sent to you and the transaction sent into the Bitcoin network. The difference is too small to be explained by fees.

Do you have any evidence that the first transaction ever existed at all? I'd expect it to show up as unconfirmed on blockchain.info or blockexplorer.com for a while if it ever went out to the network.