Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Databases Bitcoin

Surrogate Database Key, Not Bitcoin Protocol Flaw, To Blame For Mt Gox Problems 81

An anonymous reader writes "Bitcoin values dropped sharply over the weekend after the largest trading exchange, MtGox, revealed that an investigation into unusual trading activity turned up a flaw in the underlying Bitcoin software that allowed an attacker to double withdrawal a transaction" Not so fast according to database experts: the real problem is that Mt Gox (and other exchanges) are using a surrogate transaction id rather than a natural key in their databases: "The flaw isn't so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn't. The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins. ... A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the (amount, address, timestamp) instead."
This discussion has been archived. No new comments can be posted.

Surrogate Database Key, Not Bitcoin Protocol Flaw, To Blame For Mt Gox Problems

Comments Filter:
  • Wait... (Score:5, Funny)

    by fuzzyfuzzyfungus ( 1223518 ) on Monday February 10, 2014 @07:46PM (#46214053) Journal
    So a site with strong experience in trading Magic cards wasn't quite ready to handle the combined rigors of cryptography and finance?

    The world is just full of surprises....
    • Re:Wait... (Score:5, Interesting)

      by Ritz_Just_Ritz ( 883997 ) on Monday February 10, 2014 @08:06PM (#46214171)

      Indeed. MtGox has been tainted with (at best) incompetence or (at worst) fraud for quite some time now. It could potentially be both.

      In any case, bitcoin owners/miners have voted with their feet to the extent possible and MtGox has gone from the largest to one of the smaller players in the bitcoin exchange arena. There are still quite a few unfortunate folks with their funds trapped within MtGox. We'll see if those funds are eventually released or become part of an eventual bankruptcy proceeding. That might be great in the longer term since the courts will eventually sort out the role of BTC in the world of finance, but it might be bad for people who put their trust in one of the early exchanges.

      Time will tell.

      • by Anonymous Coward

        Yep, when you ask to withdraw large funds in $USD they just claim there is problems with the system, leave you hanging for months, but it is very easy to deposit money if one wishes. Mt Gox is a scam, i found that out first hand. However, bitcoin itself might be ok.. as long as bitcoins can be transferred and funds can easily be withdrawn from another exchange otherwise I feel the currency is largely valueless if one wants anything other than tech goods online.

        • Apparently you didn't bother to read the summary. The problem is not withdrawing other currencies, that is still the same as it was. The problem is withdrawing bitcoin.
    • Re:Wait... (Score:4, Funny)

      by suso ( 153703 ) * on Monday February 10, 2014 @09:36PM (#46214633) Journal

      You're posting this comment on a site that was once called "Chips and Dips".

      • by faedle ( 114018 )

        .. and that's still a pretty accurate description of the contents.

      • Re:Wait... (Score:5, Funny)

        by telchine ( 719345 ) on Tuesday February 11, 2014 @06:18AM (#46216327)

        You're posting this comment on a site that was once called "Chips and Dips".

        It's still called Chips and Dips for me. I hated the change, so I resisted it as part of the FuckSlashdot campaign. I set up a personal proxy to automatically rebrand each page load back to Chips and Dips and it's been like that ever since!

      • You're posting this comment on a site that was once called "Chips and Dips".

        And, until Beta, I was pretty confident that they were up to the challenge of accepting and then displaying comments...

    • by jythie ( 914043 )
      /thread
  • by JcMorin ( 930466 ) on Monday February 10, 2014 @07:46PM (#46214055)
    Many pro bitcoin will hate me for saying that, but the transaction ID should not be change and once published it's value should be considered safe to check if a transaction is part of the blockchain or not. All the crap related to 3rd party modifying Sign script is pretty idiot compare the power for having a single ID to track a transaction. That said, this give no excuse for Mt Gox to not release the funds, the problem is not new, not even to them, and probably hide a much bigger financial problem.
    • Pretty much this. There should be no way to change an ID. It's called an ID for a f***king reason.

      And (amount, address, timestamp) as a key? That's funny sh*t right thar!

      • It's called an ID for a f***king reason.

        And (amount, address, timestamp) as a key? That's funny sh*t right thar!

        I mostly agree, but only because of the timestamp. Timestamps make poor keys for various reasons. A little trivia: that's my blog post :-).

      • The tx-id does, in fact, uniquely identify a particular transaction. It's basically just the hash of the completed transaction record. The problem is that it isn't the entire transaction record that you're signing when you send bitcoins, just the input you provided and the set of outputs. This is done so that multiple independent parties can all contribute to the same transaction, but it also means that someone can modify other fields to create a new, equally valid transaction with the same inputs and outpu

    • Can someone explain to me why a third part can channge an id? Is this a feature (if so what use would it have), or an exploit that wasn't found out about until recently and it is part of the core and too difficult to fix?
      I skimmed over the article and it said something abotu it being known since 2011.. which if that is the case then why not fixed and or publiciced better? as it seems like a major issue.

      I would always think using something like a transaction id to be safe to use to you know, IDENTIFY the tra
      • by edibobb ( 113989 ) on Monday February 10, 2014 @08:27PM (#46214305) Homepage
        Here's a good explanation:
        http://blog.blockchain.info/20... [blockchain.info]

        Slashdot is broken. It won't let me post because it thinks I just posted, and it won't tell me how long to wait. For the past 5 minutes it has said it's been 3 minutes since my last post. Maybe it's some kind of space-time warp.
      • by Anonymous Coward on Monday February 10, 2014 @08:32PM (#46214333)

        A bitcoin transaction comprises 3 parts:
        Transaction data - Source, destination, amount and timestamp
        An ECDSA signature signed with the private key of the source
        A transaction ID.

        The transaction ID is generated as the cryptographic hash of the transaction data and signature.

        The problem comes with how ECDSA signatures are formatted. A signature is essentially a large integer of undefined length. Industry standards are that the signature should be written with no zero padding - i.e. the first byte should be non-zero. In practice, many software implementations would define a fixed length field and zero-pad signature.

        The signature would still be valid even if zero padded. However, the transaction ID which is a hash of the transaction data and signature would change.

        Early versions of the bitcoin daemon would accept padded signatures, but this bug was fixed a couple of years ago, and transactions submitted to the network with excessive signature padding would be rejected as invalid.

        Mt Gox used in-house bitcoin client software which for a long time continued to pad their transaction signatures, even after the bitcoin developers issued an alert to users, resulting in failed or delayed (if the first node to receive the transaction broadcast was running on old daemon which would accept the transaction, the transaction would be validated and accepted; therefore a semi-invalid transaction may succeed after a number of retries) withdrawal transactions.

        Finally, the thing that really screwed things up was that 3rd parties (possibly early adopters with large amounts of bitcoin at Mt Gox) recognised the bug, and provided a workaround for Gox's broken software. Their software acted as transaction relay nodes, and when it received a broken transaction from Gox would rewrite the signature in the correct form, and compute a new transaction ID, before re-broadcasting the transaction.

        The result was that Gox's withdrawral problems disappeared for a number of months - until Gox's client went out of sync with the bitcoin network, as it was trying to spend coins that had previously been spent by transactions that it thought had failed.

        Captcha: bugged

        • Thank you very much that clears it up. I actually tried reading a few articles and none of them made any sense, or didn't explain what was wrong or what gox was doing wrong.
      • From what I understand, it goes like this: The concept of a double spend is to try and spend the same money in two transactions. The bitcoin protocol has its way of dealing with it, pretty much by only one of those transactions succeeding. In this case, some nefarious entity submits the same transaction with all of the same details, but a different transaction ID. IF luck is in their favor, the protocol will chose their block instead of the one from the exchange. The nefarious entity then says "My money nev
    • If they are sending out more funds for withdraws than bringing in for total sales and commission then yes they are now running a Ponzi scheme. They now have less funds to give back out than what was given to them, people at the top of the scheme cash out, people at the bottom are left holding the digital poo of bitcoin. To try and prevent a mass exodus or lawsuits, they delay all withdraws until they have enough to satisfy the loudest complainers first that had the most to lose. Everyone else with a small a
  • by oscrivellodds ( 1124383 ) on Monday February 10, 2014 @07:48PM (#46214063)

    Bitcoin with other people's money and not mine!

  • The reason behind it doesn't matter anywhere near as much as that it happened and is high profile. It is like being arrested for a sex crime, especially child molestation. Even if one is proven innocent beyond a shadow of a doubt, one's life will be changed beyond recovery. Every time someone searches one's name online, that arrest will pop up and inject doubt.

    As the events happen, they eat away at the credibility of not just the individual people and companies involved but also BitCoin. It shows how easy
  • by Anonymous Coward

    Funny how the currency is only as good as the institutions supporting it. (In this case the exchanges)

    Lets not kid around. Bitcoin was created with the intention of getting around existing laws and regulations regarding currency. The philosophy behind this idea suggests that these things are unnecessary and represent others stealing your money.

    Not saying the banks and money regulations are completely without flaws, but they do have some damn good reasons for being there.

    • by jythie ( 914043 )
      Well, yes and no. While it is hard to say what the original developer had in mind for sure, the user base has a variety of motivations behind it, some of which match up very well with what you said, others not so much.

      For instance, I am in the 'payment method' camp. Since BTC is a push rather then pull protocol where you transfer money to a merchant rather then giving a merchant your special numbers and they transfer it from your account, I believe that could really cut down on many of the problems with
    • by TheCarp ( 96830 )

      > Lets not kid around. Bitcoin was created with the intention of getting around existing laws and
      > regulations regarding currency. The philosophy behind this idea suggests that these things are
      > unnecessary and represent others stealing your money.

      Actually I believe it suggests far more distrust in a central authority and the Fed. You don't have to go too far into the anti-Fed conspiracy nutjob side of things to question whether it is too much power or too corrupting. I mean, even if you accept tha

  • Time to buy (Score:2, Insightful)

    When they go back up tomorrow I can make a weeks worth of money in 1 day :-)

    • Comment removed based on user account deletion
    • Why not go do something useful with your time, try to make money by creating actual value in the world, rather than surrounding yourself with get-rich-quick schemers, scammers, and thieves in the bitcoin world, hoping to score big?

      • Comment removed based on user account deletion
        • Understood, and of course people have a right to make money however they see fit.

          Won't stop me from trying to plant the seeds of thought though. I'd be happier if there were fewer people operating from greed and more people trying to enrich themselves and their surrounding in more creative ways, so I don't mind trying to make the point and see if it resonates.

          • Understood, and of course people have a right to make money however they see fit.

            Won't stop me from trying to plant the seeds of thought though. I'd be happier if there were fewer people operating from greed and more people trying to enrich themselves and their surrounding in more creative ways, so I don't mind trying to make the point and see if it resonates.

            I don't think it's "greed" as much as it's the belief that you're a nobody and a loser if you aren't materialistic, if you don't work so many hours making money that you no longer have the time to enjoy the money you have made, if you don't have the wealth and status to control others. The old vice of greed is really only one component of the problem. A lot of the participants aren't strictly greedy, they just don't know any other way to "be somebody".

      • Why not go do something useful with your time, try to make money by creating actual value in the world, rather than surrounding yourself with get-rich-quick schemers, scammers, and thieves in the bitcoin world, hoping to score big?

        Because you have to eat. If you aren't independently wealthy, the best you can hope is to be treated as a valuable asset in someone else's get-rich schemes. But even that severely limits your options - you'll end up inventing microsecond trading algorithms instead of medical mole

  • by Anonymous Coward

    ... it raised up again with the same speed, if not more. Less that 24h after the FUD announcement by MtGox, Bitcoin value is already recovered and rising. See: http://bitcoinwisdom.com/markets/bitstamp/btcusd

    • And? It highlights the real issue with the proposed "value" of this currency. It's not stable, it's not backed by any meaningful entity, and its value is an illusion created by Libertarians and gov't conspiracy nuts who love to circle-jerk each other that somehow currency can just appear out of thin air...like magic. You can argue a fiat currency system, but it means a lot more when a massive nation (or group of nations) back that currency and will use military force to ensure it stays around.
    • Comment removed based on user account deletion
  • unbelievable (Score:3, Insightful)

    by slashmydots ( 2189826 ) on Monday February 10, 2014 @09:51PM (#46214683)
    I can't believe whoever wrote the original code didn't catch this. It seems pretty database 101 class to me. Even the non-programmers had to take that class at my college and it always taught that you don't base a primary key in a table (or use as a unique ID in code) a value which isn't necessarily unique or can change. It's almost the same thing as not using as the primary data table key a compound key of last name, first name, and middle initial. First of all, it can change. Secondly, it can be repeated. That's basics, people. This isn't too far from that.
    • by JcMorin ( 930466 )
      Having a transaction Id that changed after being produce from the original broadcast is not basic nor expected/standard. Call it what you want, and ID should be unique and permanent...
  • It's built into the protocol, and always will be. Everyone who uses Bitcoin needs to be aware of this limitation!
  • ...is to not buy into the virtual currency fad to begin with.

    Bitcoins are the collectable of the moment - it's like the comic book bubble. Sure, really old comics (like 1940's) remain valuable as artistic artifacts (issues that only exist in single or double digits in known quantity in the world), but you can pretty much get any comic from 1990 on for cover price at this point with very few exceptions, and even 60's/70's stuff for $20-30 now that all used to go for $100's in the 90's during the boom.

    O

    • by Anonymous Coward

      "because 100 Bitcoins can't even buy you a cup of coffee in 99.99999999...% of the world."

      Sir, for 100 BTC I will deliver you personally a yearly supply of coffey, anywhere in the world (including active war zones etc)

  • Better use a fucking high resolution timestamp.

    (The number of times I've seen systems fall over because some idiot thought two things can't happen in the same second/millisecond/microsecond....)

  • Really? Simple workaround? Using a unique ID is the only real option, and the problem has more to do with the ability of the "attacker" to change the transaction ID. If I write someone a check and the check numbers don't match my records then I know I have to examine the records. How do these Banking Anarchists think our mishmash of Bank databases with a Central Bank work?

    Oh that's how "Real" banking works. We can't be seen doing something that "Real" banks have to do. We're against the man, and bank data

Basic is a high level languish. APL is a high level anguish.

Working...