Slashdot Mirror

← Back to Stories (view on slashdot.org)

Surrogate Database Key, Not Bitcoin Protocol Flaw, To Blame For Mt Gox Problems

Posted by Unknown on from the third-normal-form-isn't-that-hard-people dept.

An anonymous reader writes "Bitcoin values dropped sharply over the weekend after the largest trading exchange, MtGox, revealed that an investigation into unusual trading activity turned up a flaw in the underlying Bitcoin software that allowed an attacker to double withdrawal a transaction" Not so fast according to database experts: the real problem is that Mt Gox (and other exchanges) are using a surrogate transaction id rather than a natural key in their databases: "The flaw isn't so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn't. The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins. ... A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the (amount, address, timestamp) instead."

14 of 81 comments (clear)

  1. Wait... by fuzzyfuzzyfungus · · Score: 5, Funny

    So a site with strong experience in trading Magic cards wasn't quite ready to handle the combined rigors of cryptography and finance?

    The world is just full of surprises....

    1. Re:Wait... by Ritz_Just_Ritz · · Score: 4, Interesting

      Indeed. MtGox has been tainted with (at best) incompetence or (at worst) fraud for quite some time now. It could potentially be both.

      In any case, bitcoin owners/miners have voted with their feet to the extent possible and MtGox has gone from the largest to one of the smaller players in the bitcoin exchange arena. There are still quite a few unfortunate folks with their funds trapped within MtGox. We'll see if those funds are eventually released or become part of an eventual bankruptcy proceeding. That might be great in the longer term since the courts will eventually sort out the role of BTC in the world of finance, but it might be bad for people who put their trust in one of the early exchanges.

      Time will tell.

    2. Re:Wait... by suso · · Score: 3, Funny

      You're posting this comment on a site that was once called "Chips and Dips".

    3. Re:Wait... by telchine · · Score: 4, Funny

      You're posting this comment on a site that was once called "Chips and Dips".

      It's still called Chips and Dips for me. I hated the change, so I resisted it as part of the FuckSlashdot campaign. I set up a personal proxy to automatically rebrand each page load back to Chips and Dips and it's been like that ever since!

  2. Not for MtGox but kinda agree by JcMorin · · Score: 4, Insightful

    Many pro bitcoin will hate me for saying that, but the transaction ID should not be change and once published it's value should be considered safe to check if a transaction is part of the blockchain or not. All the crap related to 3rd party modifying Sign script is pretty idiot compare the power for having a single ID to track a transaction. That said, this give no excuse for Mt Gox to not release the funds, the problem is not new, not even to them, and probably hide a much bigger financial problem.

    1. Re:Not for MtGox but kinda agree by edibobb · · Score: 3, Informative

      Here's a good explanation:
      http://blog.blockchain.info/20...

      Slashdot is broken. It won't let me post because it thinks I just posted, and it won't tell me how long to wait. For the past 5 minutes it has said it's been 3 minutes since my last post. Maybe it's some kind of space-time warp.

    2. Re:Not for MtGox but kinda agree by JesseMcDonald · · Score: 2

      The tx-id does, in fact, uniquely identify a particular transaction. It's basically just the hash of the completed transaction record. The problem is that it isn't the entire transaction record that you're signing when you send bitcoins, just the input you provided and the set of outputs. This is done so that multiple independent parties can all contribute to the same transaction, but it also means that someone can modify other fields to create a new, equally valid transaction with the same inputs and outputs but a different tx-id.

      Rather than the tx-id or the rather arbitrary (amount, address, timestamp) tuple recommended in the article, exchanges should be using the same data they signed to identify the transaction in the blockchain. The simplest way to do that would be to index the table on the signature itself. When a transaction shows up in the blockchain with that signature on one of the inputs you know the transfer went through, regardless of the eventual tx-id.

      --
      "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  3. I'm sure glad they're working out all the bugs in by oscrivellodds · · Score: 3, Insightful

    Bitcoin with other people's money and not mine!

  4. History doomed to repeat itself by Anonymous Coward · · Score: 2, Insightful

    Funny how the currency is only as good as the institutions supporting it. (In this case the exchanges)

    Lets not kid around. Bitcoin was created with the intention of getting around existing laws and regulations regarding currency. The philosophy behind this idea suggests that these things are unnecessary and represent others stealing your money.

    Not saying the banks and money regulations are completely without flaws, but they do have some damn good reasons for being there.

  5. An obscure bug in the bitcoin protocol by Anonymous Coward · · Score: 5, Interesting

    A bitcoin transaction comprises 3 parts:
    Transaction data - Source, destination, amount and timestamp
    An ECDSA signature signed with the private key of the source
    A transaction ID.

    The transaction ID is generated as the cryptographic hash of the transaction data and signature.

    The problem comes with how ECDSA signatures are formatted. A signature is essentially a large integer of undefined length. Industry standards are that the signature should be written with no zero padding - i.e. the first byte should be non-zero. In practice, many software implementations would define a fixed length field and zero-pad signature.

    The signature would still be valid even if zero padded. However, the transaction ID which is a hash of the transaction data and signature would change.

    Early versions of the bitcoin daemon would accept padded signatures, but this bug was fixed a couple of years ago, and transactions submitted to the network with excessive signature padding would be rejected as invalid.

    Mt Gox used in-house bitcoin client software which for a long time continued to pad their transaction signatures, even after the bitcoin developers issued an alert to users, resulting in failed or delayed (if the first node to receive the transaction broadcast was running on old daemon which would accept the transaction, the transaction would be validated and accepted; therefore a semi-invalid transaction may succeed after a number of retries) withdrawal transactions.

    Finally, the thing that really screwed things up was that 3rd parties (possibly early adopters with large amounts of bitcoin at Mt Gox) recognised the bug, and provided a workaround for Gox's broken software. Their software acted as transaction relay nodes, and when it received a broken transaction from Gox would rewrite the signature in the correct form, and compute a new transaction ID, before re-broadcasting the transaction.

    The result was that Gox's withdrawral problems disappeared for a number of months - until Gox's client went out of sync with the bitcoin network, as it was trying to spend coins that had previously been spent by transactions that it thought had failed.

    Captcha: bugged

  6. The Dollar by Anonymous Coward · · Score: 2, Insightful

    Then please don't read how the dollar works. You won't be able to sleep at night.

  7. Re:Dropped sharply? Yes, but... by mlw4428 · · Score: 2

    And? It highlights the real issue with the proposed "value" of this currency. It's not stable, it's not backed by any meaningful entity, and its value is an illusion created by Libertarians and gov't conspiracy nuts who love to circle-jerk each other that somehow currency can just appear out of thin air...like magic. You can argue a fiat currency system, but it means a lot more when a massive nation (or group of nations) back that currency and will use military force to ensure it stays around.

  8. unbelievable by slashmydots · · Score: 2, Insightful

    I can't believe whoever wrote the original code didn't catch this. It seems pretty database 101 class to me. Even the non-programmers had to take that class at my college and it always taught that you don't base a primary key in a table (or use as a unique ID in code) a value which isn't necessarily unique or can change. It's almost the same thing as not using as the primary data table key a compound key of last name, first name, and middle initial. First of all, it can change. Secondly, it can be repeated. That's basics, people. This isn't too far from that.

    1. Re:unbelievable by Troed · · Score: 2

      It's been known and well documented since 2011. It's in the wiki. What programmer does not study the API documentation when implementing a multi-million dollar service?

      https://bitcointalk.org/index....

      An incompetent one. The transaction id is an id of that specific transaction. If another transaction is created with the same inputs and outputs is a new transaction, thus a new transaction id.

      (A better id to use if you want to track actual transfers is a hash over the sorted input and output adresses)

      --
      it's in my head