This days become popular another "issue" about bitcoin protocol. It's named transaction malleability and it's nothing new in the bitcoin developers world and it has wiki entry https://en.bitcoin.it/wiki/Transaction_Malleability
Why this is interesting and important for online blockchain based games that operate with transactions that have 0 confirmations?
The answer is simple. Third party or players could mess up with the service if listens the service for incoming transactions or is defeated by the service and try to create successful malleable transactions in order to harm it or to increase it's chances for win ( If malleable transaction is accepted then he plays x2 on probability of 75% ).
How to protect your service that operates with 0 confirmations transactions from malleable transactions?
Again answer is quite simple: Determine the play round by inputs txid and not by incoming transaction id.
In the PoC dice script I have created https://github.com/Slavco/dicestart now the play round checking is changed in order to avoid malleable transactions. Notice the code between the comments //prevent transaction malleability and commented old sql queries. That's it.
BTC: 1LuckAsHuFJ3Y59aztSxzHaBtRihc2vDmX
FTC: 6sLaveXfN6Nhi96LVufa4GjrojGnXsbc4w
No comments:
Post a Comment