Bitcoin Stack Exchange
Bitcoin Stack Exchange

Questions tagged [transaction-malleability]

A property of Bitcoin transactions that allows them to be replicated with another transaction id before they are included in a block.

Bitcoin transactions have a transaction id (txid) formed as a hash over the data involved in the transaction. That suggests that it is a unique identifier for a transaction.

However, the txid of a transaction is only unique once the exact data in the transaction has been finalized by being incorporated into the blockchain (and confirmed). Until then, there are hacks that allow altering the underlying data and hash. This is not a security issue because it is not possible to alter how many bitcoins are transferred from what input to what output. But details such as what format the transaction’s cryptographic signature takes, or the exact signature script used, can be changed: They are malleable, making the derived hash or transaction id malleable as well.

Wiki derived from answer on What is Transaction Malleability?

94 questions
25
votes
1 answer

What is Transaction Malleability?

The Bitcoin exchange MtGox has stated in this press release that "transaction malleability" caused them to stop sending bitcoins. A recent question asked if it really is an issue. But what is transaction malleability in the first place?
user6049
17
votes
3 answers

Is this "transaction malleability" really an issue?

The well-known Bitcoin exchange Mt.Gox last week suspended all Bitcoin withdrawals because of "technical issues", which today have been better described in this press release. This looks like a serious problem, but is it actually true? Has this…
Massimo
  • 1,048
  • 6
  • 20
12
votes
2 answers

How much of BIP 62 ("Dealing with malleability") has been implemented?

BIP 62 lists nine source of malleability: Non-DER encoded ECDSA signatures Non-push operations in scriptSig Push operations in scriptSig of non-standard size type Zero-padded number pushes Inherent ECDSA signature malleability Superfluous scriptSig…
Rich Apodaca
  • 2,311
  • 2
  • 14
  • 34
12
votes
2 answers

How can I avoid transaction malleability consequences?

Please note that this question is NOT a duplicate of other questions regarding transaction-malleability. My question is regarding a following scenario, that could happen on an exchange that uses on-chain wallet management: user deposits funds on…
mav
  • 220
  • 1
  • 5
12
votes
3 answers

Tx Malleability: Why is the Script not included in the Signed Hash?

Sipa lists sources of tx malleability here: https://gist.github.com/sipa/8907691 It is clear to me how a change in the signature itself or the signature formating leads to a different tx hash (1. & 2.). But why is it allowed to modify the rest (may…
kermit
  • 2,009
  • 1
  • 17
  • 26
12
votes
2 answers

Transaction Malleability in the blockchain

How does a transaction malleability look like in the blockchain? Are there any examples?
D-32
  • 221
  • 1
  • 5
10
votes
1 answer

Why was the Oct 2015 Transaction Malleability event possible in spite of BIP62/66?

The recent re-emergence of transaction malleability has been responsible for a large number of Txs which are being double spent (October 2015). /r/Bitcoin has posted some C++ code which @amaclin has taken responsibility for. I understand that,…
Wizard Of Ozzie
  • 5,268
  • 4
  • 30
  • 63
10
votes
4 answers

Wouldn't the "malleable transaction" attack be foiled by common sense?

I'm trying to understand the malleable transaction attack, as it seems to me that only a rather careless operator would be vulnerable in the first place, as described below. Mainly to clarify my own thoughts, let me describe the attack as I…
Nate Eldredge
  • 22,970
  • 3
  • 39
  • 80
8
votes
1 answer

Using bitcoins JSON RPC, how can I confirm a transaction I published?

I have created, signed and sent a raw transaction via bitcoind RPC. Now I want to wait for it to have n confirmations. Considering transaction malleability, I can't just check the "confirmations" field returned by gettransaction, because the…
lvella
  • 256
  • 2
  • 9
7
votes
3 answers

Why was transaction malleability fix required for Lightning network?

Transaction malleability is that TXID can be changed modifying the signature slightly without the private key. To implement Lightning Network, it was required to fix the malleability. However, I thought that we just wait for 1 confirmation that we…
ogw_yuya
  • 625
  • 4
  • 13
7
votes
2 answers

How do I uniquely identify a transaction (to protect against malleability)?

Transactions I broadcast can be malleated by anyone watching the mempool (more info here). This rules out using txid for transaction identification. How can I identify my transactions to make sure they are tracked by my application, even if the txid…
bvpx
  • 1,132
  • 7
  • 28
7
votes
4 answers

How can I track transactions in a way that is not affected by their malleability?

All the recent problems caused by transaction malleability have brought to the center stage the fact that tracking a transaction id is not good enough. So here is my question, what is good enough? The best I can come up with, is to create my own…
LordOfThePigs
  • 275
  • 1
  • 9
6
votes
1 answer

Spending own generated unconfirmed change in the v.0.9.0 era

Reading about spending own generated unconfirmed change some time ago I stumbled upon this reddit thread that convinced me that doing so is a really bad idea and could prove catastrophic for any business that allows it. Now in the bitcoin core…
Doug Peters
  • 1,366
  • 14
  • 23
6
votes
4 answers

Is it possible to add a transaction input to a transaction in the mempool?

Is it possible to add an input to a transaction that is in the mempool? For example, if someone is paying 1 BTC to their friend, I can get the raw hex data of this transaction from the mempool before it is mined. I can then sign an unspent…
bvpx
  • 1,132
  • 7
  • 28
6
votes
2 answers

How did transaction malleability/DDOS attacks allow an exchange's internal accounting system to get "out of sync"?

This Coindesk article says that: “So as transactions are being created, malformed/parallel transactions are also being created so as to create a fog of confusion over the entire network, which then affects almost every single implementation …
Jacob
  • 61
  • 1
1
2 3 4 5 6 7