Duplicated transactions?

Technical Discussion
#1

I don't know if has been the fork or what else but looks like two of my outgoing transactions are duplicated!

Please, note: same transactions, with the same ID, in two different blocks:

ID -5201865932016945000
Hash b7cf427ed8ec7736c4010617013a98f3e8b143b31539193344e18cb20b9d77b5
Transaction Type Outgoing
Sender TA2RTA-J57GHB-RFYL3A-PUGRD5-EQNBW4-PLYJUI-DALH
Recipient TDAQSJ-B67OQ5-7NBY22-ZGLC55-3EMNEA-J3X54Q-UFVM
Message NEM rulez! 
Timestamp Aug 29, 2014 15:26:40
Confirmations 49
Amount 54 321.00 NEM
Fee 6.00 NEM

ID -2807845133072527000
Hash d90887ba62e71155b5ba5bcef6489c8c2159183595907b8654dc7901605a1fdb
Transaction Type Outgoing
Sender TA2RTA-J57GHB-RFYL3A-PUGRD5-EQNBW4-PLYJUI-DALH
Recipient TA7LAM-B337X2-MELJFU-KX3D2L-WYPSYN-VGPI5Z-WW6A
Message NEM rulez! 
Timestamp Aug 29, 2014 15:26:07
Confirmations 49
Amount 54 321.00 NEM
Fee 6.00 NEM

ID -5201865932016945000
Hash b7cf427ed8ec7736c4010617013a98f3e8b143b31539193344e18cb20b9d77b5
Transaction Type Outgoing
Sender TA2RTA-J57GHB-RFYL3A-PUGRD5-EQNBW4-PLYJUI-DALH
Recipient TDAQSJ-B67OQ5-7NBY22-ZGLC55-3EMNEA-J3X54Q-UFVM
Message NEM rulez! 
Timestamp Aug 29, 2014 15:26:40
Confirmations 50
Amount 54 321.00 NEM
Fee 6.00 NEM

ID -2807845133072527000
Hash d90887ba62e71155b5ba5bcef6489c8c2159183595907b8654dc7901605a1fdb
Transaction Type Outgoing
Sender TA2RTA-J57GHB-RFYL3A-PUGRD5-EQNBW4-PLYJUI-DALH
Recipient TA7LAM-B337X2-MELJFU-KX3D2L-WYPSYN-VGPI5Z-WW6A
Message NEM rulez! 
Timestamp Aug 29, 2014 15:26:07
Confirmations 50
Amount 54 321.00 NEM
Fee 6.00 NEM

Blocks 33153 and 33154

#2

This is first serious issue report since start of alpha. Will investigate it…

#3

wow, you definitely deserve a bounty for reporting that :wink:

#4

so is that a double spend?

#5

so is that a double spend?


nope, but that could lead to replay attack. Although circumstances are very specific, so it could be bit more problematic to pull this purposedly.
#6


so is that a double spend?


nope, but that could lead to replay attack. Although circumstances are very specific, so it could be bit more problematic to pull this purposedly.


is a replay attack the same as the supposed "history attack"? you guys have done a majorly impressive job if thats the first somewhat major bug since start of the alpha..
#7



so is that a double spend?


nope, but that could lead to replay attack. Although circumstances are very specific, so it could be bit more problematic to pull this purposedly.


is a replay attack the same as the supposed "history attack"? you guys have done a majorly impressive job if thats the first somewhat major bug since start of the alpha..


No this is not the same. Reply attack that I have in mind looks as follows (it's similar to the one that DrEvil pulled in NXT, but doesn't require any crypto work):

    [li]You send NEMs to exchange[/li]
    [li]You withdraw money from exchange (you need binary transaction, but that is not a big deal)[/li]
    [li](In loop) you re-announce the transaction to the network, in hope that it will be included AGAIN in next block[/li]


    This scenario is quite hard to pull, as there is timing issue involved, and "replied" TX can ONLY be included in next block.

    The attack could be more successful (and way easier to pull) if you have some sensible harvesting power.

    History attack is quite hard to pull in both NXT and NEM as a) you need to have some sensible power/importance b) network will simply switch to one of the forks.
#8




so is that a double spend?


nope, but that could lead to replay attack. Although circumstances are very specific, so it could be bit more problematic to pull this purposedly.


is a replay attack the same as the supposed "history attack"? you guys have done a majorly impressive job if thats the first somewhat major bug since start of the alpha..


No this is not the same. Reply attack that I have in mind looks as follows (it's similar to the one that DrEvil pulled in NXT, but doesn't require any crypto work):

    [li]You send NEMs to exchange[/li]
    [li]You withdraw money from exchange (you need binary transaction, but that is not a big deal)[/li]
    [li](In loop) you re-announce the transaction to the network, in hope that it will be included AGAIN in next block[/li]


    This scenario is quite hard to pull, as there is timing issue involved, and "replied" TX can ONLY be included in next block.

    The attack could be more successful (and way easier to pull) if you have some sensible harvesting power.

    History attack is quite hard to pull in both NXT and NEM as a) you need to have some sensible power/importance b) network will simply switch to one of the forks.


i remember that actually.. that was back when people were hunting the source code flaw bounties right? supposedly someone could have cleaned out the exchange in 6 transactions or something along those lines.. have you guys any plans to do something like what bcnext did in terms of putting in traps or anything to prevent cloning for a while or do you think its even needed? i always thought clones were a good thing cos if loads pop up.. everyone who finds out about the clone finds out about the mother coin..