Hacker News new | ask | show | jobs
by altoz 3182 days ago
If you're transacting with an exchange or a merchant and accidentally send both coins (as a result of a replay attack) instead of one, they're going to give it back. It's not nearly the disaster this article makes it out to be.

The only case where this is a problem are business to consumer transactions and p2p txs both of which you rarely do, if ever if you use BTC as a store of value.
1 comments
tfha 3182 days ago
It's not that simple. Once a transaction gets confirmed on one chain, it's permanently able to be spent on the other. If, due to fees or other reasons, that transaction is not confirmed quickly, the merchant may not be able to return the funds.

Also, automated system may have no way of handling it if those automated systems are not upgraded. Which means a merchant could end up with thousands of payments that they have to manually fix. And, those merchants will be forced into adopting the new software to correct the issue, they will have no choice to o ignore it.

It FORCES every deployed system in the entire ecosystem to upgrade, even systems that don't consent to the change. That's absolutely unacceptable.

link
altoz 3182 days ago
> Once a transaction gets confirmed on one chain, it's permanently able to be spent on the other.

That's simply not true. If the utxo gets spent on the other chain, the two coins are permanently split.

> Also, automated system may have no way of handling it if those automated systems are not upgraded. Which means a merchant could end up with thousands of payments that they have to manually fix. And, those merchants will be forced into adopting the new software to correct the issue, they will have no choice to o ignore it.

And incur legal liability? Businesses will gladly do lots of manual work to avoid thousands of lawsuits.

Fact is, it's really only a problem for the businesses and even without any replay protection, they can very easily split coins by using either post-split coinbase coins or any coins ever mixed with any post-split coinbase coins.

link
tfha 3182 days ago
> And incur legal liability? Businesses will gladly do lots of manual work to avoid thousands of lawsuits.

Pretty sure that forcing thousands of businesses to upgrade their systems to avoid defrauding users is grounds for a lawsuit itself.

Imagine if Google, Apple, and Microsoft teamed up to make an incompatible change to web browsers that broke all existing websites and exposed all of the users of those websites to risk of finical loss of the website admins did not perform an upgrade.

Who is liable? The admins who didn't even realize an upgrade was required, or Google, Microsoft, and Apple for creating the situation?

link