Hacker News new | ask | show | jobs
by yetfeo 4504 days ago
> It's a non-issue in so far as it does not prevent bitcoin from working as it should if you do implement things as the original client does it

This is not correct. The original client gets one edge case wrong and it is this that is causing the issue with most of the exchanges that use it: http://www.reddit.com/r/Bitcoin/comments/1xm49o/due_to_activ...
1 comments
maaku 4504 days ago
Yes, but the bitcoind reference client fails safely: the child transactions are orphaned and no funds are lost. It's behavior alone is not exploitable.
link
yetfeo 4504 days ago
Unfortunately it does not fail completely safely. The change transaction seems to still be available for coin selection and causes sends to fail. The getbalance command shows an incorrect balance due to counting the change address twice - once in the double spend and once in the accepted. The accounts system also has balances messed up which some merchant sites rely on.

It is not "lose money" exploitable (unless combined with social engineering) but is definitely "lose time, lose effort" exploitable.

link