An anonymous reader writes "Bitcoin values dropped sharply over the weekend after the largest trading exchange, MtGox, revealed that an investigation into unusual trading activity turned up a flaw in the underlying Bitcoin software that allowed an attacker to double withdrawal a transaction" Not so fast according to database experts: the real problem is that Mt Gox (and other exchanges) are using a surrogate transaction id rather than a natural key in their databases: "The flaw isn't so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn't. The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins. ... A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the (amount, address, timestamp) instead." http://a.fsdn.com/sd/twitter_icon_large.png (http://twitter.com/home?status=Surrogate+Database+Key%2C+Not+Bitcoin+ Protocol+Flaw%2C+To+Blame+For+Mt+Gox+Problems%3A+h ttp%3A%2F%2Fbit.ly%2FNwt4O0) http://a.fsdn.com/sd/facebook_icon_large.png (http://www.facebook.com/sharer.php?u=http%3A%2F%2Fdevelopers.slashdot.org% 2Fstory%2F14%2F02%2F11%2F0015242%2Fsurrogate-database-key-not-bitcoin-protocol-flaw-to-blame-for-mt-gox-problems%3Futm_source%3Dslashdot%26utm_medium%3Dfa cebook) http://www.gstatic.com/images/icons/gplus-16.png (http://plus.google.com/share?url=http://developers.slashdot.org/story/14/02/11/0015242/surrogate-database-key-not-bitcoin-protocol-flaw-to-blame-for-mt-gox-problems?utm_source=slashdot&utm_medium=googleplus)

Read more of this story (http://developers.slashdot.org/story/14/02/11/0015242/surrogate-database-key-not-bitcoin-protocol-flaw-to-blame-for-mt-gox-problems?utm_source=rss1.0moreanon&utm_medium=feed) at Slashdot.
http://slashdot.feedsportal.com/c/35028/f/647376/s/36f213aa/sc/21/mf.gif


http://da.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/sc/21/rc/1/rc.img (http://da.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/sc/21/rc/1/rc.htm)
http://da.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/sc/21/rc/2/rc.img (http://da.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/sc/21/rc/2/rc.htm)
http://da.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/sc/21/rc/3/rc.img (http://da.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/sc/21/rc/3/rc.htm)

http://da.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/a2.img (http://da.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/a2.htm)http://pi.feedsportal.com/r/187557638098/u/49/f/647376/c/35028/s/36f213aa/a2t.imghttp://feeds.feedburner.com/~r/Slashdot/slashdotDevelopers/~4/0PniDTm1E_o

More... (http://rss.slashdot.org/~r/Slashdot/slashdotDevelopers/~3/0PniDTm1E_o/story01.htm)