Filecoin’s recent good news frequently include three things: Grayscale officially announced the launch of the FIL trust product on March 17, the Filecoin “double flower” farce, and the SAFT public offering expires in June. In this regard, we analyze one by one.
1. Filecoin “Double Flower” farce
So what exactly is this Filecoin “double spend” incident? What are the causes and consequences?
To fully understand this “double-spending” incident, we must first know what a double-spending attack is.
What is a double-spend attack?
Double spending, or double payment, refers to the fact that in the digital asset system, due to the reproducibility of data, the system may have the same digital asset being reused due to improper operations. In short, a digital asset is repeatedly paid and a sum of money is spent two or more times. For example, if there is 100 yuan in the Alipay wallet (the bound bank card), 100 yuan is consumed, and Alipay has a bug. , This sum of money has not been synchronized by the bank and is still in the bank card, so we can continue to consume with 100 yuan, which is a double-spending problem.
Double spending will cause “inflation” and depreciate the value of encrypted assets. Generally, this situation occurs more frequently in centralized exchanges.
Take the encrypted assets of the blockchain as an example: In May 2018, a hacker launched multiple “double-spend” attacks against the infrastructure of the Bitcoin Gold cryptocurrency exchange, and managed to grab $18 million worth of BTG, which directly led to The entire BTG market needs to digest the 18 million U.S. dollars of BTG, which will indirectly depreciate the unit price of BTG.
In order to better review this Filecoin, we need to understand the mainstream types of double-spending attacks: 51% attacks and competition attacks.
51% attack: The attacker controls more than 50% of the hash power, which allows them to delete or modify the order of transactions. In this way, multiple transactions can be sent, which is currently difficult to achieve on the Bitcoin network, and it is difficult to meet economic benefits.
For example: our Alipay’s bank card is only 100 yuan, we have consumed 100 yuan externally, and then delete the record by controlling the bank’s mastermind (it can be understood as 51% of the control calculation power modification), and then the bank does not have my transaction record, but In fact, Alipay has already used the 100 yuan, so my bank card still has 100 yuan, so I can continue to spend.
BTG double-spend attack is a type of 51% attack, mainly because of the small scale of computing power. At that time, hackers only needed to pay $3,400 to complete the attack successfully.
Contest attack: Use the same funds to continuously broadcast two conflicting transactions (same Nonce value), but only one transaction with a high Gas fee is confirmed. The attacker’s goal is to invalidate another payment by verifying a transaction that is beneficial to him, so that the same funds are sent to an address he controls.
For example: A transfers 100 yuan to B (general gas fee), and also uses the same Nonce value to send another transfer of 100 yuan to B (high gas fee). In the blockchain world, the same Nonce value can only confirm one transaction, because the second gas fee is higher and it will be smoothly transferred to B 100 yuan, and the first transaction is considered to be a failure because of the second transaction, so it will Return 100 yuan to A, so that A and B each have two 100 yuan.
There is no “double flower” attack in this farce
The Filecoin “double spend” incident is to confuse the concept. This time it cannot be attributed to a competition attack, but a human error.
From the results, taking the Filscan.io browser as an example, only one transfer was successful for this transaction.
According to the official explanation, “The problem that the lotus team knows stems from the fact that there are two messages with the same sender/receiver details, the same Nonce but different Gas parameters-they are included in the same Tipset. Like. Such two similar messages are very common. For example, replacing the message with the gas fee of the message will form two similar messages. Such a situation will be handled safely and correctly by the Filecoin network, and will not cause twice Transfer: One of the two messages will be executed and the other will be ignored”.
The official explanation means that the Filecoin main chain has already targeted the competition attack (same as Nonce) for the correct processing of transactions, and there will be no double spending due to the high Gas fee substitution behavior, so this piece confirms Filscan.io The data is accurate.
So how did the farce arise?
The official conclusion is very good: “Wrong use of API. However, according to the way people check the chain, this will show that the message has been processed twice. Specifically, the relevant exchange used a wrong way to handle the chain state. Way-call ChainGetBlockMessages on each block of tipset, and then call StateGetReceipt on these messages”.
Because the exchange called the wrong API interface, there was a double spending phenomenon (not actually). This phenomenon is not a bug in the Filecoin network itself, but a method error. At the same time, the official pointed out that ChainGetParentMessages and ChainGetParentReceipts should be used for accounting.
At the same time, the exchange should use the real data source on the chain for accounting. If a browser is used as the data source, once it maliciously modifies the data, it will also lead to “centralized malicious” double-spending attacks.
In general, the farce is generally due to the improper operation of the exchange, which caused the interested people to deliberately do it. So looking back, there was an unnecessary wave, so who “double spent” this time?
Author/ Translator: Jamie Kim
Bio: Jamie Kim is a technology journalist. Raised in Hong Kong and always vocal at heart. She aims to share her expertise with the readers at blockreview.net. Kim is a Bitcoin maximalist who believes with unwavering conviction that Bitcoin is the only cryptocurrency – in fact, currency – worth caring about.