What is a Finney attack?
17 sats \ 0 comments \ @maths 2 Aug 2023 bitcoin
A Finney attack, a specific kind of double-spend attack in the Bitcoin network, requires certain specific conditions within the network topology. Here's how it works:
  1. Pre-mined Block: The attacker must mine a block containing a transaction that pays the coins to themselves. This block is not immediately broadcast to the network.
  2. Direct Connection to Victim: Ideally, the attacker must make a direct connection to the victim's node or ensure network latency to the victim, to minimize the chance that the victim learns about the pre-mined block before the attack transaction is accepted.
  3. Second Transaction to Victim: The attacker sends a transaction to the victim (e.g., the merchant), who delivers goods or services once the transaction appears in the victim's mempool but before it is confirmed in a block.
  4. Release of Pre-mined Block: Once the victim accepts the unconfirmed transaction, the attacker broadcasts the previously mined block, thereby invalidating the transaction to the victim since the block contains a conflicting transaction that spends the same output.
  5. Sufficient Mining Power: The attacker must have sufficient mining power to successfully mine the conflicting block. While they don't need to have more power than the rest of the network, a higher hash rate increases the success probability.
  6. Timing: The timing must be carefully orchestrated to ensure that the victim accepts the unconfirmed transaction before learning about the conflicting block.
  7. No Network Propagation of Mined Block: The pre-mined block must not be propagated through the network before the victim accepts the unconfirmed transaction.
  8. Merchant's Policy: The attack exploits merchants who accept unconfirmed transactions, a practice that might be found in face-to-face transactions where fast settlement is required.
A Finney attack is complex and requires a specific set of conditions to be met. It has become increasingly unlikely with the growing security in the network. The theoretical possibility still leads to discussions about the need for confirmations and caution in accepting unconfirmed transactions.
write
preview
related posts