Altcoins Talks - Cryptocurrency Forum

Cryptocurrency Ecosystem => Stable Coins Forum => USDT Forum => Topic started by: akhjob on June 30, 2018, 12:13:30 PM

Title: FUD claiming that double-spend has been successfully performed on USDT
Post by: akhjob on June 30, 2018, 12:13:30 PM: A Twitter post by SlowMist (https://twitter.com/SlowMist_Team/status/1012362798137872384), claimed that double spend has been successfully performed on Tether.

The original tweet is in Chinese and this is the translated version of the tweet by Microsoft
Quote
The exchange in the USDT recharge transactions to confirm the success of a logical flaw in the transaction details on the blockchain valid field value is true, resulting in "pretend value", the user has not lost any USDT but successfully recharge the exchange USDT, and these usdt can be normal transactions. We have confirmed that the real attack happened! The relevant exchange should suspend USDT recharge function as soon as possible, and self-examination code whether there is this logic flaw.

This seems to be the uncensored tx data: https://api.omniexplorer.info/v1/transaction/tx/f2e4b555532c6abd9065ab6158a1eec184e4fa8a570e9fb1ede4022589904dd8

But the Omni founder stated in Reddit, (https://www.reddit.com/r/CryptoCurrency/comments/8ulr0t/a_doublespend_has_been_successfully_performed_on/e1gispn),
Quote
In general, I designed Omni so that to double-spend an Omni asset, you would have to double-spend bitcoin.

If I'm translating this correctly, it appears that what happened here is that an exchange wasn't checking the valid flag on transactions. They accepted a transaction with valid=false (which they should not have), and then the second "double spend" transaction had valid=true, which they also accepted.

Unless I am missing something, this is just poor exchange integration. One of our devs already replied pointing to our best practices for integration (thanks dexx!): https://github.com/OmniLayer/omnicore/wiki/Integrate-Omni-Core-to-receive-payments

Edit: Since news articles are linking here, I'll add one other thing. Reading the press release from okex (https://support.okex.com/hc/en-us/articles/360006305532), they describe it a little differently. There may be cases when the valid flag is true, but the transaction fails for other reasons. It is important to also check the balance of the receiving account, as described in the best practices document linked above.

Generally, if the transaction is marked as valid and omnicore shows the expected balance, you shouldn't have anything to worry about.

Later Slowmist itself confirmed that Tether itself has not been compromised but some exchange didn't bother to use proper validation of Tether transactions resulting in a possible flaw

Already several FUDs have been doing rounds stating that Tether has been compromised, don't fall for it. Thought it was worth sharing. Stay away from FUDs.
Title: Re: FUD claiming that double-spend has been successfully performed on USDT
Post by: altcoingamer on July 05, 2018, 07:24:59 AM: Thats good to know that its not yet another thing to worry about Tether with.... double spend attacks would be a huge blow if proven to be true.. and it would be insane the amount of FUD this would cause.. lets hope it stays that way.. Tether is sort of a ticking time bomb imo anyways.

SMF 2.0.15 | SMF © 2017, Simple Machines
Enotify by CreateAForum.com
Referrals System by CreateAForum.com
SMFAds for Free Forums | Powered by SMFPacks Social Login Mod