What other currencies have same malleability vulnerability as Bitcoin?

3

Malleability of Bitcoin protocol has contributed to major losses and represents uncomfortable risk to Bitcoin investors in addition to possibility of 51% attack that depends on promise of biggest mining pool.

Of course, any centralized exchange company can run away with depositors money, but, at least, currency protocol should be strong enough to not allow exchange company owners to blame losses on protocol and hackers.

Do Ethereum or NXT or counterparty or ripple or mint or any in top 10 have same vulnerability ?

alpav

Posted 2014-03-01T05:36:08.743

Reputation: 131

Question was closed 2014-03-03T00:52:45.363

4The claim that transaction malleability caused Mt Gox's losses is controversial, to say the least. – David Schwartz – 2014-03-01T08:37:02.577

1

related: What is transaction Malleability?

– Murch – 2014-03-01T08:46:57.693

@DavidSchwartz Would it be appropriate to say it was the weapon to commit the crime, aided by risky decisions from management? – Joe Pineda – 2014-03-01T10:52:43.930

Since most altcoins started as a clone of Bitcoin, and have seen less active development since, I would start with the assumption that most of them do share just about all bugs/features that Bitcoin had when they got started. Of course that only answers the "any other crypto-currency" part of your question, and only heuristically. – pyramids – 2014-03-01T11:44:17.913

1

@JoePineda Apparently, Mt. Gox had lost a bunch of their money already in 2011 and had been operating on fractional reserve all this time. As far as I know, it isn't clear yet, how the money got lost in the first place. I collected a few links here: Collecting questions related to Mt.Gox' insolvency

– Murch – 2014-03-01T19:37:29.323

@Gracchus a) I don't see how that has anything to do with Transaction Malleability and b) whatever his motivation he has a point there, see my comment above yours. – Murch – 2014-03-03T09:54:04.383

@alpav: Transaction malleability is only a problem to entities relying on unconfirmed transactions. When properly addressed it can at most lead to delays up to DDoS, but not loss. The problem was that the Mt.Gox software didn't address transaction malleability, even though the problem was known since 2011. However, by now it is even doubtful that it ever led to significant losses as Mt.Gox had been struggling and operating on a fractional reserve since 2011. – Murch – 2014-03-03T09:58:57.497

Answers

2

This is a quite hard analysis to make. In general all alt-coins that are based on the concept of dynamic input-scripts and output-scripts are subject to transaction malleability. This is because anybody could change the input scripts of a transaction, by adding commands that wouldn't alter the validity of the script, but would alter its hash. For example adding OP_DROP will leave the stack exactly as before prior to scriptPubKey execution.

Luca Matteis

Posted 2014-03-01T05:36:08.743

Reputation: 4 924

Why would any system allow to execute script that does not match it's hash ? What currencies do or do not not execute such scripts ? – alpav – 2014-03-03T05:05:11.613

1

NXT is based on different code, so it is repaired there, Nxt doesn't have malleability vulnerability

user14036

Posted 2014-03-01T05:36:08.743

Reputation: 19

This answer would benefit from a citation. – Murch – 2014-03-01T16:09:50.997

1So, now we got two opposing statements. Could either of you support their argument with some compelling evidence? ;) Perhaps some code references, or a developer statement supporting either stance? – Murch – 2014-03-01T19:47:08.033

The Nxt code is in Java and was written from scratch, taking ideas off Bitcoin and from some other places - so the 1st part is definitely right. As for the 2nd (it lacks mall. vuln.) I've seen nothing in the public info for this coin that sustains or denies it. Will try contacting its creators – Joe Pineda – 2014-03-01T23:23:38.417