## What is a Finney attack?

34

10

What is a Finney attack? Extra points for explaining its purpose, the prerequisites for it to be possible, how the attack can be performed and the origin of the name "Finney attack".

40

The Finney attack is named after Hal Finney, who suggested it in this comment. (Hal happens to be the first recipient of a Bitcoin transaction, and the first person to comment on the release of the Bitcoin source code.)

It is a double spending attack with the following features:

• It only works if the merchant accepts unconfirmed transactions.

• It still works, however, if the merchant waits a few seconds to verify that everyone in the network agrees he was paid.

• It requires the attacker to be mining and controlling the content of his blocks; however, he can in theory do this with any hashrate, in particular significantly less than 50% of the network hashrate.

It proceeds as follows:

1. The attacker mines blocks normally; in the block he is trying to find, he includes a transaction which sends some of his coins back to himself, without broadcasting this transaction.

2. When he finds a block, he does not broadcast it; instead, he sends the same coins to a merchant for some goods or service.

3. After the merchants accepts the payment and irreversibly provides the service, the attacker broadcasts his block; the transaction that sends the coins to himself, included in this block, will override the unconfirmed payment to the merchant.

If the time from finding the block until the attacker sends payment and the merchant accepts it is t, and the average time to find a block is T, there is a probability of t/T that another block will be found on the network in this time; in this case the attack will fail, and the attacker will lose the block reward of B.

This means that the average cost of attempting the attack is about (t/T) * B; as a rule of thumb the merchant should wait at least t=V*T/B (V is the value of the transaction), to make sure that trying to carry out this attack against him isn't profitable; this may not be sufficient though, as a nimble attacker can use the same block for multiple attacks, potentially gaining the total of their value.

Clearly, the lower the attacker's hashrate, the less opportunities he has to carry out the attack. If the attack is for obtaining some illiquid good, it is difficult to make the need for this good coincide with finding a block. If the attack is for obtaining something liquid (e.g. exchanging bitcoins for other money), an opportunity is ever-present but the merchant is likely to require a few confirmations. This makes the attack difficult to use in practice.

15

The Finney attack is a variation of a double-spend attack. The attacker creates two transactions - one crediting the victim and one crediting themselves. They keep the first transaction for now and proceed to try mining the second one into a block. When they succeed (this may take awhile), they quickly make a purchase with the first transaction, get the goods they purchased, and then release the pre-mined block. This way the first transaction will become invalidated, even if it is propagated through the whole network.

This variant of double-spend attack is harder to execute (mining a block by oneself hasn't been easy for a long while), but is undetectable until it has been fully executed. The only way to protect oneself against such an attack is to require at least one confirmation for transaction before giving out purchased goods, and requiring more confirmations for transactions worth more.

Considering the bitcoin network is now so humongous, is the Finney attack purely theoretical? Are there any past records of the Finney attack suspected or happening? – Pacerier – 2014-05-22T18:25:51.473

1@Pacerier As far as I remember I heard that some mining pool was regularly using this against gaming websites like SatoshiDice. Essentially, you create a block with a transaction crediting yourself. You send a conflicting transaction to SD that can net you more than the block reward. If you lose, you release the block and get your money back. If you win, you discard the block and keep the winnings. – ThePiachu – 2014-05-23T00:04:12.247

Wow, so SatoshiDice could be bankrupted by repeated acts of this? – Pacerier – 2014-05-23T14:09:24.063

@Pacerier Yes, unless they switch over to only processing bets with 1+ confirmations. – ThePiachu – 2014-05-23T17:00:49.540

Seems odd that no one has attacked SatoshiDice yet. It looks to be a really tasty target. – Pacerier – 2014-05-23T17:03:45.397

1@Pacerier maybe someone has, but maybe they are making enough money not to care. Beats me. – ThePiachu – 2014-05-24T06:18:19.293

can you explain for me, why the first transaction will be invalidate. For example, you have 10 coins. you move 3 coins to yourself, and you buy other 3 coins. I see no conflict in here. thanks. – hqt – 2016-09-02T11:31:53.360

@hqt If you send 3 coins to yourself and you sell the exact same 3 coins to someone else, only one of those transactions will go through. You aim to create a conflict and get it into a block. – ThePiachu – 2016-09-07T10:13:46.307

@ThePiachu so the key point is exactly that same 3 coins (look like each coin has something similar like id). We can control this action ? thanks – hqt – 2016-09-07T10:15:55.953

@hqt Read up on Bitcoin transactions, TxIDs, etc. You first need to understand how those work to understand why Finney Attack works. – ThePiachu – 2016-09-08T13:13:46.720

@ThePiachu "If you win, you discard the block and keep the winnings." Why even discard can't we keep both, unless we will only get win money after transaction has been confirmed.. But the website that does not even see if transaction is confirmed and lets you place the bet, won't even try to confirm other thing too, am I right? – Suraj Jain – 2018-03-09T19:42:47.137

@SurajJain the block you are mining doesn't have the transaction. It's meant to roll back what you did in case you lose. Otherwise it's not a finney attack – ThePiachu – 2018-03-09T22:00:41.273

@ThePiachu I meant If I win and I have been credited money then Why discard the block that contain transaction to me, as that way I will get my money also back which I used on bet, I mean why not roll even after I win, will get to keep both – Suraj Jain – 2018-03-10T03:56:15.950

1@SurajJain You are creating a block WITHOUT the transaction. If you LOSE, you release your block, thus cancelling the bet. If you WIN, you discard the block and keep the winnings. – ThePiachu – 2018-03-11T04:51:50.677

Does after winning they would check the transaction to be confirmed before giving price? – Suraj Jain – 2018-03-11T06:19:28.893

I thought we would get winning price instantly and then we would release that block so we also get to keep the money we spent on the bet. – Suraj Jain – 2018-03-11T06:20:08.050