What prevents broadcasting of fraudulent transactions


I see a lot of questions and articles about why someone can't generate fake coins, maliciously attack the network, and essentially security discussions focused on the generation and interception of coins. With the blockchain being described as a ledger, what prevents someone from simply broadcasting a transaction moving a small amount (fractions) of coins from one account to theirs? Or can coin movements only be originated from the source address?


Posted 2018-04-05T02:29:12.433

Reputation: 101




You can totally broadcast a fraudulent transaction, but nodes in the network will ignore it as it is invalid.

Furthermore, nodes will also ignore any blockchain which contains any fraudulent transaction. As a result, miners are financially disincentivized from doing so.

Pieter Wuille

Posted 2018-04-05T02:29:12.433

Reputation: 64 874


When broadcasting a tx, a regular node checks for two things: Is the transaction standard, and is the transaction valid.

Standard transactions are, for simplicity's sake, transactions that create p2sh, p2pkh, p2wpkh, p2wsh, and OP_RETURN outputs. A standard transaction must also consume inputs in a few known scripts, namely multisig and regular single key scripts.

The transaction being valid is what prevents your scenario. For a transaction to be valid, a transaction must spend inputs that already exist and are unspent (unspent transaction outputs, or utxos), and the scriptsig for each input must verify. For a standard transaction, this means that the signatures on the tx must validate the script specified at output creation time.

You can try to make a fraudulent tx in two ways:

  1. You spend coins that exist, but are not your own - In this case, the input validation will succeed, but since you don't own these coins, you cannot sign for them, and the signature validation will fail. The network will refuse to broadcast your transaction
  2. You spend coins that don't exist - In this case, the network will simply reject your tx with a missing inputs error, since you can't spend coins that don't exist

Raghav Sood

Posted 2018-04-05T02:29:12.433

Reputation: 15 741

So in short, without a combination of someone's address and private key, a malicious actor cannot generate a transaction that moves coins from the target's wallet to another wallet. The transactions that are being copied over and over on the public ledger have already been securely vetted before they can be widely broadcast. – FaultyJuggler – 2018-04-05T17:14:16.057