Let’s say I want to accept payments instantly on a site for digital downloads.
So I publish an address and wait for the unconfirmed transaction, I see the transaction and release the digital download.
However the user may have sent the transaction with no fee. Therefore the miners may not pick it up or the user could issue a new transaction with a fee that gets processed into the block chain.
Is my thinking correct ? and is there away to stop this king of attack ?
You can check if a transaction includes a fee just by looking at its inputs and outputs (you can also access this information at blockexplorer.com).
Here are a few options to defend against this:
- Wait for more confirmations – this may not be desirable but it works
- Accept payments from an e-wallet/exchange like parker_vmg3 mentioned – some websites such as TradeHill or CampBX allow you to send bitcoins instantaneously between members
- Use green addresses – currently these are only available at MtGox and InstaWallet, but they might become more popular in the future