Do no-fee transaction represent a greater risk if the product is delivered instantly?

Let’s say I want to accept payments instantly on a site for digital downloads.

So I publish an address and wait for the unconfirmed transaction, I see the transaction and release the digital download.

However the user may have sent the transaction with no fee. Therefore the miners may not pick it up or the user could issue a new transaction with a fee that gets processed into the block chain.

Is my thinking correct ? and is there away to stop this king of attack ?

Answer

You can check if a transaction includes a fee just by looking at its inputs and outputs (you can also access this information at blockexplorer.com).

But you are correct: accepting transactions with 0 confirmations is risky and there are other attacks besides the one you mentioned (the 51% attack and the Finney attack, for example).

Here are a few options to defend against this:

  • Wait for more confirmations – this may not be desirable but it works
  • Accept payments from an e-wallet/exchange like parker_vmg3 mentioned – some websites such as TradeHill or CampBX allow you to send bitcoins instantaneously between members
  • Use green addresses – currently these are only available at MtGox and InstaWallet, but they might become more popular in the future

Leave a Reply

Your email address will not be published. Required fields are marked *