"Double Spending" or Farce: A Review of the Filecoin Double Spending Vulnerability Incident

On the evening of the 18th, a user reported that after depositing FIL into the exchange, double-spending and then withdrawing, they could still receive the same amount of FIL. In response to this incident, the Filecoin development team, Filfox and FileStar developers, and the Lotus team all came out to explain the incident. Golden Finance has collected and sorted out the main time nodes of this incident for you to understand the whole process of the incident.

18th

23:57

In the evening, some users reported that they could receive the same amount of FIL after depositing FIL into the exchange, double-spending and withdrawing it. Currently, Binance and MXC have suspended FIL deposits. Similar problems seem to have occurred in multiple exchanges, and some analysts believe that it is a problem with the Filecoin mainnet.

19th

00:16

Filfox and FileStar developers found that Filecoin deposits have the risk of double spending

According to the joint analysis of the Filecoin Feihu browser Filfox and FileStar developers, the deposit process of the exchange recommended by Filecoin officially has the risk of double spending, and it is recommended that the exchange can temporarily postpone the deposit of Filecoin. The double spending risk has already affected the deposit of a certain exchange and has been verified by the double spending. At present, the developers of Filfox and Filestar have assisted some exchanges to improve the recharge process and notified the Filecoin official.

00:33

Protocol Labs: Filecoin has no double-spending problem, Filfox browser front-end is misleading

According to Wu Blockchain , in the early morning of the 19th, official staff of the Protocol Lab stated that after confirmation by the Filecoin development team, there is no double-spending problem with Filecoin. The possible reason is that the Filfox browser front-end caused misleading, causing some users to believe that double-spending is possible during the process of recharging Filecoin on the exchange.

00:42

Huobi suspends FIL deposit and withdrawal services

According to the official announcement, due to the FIL (Filecoin) wallet upgrade, Huobi Global has now suspended FIL deposit and withdrawal services.

1:12

Filfox and Filestar developers speak out again

Filfox and FileStar developers responded to Protocol Labs. After careful and detailed analysis, it can be confirmed that the recharge process recommended by Filecoin official website to the exchange has serious problems. Special transactions can be constructed to deceive the recharge detection of the exchange, thereby realizing double spending of a transaction. Through this method of constructing special transactions, a certain exchange has already had about 5 million US dollars worth of false recharges of Filecoin. Filfox developers confirmed that the FilFox browser front-end display is normal, and even if there are any problems, it will not affect the exchange's deposit problem. The exchange deposit is carried out according to the process recommended by Filecoin officially, and has nothing to do with the browser display. FilFox and FileStar developers will disclose the technical details of false recharges and double spending after the Protocol Labs fix the problem.

5:54

Filecoin official release twitter

The Lotus team received a report from an exchange regarding the incorrect use of the Lotus API to determine transfers/deposits in the Filecoin network. The Lotus team investigated and found that there were no network issues or API vulnerabilities. The team is currently working with all relevant exchanges to ensure the correct use of these APIs.

Popular Science:

What is a double spend?

There are two popular definitions of double spending, one more technical and the other more practical.

Technically, a double spend occurs when a payment received by a party (transaction T1) is first added to the blockchain and this transaction is later deleted. This can only happen if the block containing the transaction becomes stale.

In addition, it is not enough that the new blockchain does not contain T1, otherwise this transaction may still be included in the next block. After the double spend occurs, one of the T1 transaction records will also appear in the T2 transaction record. Since this record is included in T2, T1 becomes an invalid block and is deleted from the network.

We call this phenomenon double spending, not because the user spent the same amount of money twice, but because the transaction appeared twice in the block. However, from a practical point of view, if T1 occurs before T2, this will also have a different impact because the ownership of the cryptocurrency will change. (Golden Finance)