I'm investigating this, but any help is appreciated.
as soon as we confirm we received bitcoins from a sponsor, we keep a 3% fee send the rest to the programmer, using the bitcoin RPC
API.
Sending through the API returns a transaction hash that we store in our
database.
Later we receive a HTTP notification with the transaction details.
If that notification contains a transaction hash that doesn't match
anything on the database, freedomsponsors.org sends me an email that
basically says: "HEADS UP: Blockchain is telling me there is an outgoing
transaction that I don't know about".
Today, I got two of those emails. Boy did that freak me out.
I thought someone had broken into our account and started stealing coins.
Only later I could investigate and understand what happened (phew):
The transactions created by freedomsponsors.org (those hashes were returned
by the RPC API call)
1) hash = b4b02450faecfe399340f4442eb3c9526ee78e7c0048e055988ce001bb5cfe70
amount = 0.03130000
from = 1NBf55HCN4e4VALVktfxBmqsAuakUtheSg
to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW
2) hash = 18311e095c3d8426025ab87fae87e988e1fbad09ba01db32586d066fc28ba87d
amount = 0.01570000
from = 14LkZoYgcheQCkj1mk6oEKqDsxcKHNAT7q
to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW
Those transaction hashes cannot be found in the blockchain anymore
Instead, there are similar outgoing transactions in my wallet, but with
different hashes:
1) hash = 74709ada277d65cbc8f507e41ca5955cd70456d8248cf0f25cd82ddc28217bac
amount = 0.0313
from = 1NBf55HCN4e4VALVktfxBmqsAuakUtheSg
to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW
2) hash = a76f239a327e8b61f7c3f942d52066696c58ad13fb19e4ec7f523a342a12db59
amount = 0.01569999
from = 14LkZoYgcheQCkj1mk6oEKqDsxcKHNAT7q
to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW
So... what I take from this is that I can't trust transaction hashes
anymore, is that it?
Instead should I verify transactions based on "from" and "to"?
Or is there any more reliable way of telling whether money I sent has
reached the wallet on the other side?
I'm investigating this, but any help is appreciated.
as soon as we confirm we received bitcoins from a sponsor, we keep a 3% fee send the rest to the programmer, using the bitcoin RPC API.
Sending through the API returns a transaction hash that we store in our database.
Later we receive a HTTP notification with the transaction details.
If that notification contains a transaction hash that doesn't match anything on the database, freedomsponsors.org sends me an email that basically says: "HEADS UP: Blockchain is telling me there is an outgoing transaction that I don't know about".
Related code: https://github.com/freedomsponsors/www.freedomsponsors.org/blob/master/djangoproject/core/services/bitcoin_frespo_services.py
Today, I got two of those emails. Boy did that freak me out. I thought someone had broken into our account and started stealing coins. Only later I could investigate and understand what happened (phew):
The transactions created by freedomsponsors.org (those hashes were returned by the RPC API call)
1) hash = b4b02450faecfe399340f4442eb3c9526ee78e7c0048e055988ce001bb5cfe70 amount = 0.03130000 from = 1NBf55HCN4e4VALVktfxBmqsAuakUtheSg to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW
2) hash = 18311e095c3d8426025ab87fae87e988e1fbad09ba01db32586d066fc28ba87d amount = 0.01570000 from = 14LkZoYgcheQCkj1mk6oEKqDsxcKHNAT7q to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW
Those transaction hashes cannot be found in the blockchain anymore Instead, there are similar outgoing transactions in my wallet, but with different hashes:
1) hash = 74709ada277d65cbc8f507e41ca5955cd70456d8248cf0f25cd82ddc28217bac amount = 0.0313 from = 1NBf55HCN4e4VALVktfxBmqsAuakUtheSg to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW
2) hash = a76f239a327e8b61f7c3f942d52066696c58ad13fb19e4ec7f523a342a12db59 amount = 0.01569999 from = 14LkZoYgcheQCkj1mk6oEKqDsxcKHNAT7q to = 1LSrAt3Ee1BZrRM2YLxrPaBxSTEqcr8SxW
So... what I take from this is that I can't trust transaction hashes anymore, is that it? Instead should I verify transactions based on "from" and "to"? Or is there any more reliable way of telling whether money I sent has reached the wallet on the other side?