transaction verification – How are transations validated?

As per my understanding whenever someone sends a bitcoin it gets added to the transaction pool. The miner then take these transactions from the pool and add it to the block. However, I wanted understand
(a) how does the transactions by themselves get validated.
So if Bob sends 2 bitcoin but he doesn’t have that many bitcoins then how is this transaction validated.
(b) If the transaction are validated by the wallets cant the wallets be hacked and manipulated.

magento2 – How do I prevent empty checkout fields from being validated on page load?

I am using Magento 2.3.5 and Amasty’s “One Step Checkout” module. Amazon Pay is also present.

When viewing the checkout page, it seems something is trying to validate the <input> fields even though the user hasn’t entered anything:

enter image description here

Is this something anyone has encountered before?

mining pools – Can we check if a miner has validated the solution?

Firstly, correct me if I’m wrong.

When a miner finds a solution for the block and broadcasts it to the other node, all the other nodes verify if it is a correct solution or not.

It’s very trivial to validate the PoW, just hash the block header and then count how many “leading zeros” that hash contains (note that such description is theoretical. The actual implementation allowing “fractional leading zeros” is somewhat complex or even weird).

Validating the whole block is much more complex and “costy” than validating the header only. The CVE-2018-17144 inflation/DoS vulnerability was actually caused by improper optimization of the validation code in order to further improve block propagation.

However, theoretically no matter how many miners are in a pool, they are just one single full node (as the identity of the pool) in the Bitcoin P2P network.

It’s the pool who constructs the block to be mined. Pooled miners using the stratum protocol don’t download the full block data at all. They only download minimal data required (like the block header, coinbase transaction etc) to do the SHA256d mining. They therefore don’t validate the block because it’s not even downloaded at all.

So we can see, currently pooled miners (who do not run their own full nodes) blindly follows the pool, so that it’s possible for an evil pool operator to abuse the hashpower provided by miners in that pool. Actually some miners are even happy with such situation, because some pools promotes features like “automated switching for maximum profit”. We may see improvement/relief on this issue in the future if BetterHash/StratumV2 protocol could be widely adopted.

Besides, pooled miners can indeedly attack the pool (or other miners) by withholding the solution, albeit it’s very trivial for the pool to validate the solution (PoW).

Can we check if a miner has validated the solution?

To my knowledge it’s currently not possible to know whether a miner (mining pool) had validated the whole block. It’s just the miners’ own interest to fully validate the previous block once again on their own, so that they would be completely confident that they won’t waste their hashpower/electricity costs on an invalid branch of blockchain.

I read somewhere that if mining pools find a solution, then peer miners in that pool don’t verify the solution and straight away go for the mining of next block on top of it. This is kinda unfair for the other miners. Do we have any system to check if a miner has validated the solution or not?

You seem to describe a kind of validationless mining called “SPV mining”.

However, it’s not “peer miners in that pool”, but other pools (or solo miners) can possibly do that.

It indeedly once caused problems, like the 2015 chain-fork incident related to BIP66.

Theoretically there’s also a variant of selfish mining attack called “Blockchain Denial-of-Service (BDoS)”, which aims to push victim miners under profitable line.

There’s also a controversial argument that SegWit also has an issue similar to BDoS, because developers had once pointed out that SegWit allows the miner to mine atop previous block without downloading & validating the witness data (mostly digital signatures, only SegWit transactions have such data), so that that miner could then collect transaction fees with higher confidence (because, with the non-witness part of the previous block it’s already enough to update the UTXO set, which is the “global account balance database” of Bitcoin maintained by each full node on its own).

On the other side of it, not sure how often does this happen on the network but a pool of miners can share wrong solutions to keep the other miners busy and get an advantage.

In selfish mining, it’s not really a “wrong” solution to be shared, but stale branch of the blockchain which the victim “honest” miners have no choice but to mine atop it, because the longer branch is withheld by “selfish” miners.

ubuntu – How can I check which suitable repositories / packages are validated by certain keys?

I inherited an Ubuntu 18.04 server to which some custom repositories and keys have been added in the past. I want to make sure all keys are still in use and see which packets are validated. Is there any way to do this?

I can list all the keys apt-key list and look inside /etc/apt/trusted.gpg[.d], but how can I compare them to repositories and packages?

cookies – Should JWTs be validated with every request?

I couldn't find a definitive answer to the question above.

We are currently using AWS Cognito JWTs for our authentication. Currently, the JWTs returned are too large to be used in cookies (above the 4K limit), so not all of the JWT is stored in cookies.

Our current process is to log in the user and then validate the received ID token (JWT). Then create one FormsAuthenticationTicket and Cookie from this information. The cookie contains the relevant ID information of the user and the expiry date of the ID token originally received.

This means that for all future page loads, we simply check whether the cookie has expired or not. If so, you have to register again.

Would the above work correctly or does the JWT have to be sent as a cookie and checked every time a page is requested?

Transaction cannot be validated (error when executing the script)

I have created a transaction in TESTNET and am trying to transfer it using the BlockCyphers function:

https://live.blockcypher.com/btc-testnet/pushtx/

When I try, I get the following error message:

Transaction check failed: Failed to run input 0 script
referencing
261190892daa2c9aaaf25c20624f7f2941d2ad58dec883b0c929d1fa9306fd57 at 0:
Script was NOT verified successfully.

Here is the transaction. I don't understand what's going on and I don't know if I understand the mistake. Can someone help?

{
    "addresses": [
        "mjGtZWXgPdbLUZYWtDqVTfbFieVzXFfSEj", 
        "2N7nSZjfqikj4oVkCqaLB3CNMY3TA72PbNY", 
        "msp7depXvcjLqykZxYVrWNG9QgKqLWWKEN"
    ], 
    "block_height": -1, 
    "block_index": -1, 
    "confirmations": 0, 
    "double_spend": false, 
    "fees": 12375, 
    "hash": "463372d7a8f456c882179635aabbeca4146396b1f81c05699a2e885e3f84d6e6", 
    "inputs": [
        {
            "addresses": [
                "mjGtZWXgPdbLUZYWtDqVTfbFieVzXFfSEj"
            ], 
            "age": 1657999, 
            "output_index": 0, 
            "output_value": 5000000, 
            "prev_hash": "261190892daa2c9aaaf25c20624f7f2941d2ad58dec883b0c929d1fa9306fd57", 
            "script": "48304502210093b8ff9180a8a31a5ee7b0fb6c560aef888a3d53576e530cb4601dce2d3c51da02204fd8a28743f1d1100a2f56428e743501091e833550df6cf540bad4f5248a6d3c012102d794c7e1a8068782ef6ee68acf9f6ad9c84c78349671c1a7bf60418a8e1ed108", 
            "script_type": "pay-to-pubkey-hash", 
            "sequence": 4294967295
        }
    ], 
    "outputs": [
        {
            "addresses": [
                "2N7nSZjfqikj4oVkCqaLB3CNMY3TA72PbNY"
            ], 
            "script": "a9149f792783320ffb5a4f3ee4c69525d4932ac0497087", 
            "script_type": "pay-to-script-hash", 
            "value": 500
        }, 
        {
            "addresses": [
                "msp7depXvcjLqykZxYVrWNG9QgKqLWWKEN"
            ], 
            "script": "76a91486e0602ab38efd1811ff4db76f7d58c717c8598888ac", 
            "script_type": "pay-to-pubkey-hash", 
            "value": 4987125
        }
    ], 
    "preference": "high", 
    "received": "2020-01-10T05:09:49.945289619Z", 
    "relayed_by": "54.197.194.161", 
    "size": 224, 
    "total": 4987625, 
    "ver": 2, 
    "vin_sz": 1, 
    "vout_sz": 2
}

bitcoin core – When exactly are the transactions validated?

I have some gaps in my understanding of the transaction's lifecycle that I want someone to help me specifically fill with the validation.

What I understand with my questions about the life cycle:

1] The transaction is logged out by the user through the Wallet app and sent to the Blockchain network.

The question at this step is: Does the Wallet app perform a transaction validation that requires checking the entire history of the blockchain at this level?


2] The sent transaction is now sent to many nodes in the network, and these nodes forward or "propagate" the transactions to other nodes until all nodes have that transaction in their "pool of unconfirmed transactions"?

Tell me if a part is wrong or not, in the right order


3] Each miner selects some transactions and starts mining.

When the miner selects the transactions, does he at this level validate each transaction that requires a full scan of the history of the blockchain?


4] When the miner releases the block, it sends this block, along with the hash value it generated, to the blockchain network in the same way that the transaction was sent to some nodes and passed to the rest. Then the nodes will hash the block header to see if it generates the same hash or not so they can accept that block.

The question here is: Do the nodes revalidate all transactions sent with the block header to make sure that they are genuine transactions that were not created by the miner who solved the block?

Does the validation of these transactions require a review of the entire history of the blockchain?

I know how Merkle trees has multiple transactions and that any change to the hash of a transaction alters the value of the Merkle root, but my question here is how helpful that is. Would the miner who has already faked one of the transactions not have the correct Merkel root for all transactions in the block, since he is the one who added them first? My point is, how does merkle root help? What value does it add? What kind of attack prevents it?


The final question is the consensus that, by definition, all nodes agree that they are at the same level as the new block. I know the PoW, but how do all the nodes check and communicate with each other to confirm that they all have the same block?

Consensus – Can I have a blockchain that has not been mined or validated?

I'm ready to use blockchain technology to implement the voting system. Therefore, I plan to create a private network that consists only of nodes that people vote on, so I do not want a miner or examiner. Is it possible to do it? Is there a consensus that allows this? Is it also possible to avoid double spending with smart contracts? (I plan to use a hash of voter fingerprints as an address, so I can restrict a person to vote only once with smart contracts.)
I am sorry for any misunderstandings, as I am still very new to the blockchain!

How can SQL changes be validated more effectively?

In my experience, SQL code changes are almost always NOT incremental: someone creates a new stored procedure or modifies an entire embedded SQL query for optimization or creates a brand new table. When I get one of these code validation requests, I could not find any other way than to understand the entire SQL query. Often these are really long nested queries, sometimes other procedures are called. Understanding and verifying these changes becomes a big task. Then I have three options: 1] to approve without careful examination; 2] Spend a lot of time going row by row, understanding the data model, interrogating a test system to see what it produces. 3] Ask the person to guide me through the changes.

I do not want to do 1 or 2. However, I do not want to spend hours figuring out what the entire query does and whether the new version is equivalent, but works faster.

Are there any technologies or tools or methods to simplify this process? How do others perform such checks without suffering too much pain?

A fundamental difference to regular code changes seems to be that SQL changes are more likely to become complete paraphrases, which makes the problem more common – for me, almost every SQL check I do every day.

All recommendations are highly appreciated.