[Ethereum] Transaction receipts, blocks and confirmations

confirmationsgo-ethereumjson-rpcSecuritytransactions

In Bitcoin, there is a best practice to wait between three to six block confirmations before accepting an transaction. This is to avoid double spending. Are there similar rules of thumb in Ethereum?

Let's assume I am building a service that tracks Ethereum payment transactions. If I have an incoming tx hash, how can I check confirmations over Geth RPC API? I assume the transaction receipt should be used, but what numbers I should track to watch out for double spends and similar things. Is a transaction somehow invalidated if a double spend or other malign condition (fork?) is detected?

Best Answer

Here are the answers to the 3 questions on confirmations, checking for confirmations, and double spends.

1. What number of confirmations is considered secure in Ethereum?

12 confirmations; however, exchanges and entities handling very large amounts of Ether frequently are still encouraged to run two different Ethereum implementations and only accept transactions that have been confirmed by both for maximum security (e.g. Go & C++).

2. Indeed, using the transaction receipt is a way to check confirmations. Code example at: How can a DApp detect a fork or chain reorganization using web3.js or additional libraries?

3. Double spends are prevented because every account has a transaction count (nonce) that increases with each transaction.

Note: although each account has a nonce which prevents double spends, the nonce does not protect against replay attacks.

Related Solutions

[Ethereum] What number of confirmations is considered secure in Ethereum

From George Hallam:

12 confirmations; however, exchanges and entities handling very large amounts of Ether frequently are still encouraged to run two different Ethereum implementations and only accept transactions that have been confirmed by both for maximum security (e.g. Go & C++).

For reference, 12 confirmations is approximately 3 minutes.

[Ethereum] How to get the transaction confirmations using the JSON RPC

When you send a transaction, you will receive back a transaction hash.

Use the command getTransactionByHash({transaction hash}) to retrieve the transaction details. Your blockNumber should be non-null if the transaction has been mined and included into a block.

The call is documented in https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_gettransactionbyhash with the following example:

// Request
curl -X POST --data '{"jsonrpc":"2.0","method":"eth_getTransactionByHash","params":["0xb903239f8543d04b5dc1ba6579132b143087c68db1b2168786408fcbce568238"],"id":1}'

// Result
{
  "id":1,
  "jsonrpc":"2.0",
  "result": {
    "hash":"0xc6ef2fc5426d6ad6fd9e2a26abeab0aa2411b7ab17f30a99d3cb96aed1d1055b",
    "nonce":"0x",
    "blockHash": "0xbeab0aa2411b7ab17f30a99d3cb9c6ef2fc5426d6ad6fd9e2a26a6aed1d1055b",
    "blockNumber": "0x15df", // 5599
    "transactionIndex":  "0x1", // 1
    "from":"0x407d73d8a49eeb85d32cf465507dd71d507100c1",
    "to":"0x85h43d8a49eeb85d32cf465507dd71d507100c1",
    "value":"0x7f110" // 520464
    "gas": "0x7f110" // 520464
    "gasPrice":"0x09184e72a000",
    "input":"0x603880600c6000396000f300603880600c6000396000f3603880600c6000396000f360",
  }
}

Then call eth_blockNumber (https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_blocknumber) to get the current block height. Your number of confirmations is the eth_blockNumber result minus the eth_getTransaction blockNumber result.

Best Answer

Related Solutions

[Ethereum] What number of confirmations is considered secure in Ethereum

[Ethereum] How to get the transaction confirmations using the JSON RPC

Related Topic