In Bitcoin, there is a best practice to wait between three to six block confirmations before accepting an transaction. This is to avoid double spending. Are there similar rules of thumb in Ethereum?
Let's assume I am building a service that tracks Ethereum payment transactions. If I have an incoming tx hash, how can I check confirmations over Geth RPC API? I assume the transaction receipt should be used, but what numbers I should track to watch out for double spends and similar things. Is a transaction somehow invalidated if a double spend or other malign condition (fork?) is detected?
Best Answer
Here are the answers to the 3 questions on confirmations, checking for confirmations, and double spends.
1. What number of confirmations is considered secure in Ethereum?
2. Indeed, using the transaction receipt is a way to check confirmations. Code example at: How can a DApp detect a fork or chain reorganization using web3.js or additional libraries?
3. Double spends are prevented because every account has a transaction count (nonce) that increases with each transaction.
Note: although each account has a nonce which prevents double spends, the nonce does not protect against replay attacks.