The difference between Double Spending RBF BTC vs BCH 0-Conf
This is a follow-up from an earlier posted video from Hayden Otto from BitcoinBCH.com where he proved you could double spend BTC using a number of wallets, desktop and mobile to purchase from from TravelbyBit on BTC.
It should be noted Hayden had prior agreement with the merchant and
also returned the funds immediately.
There was a great deal of chatter on this topic on social media - Reddit, Twitter and Facebook. The reasoning for this follow up was - the main defense I saw online was: "Zero Confirmations on BCH were equally as bad as Double Spending on BTC."
What I aim to help point out with this article was that there is a big difference between a perceived double spend (on BCH) when there is two TX sent at the same time and a double spend on BTC where the sender sends two TX the first one, and then the second TX minutes later after he has purchased something, allowing the spender to leave the brick and mortar shop or online store without the merchant realizing what has happened.
Send two TX at the same time, is that a Doublespend?
I spoke with website owner and developer 'Darguval' about his doublespend.cash test site and was given a better insight into what was deemed as a successful double spend.
"If you push two transactions to the network at the same time, which one is the double? The website just picks the one it saw first, but that was just a random chance.
I wouldn't really call a double spend successful, unless there was significant delay between the first transaction broadcast, and when the double spend attempt was broadcast."
-Darguval
BTC v BCH Double Spends:
Another prominent member of the BCH community - 'Emergent Reasons'
had a really concise way of explaining things.
"You might like to review that in the best case, security of a particular transaction is always statistical. Both in the mempool and on chain.
BTC effectively requires two things for a merchant (you can consider all physical merchants time-sensitive):
Accept 0-conf so that the transaction can be completed quickly
Wait for inclusion in a block because there is very low certainty that any given transaction will be included in the next block or the next or the next.
You can see how those don't work well together. Additionally RBF and the current reality of wallets shows that (edit: a double spend on) 1. is trivially easy to execute with a roughly 5-minute average time window. That's dangerous.
On the other hand with BCH:
Accept 0-conf so that the transaction can be completed quickly.
Done. Doing double spends on BCH requires a non-trivial timing trick OR a huge amount of luck and collusion with a miner (which BTC is also vulnerable to). The timing trick happens in seconds and can be detected very quickly by the merchant if it even succeeds. Not the best look for a thief.
So no, what you are showing is a false equivalence. Double spends on BCH are very risky and technically difficult for a would-be thief while they are easy to execute on BTC due to the bad design decisions of Core to decrease certainty about inclusion in the next block."
To sum up.
Yes Double spends on BCH are possible, in the real world they are very hard to do (we're talking 1 out of 3992 attempts where the tx was not broadcast simultaneously, 0.025% chance) and because on BCH it is possible to mitigate with a Point-of-sale system design where the merchant can detect it, it is substantially more difficult to attempt a Double Spend on BCH than on BTC.
(paragraph edited)
The difference is that on BTC you can effectively, purchase an item in-store, walk out of the store, double spend it and be off with your items. This is the difference.
Compare it to attempting to defraud a merchant while standing in front of them while paying for your coffee, vs. attempting it after walking out of the shop.
It is also worth mentioning there is some development going on by those in the BCH community to improve the security of 0-conf with Double Spend Proofs, ZKSnarks
Good summary. I wish the cash register app puts in a double spend alert. That would be awesome.