This article is a response to a growing meme in the Bitcoin community that ‘zero confirmation transactions were never safe’ and therefore the core developers should change the code to make zero confirmation transactions totally unusable. Not only is this meme false, but the proposed code changes substantially reduce the utility of Bitcoin in the short run, and possibly the long run as well.
What are zero confirmation transactions?
Here’s a little refresher for those unfamiliar with how Bitcoin works. When someone sends you bitcoins, the transaction is broadcast to all the nodes in the Bitcoin network. The mining pools collect these new transactions and temporarily hold them in memory. At this point we say that transactions are “unconfirmed” or “pending” inclusion in Bitcoin’s ledger ― the blockchain. Approximately once every 10 minutes a mining pool collects these transactions from memory, organizes them into a block, and adds that block of transactions to the blockchain. This process repeats every 10 minutes on average.
We sometimes hear people say that Bitcoin transactions are irreversible. That’s not technically true, or at least not true of transactions that have been made recently. In the first number of minutes after a transaction is made, it can theoretically be reversed (or ‘double spent’) by the sender, assuming he has some technical ability. This means someone could pay you for some merchandise, then steal back the coins afterwards. The more time that passes, however, the more difficult it becomes to reverse a transaction. Typically we say that “unconfirmed” transactions are the easiest to reverse, while the deeper a transaction is in the blockchain, the more difficult it is to reverse. After a transaction is buried six or so blocks deep in the blockchain (about an hour), the probability of a successful double spend drops close to zero.
But why all the fuss about about unconfirmed transactions? While most Bitcoin users can afford to wait an hour for their payments to confirm, there are some business models which cannot. Retail is the most obvious example. Customers need to be able to pay the cashier and leave the store instantly. They can’t be required to wait around for 10 minutes or longer for their transaction to confirm. If retailers are unable to mitigate the risk of fraud when accepting unconfirmed transactions, then they simply wont accept Bitcoin.