Closed. This question is This question is off-topic . It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Information Security Stack Exchange. Closed 4 years ago. Improve this question

I am trying to prevent something similar to this from happening:

http://hackingdistributed.com/2014/04/06/another-one-bites-the-dust-flexcoin/

Basically the financial exchange was using non-ACID transactions and multiple requests sent very near in time to each other could result in duplicate withdrawals, or something of this nature.

One preliminary question I have is, what is this vulnerability termed? A timing attack of some sort?

Here is my setup:

I am setting up two tables, one for a payments queue (ie pending payment to be withdrawn), the other for a payments history (ie a receipt after the payment queue item has been withdrawn).

My processing flow consists of finding the payments queue by id, doing a bunch of asynchronous stuff, processing a payment, then creating a payment history object and deleting the payment queue object.

What are some strategies in regards to the process flow I could implement to make sure that if a user attempted to access this flow twice in a row very quickly, there would not be duplicates, or any similar problems?

I have considered that before starting the process I could delete the payments queue object, therefore with ACID transactions that would guarantee that the process could not be duplicated in a timing attack, correct? Is this the best way to do it?