7
2
At MtGox (and presumably some other sites), you can withdraw money in the form of a redeemable code. These codes are also accepted for deposit at some Bitcoin exchanges.
How does this work? Specifically, is there protection against double-spending? Can I know that the code I got is still valid, and has not been given to others as well?
6
The code is effectively just a long random string. When you create a redeemable code, a random string is selected, entered into the database at the exchange and associated with a currency and an amount. That string is your redeemable code. The string is long enough to make it very unlikely that anyone would be able to guess it in a reasonable length of time.
The first person to attempt to redeem the code gets the amount credited to their account on the exchange, which causes the database entry on the exchange for that code to be marked as having been redeemed.
The way to tell whether a code is valid is to try redeeming it. If it works, you're the first to try it. If not, you're either not the first to try using it, or it was never a valid code to start with.
The exchange should prevent "double-spending" by making sure that the "look up whether code is spent; credit account; make code as spent" sequence is an atomic operation. We don't want two users both running through that same sequence at the same time, where both pass the "look up whether code is spent" check, then both accounts get credited, etc.
So, if you accept a code as payment for anything, you should immediately redeem it before handing over the goods, right? (And if you pay with these codes, you have to accept that this is how it works. Or can you go back to MtGox to complain in case the seller did not deliver?) – Thilo – 2012-03-13T05:06:09.773
I've seen cases where people use a trusted 3rd party for this, as follows: I send the goods to the 3rd party, you send me a Gox code, I try redeeming it and if it's good I tell the 3rd party to send the goods to you. You can think of redeemable codes as similar to Bitcoins themselves; whoever spends them first gets to spend them, and you're unlikely to be able to force anyone to reverse the transaction. I don't know how MtGox would be able to deal with complaints that the seller didn't deliver. They wouldn't know who to believe. – Chris Moore – 2012-03-13T05:12:11.663
@Thilo: Mtgox aren't currently offering an escrow service. – Meni Rosenfeld – 2012-03-13T10:48:34.680
2
They are bearer instruments. Whomever redeems the code first gets the funds associated with the code.
They are meant to allow USDs or bitcoins to be traded from one account to another. Third party intermediaries, such as BitInstant or other exchanges themselves may accept them.
There are risks to these. http://www.bitcoinmoney.com/post/18506669111
Mt. Gox has announced that it will stop issuing MTG USD and MTG CAD redeemable codes beginning April 10, 2013: http://www.bitcoinmoney.com/post/44860726799
– Stephen Gornick – 2013-03-11T09:32:15.0571I'm not sure why you're specifically concerned about how you know the code is "still valid". Aren't you equally worried that it was never valid? – David Schwartz – 2012-03-13T04:42:11.067
@David Schwartz: That would be a subset of my worries, yes. But I would not care particularly about the distinction if it was already spent, or not valid at all. – Thilo – 2012-03-13T05:05:01.223