I am trying to prevent something similar to this from happening:
http://hackingdistributed.com/2014/04/06/another-one-bites-the-dust-flexcoin/
Basically the financial exchange was using non-ACID transactions and multiple requests sent very near in time to each other could result in duplicate withdrawals, or something of this nature.
One preliminary question I have is, what is this vulnerability termed? A timing attack of some sort?
Here is my setup:
I am setting up two tables, one for a payments queue (ie pending payment to be withdrawn), the other for a payments history (ie a receipt after the payment queue item has been withdrawn).
My processing flow consists of finding the payments queue by id, doing a bunch of asynchronous stuff, processing a payment, then creating a payment history object and deleting the payment queue object.
What are some strategies in regards to the process flow I could implement to make sure that if a user attempted to access this flow twice in a row very quickly, there would not be duplicates, or any similar problems?
I have considered that before starting the process I could delete the payments queue object, therefore with ACID transactions that would guarantee that the process could not be duplicated in a timing attack, correct? Is this the best way to do it?