New version, same rules...same bugs?
Thanks to the friendly encouragement of @DarthCoin, my node is now running v26 of Bitcoin Core. But in the process of upgrading, I've been doing some thinking. What if this new version I'm running has a bug that nobody has noticed yet and it validates some blocks that no other version of Bitcoin thinks are valid?
Obviously, my node would depart from the rest of you and run down a new fork. Maybe I could make up a fun name for it or something. But the problem is that nobody else would be on my fork of the chain with me. When everyone else sees that block I validated, they would all say: Hey stranger, keep your new-fangled ideas away from here. we don't do it like that 'round these parts.
Everyone except for the other people who downloaded this new version of Core with the bug. They would still be my friends and think I had cool blocks.
Luckily, thus far, I'm still in sync with the rest of you.
How do you know if Bitcoin Core has a bug?
If Bitcoin Core v26 did have a bug in it that allowed it to validate blocks that older versions considered invalid, we'd know because it would suddenly fork off from all the older versions.
Because it was new, we'd probably assume that the problem was with v26 and most of us would revert to some previous version until the devs figured it out. At least, that's what I assume would happen.
But what if the bug was in an older version of Satoshi's client and not present in the newer versions?
What if there is some transaction lurking out there that is valid by all the consensus rules we agree on, but triggers a bug in all versions of Core earlier than v14? And when this magic pill of a transaction gets into a block, all of a sudden we get a fork with old nodes saying what the hell is this shit you're trying to pass on us?, and new nodes saying isn't this what we've always done?
Again, we'd all look to the devs, but in the mean time, there would be this question:
Which chain is the real bitcoin?
All software has bugs and I'm not really interested in them. I am interested in how we know the difference between a bug and a consensus rule.
In a recent Bitcoin Takoever episode, Erik Voskuil makes the following statement around 41:20:
And the question is: who was on the real chain? At the point that that shipped, which implmenetaton was Bitcoin? We were. They weren't because they changed it back.
Voskuil has been a maintainer for an alternate implementation of Bitcoin called libbitcoin. His statement refers to a time in 2018 when Bitcoin Core unintentionally shipped a version (v15.0) that included a double-spend bug.
The bug was never exploited, but Voskuil raises the point that nodes running that unpatched version of Bitcoin Core v15 were following a set of rules that allowed double spends and libbitcoin nodes were not. At that time, which nodes do you think were running the real Bitcoin?
Double spending has never been a part of Bitcoin, so the answer seems clear. We have some concept of Bitcoin that we hold everything up to and ask, is this it? Is this a consensus rule or is this a bug?
Are bugs consensus rules?
In Fall 2022, many LND nodes crashed because a transaction their implementation of bitcoin thought was invalid got included in a block.
This time the discrepancy wasn't about something as obvious as double-spending.
LND nodes were using an implementation of Bitcoin called btcd, and this implementation had a limit to how much witness data could be included in a taproot transaction. Bitcoin Core did not have a limit for taproot transactions. When @brqgoo made a really big multisig transaction, Bitcoin Core nodes accepted it as valid, but btcd nodes did not.
Now, the reason the limit exists in the first place, I think, is to prevent denial-of-service attacks. It isn't really about consensus. Nonetheless, it changed consensus.
Even unto the bugs
In the aftermath of those exciting times, I remember thinking, Well, shoot: consensus isn't just the big rules we all have heard about. You have to make sure that you agree about all the little, quotidian stuff, too. Because consensus means you can't have one Bitcoin node think transactions are valid and another think they are invalid.
@petertodd used the phrase "bug-for-bug compatability" when referring to this problem. And Satoshi identified the problem pretty early:
I don't believe a second, compatible implementation of Bitcoin will ever be a good idea. So much of the design depends on all nodes getting exactly identical results in lockstep that a second implementation would be a menace to the network.
This sounds pretty damning. And if you recall where we started with my worries about upgrading to v26 of Core, things aren't looking too good.
The Bitcoin Consensus Red Herring
You've probably seen this article from 2015 called The Bitcoin Consensus Red Herring. If you haven't, you should definitely give it a read.
The TL/DR is this:
There is currently no way to guarantee that any two versions of Bitcoin software, whether they are two different versions of Bitcoin Core, two different versions of alternative implementations, a version of Bitcoin Core versus a version of an alternative implementation, or even two copies of the same version of Bitcoin Core built with different compiler versions are in exact consensus agreement. Doing so is incredibly difficult and borders on impossible.
I'm sure that people who know better than I can weigh in on the merit of this statement, and again my interest isn't in the fact that bugs happen, but rather when they do, how we decide what is a bug and what is consensus.
A frowsy, ugly step-child looking oracle of truth
Back to that Bitcoin Takeover epsidoe with Erik Voskuil. The host, Vlad, made an interesting comment (around 39:40) about running alternate implementations (or older versions of Core itself):
You have an alternative implementation of the same code base or a rewrite or something that's entirely new but respects the consensus codes for the simple reason that you want it to be an oracle of truth just in case there are changes that go by unnoticed with Core. You are going to have this thing that says you changed your rules.
I thought this was a pretty interesting idea. Because consensus is such a picky little bitch, it wouldn't hurt to put a little more emphasis on alternate implementations and older versions.