[bitcoin-dev] Hardfork bit BIP
luke at dashjr.org
Thu Feb 4 18:29:11 UTC 2016
On Thursday, February 04, 2016 5:14:49 PM jl2012 via bitcoin-dev wrote:
> This document specifies a proposed change to the semantics of the sign
> bit of the "version" field in Bitcoin block headers, as a mechanism to
> indicate a hardfork is deployed.
Disagree with treating the "version" field as a number, in BIP 9 or this BIP
which reinterpret it as a bit vector.
> Among the 640 bits in the block header, this is the only one which is
> fixed and serves no purpose, ...
Minor nit (not relevant to actual proposal): This is not true. There are over
32 other bits (part of the "previous-block" field) which also serve no
> FLAG BLOCK Any planned hardfork must have one and only one flag block
> which is the "point of no return". To ensure monotonicity, flag block
> should be determined by block height, or as the first block with
> GetMedianTimePast() greater than a threshold. Other mechanisms could be
> difficult for SPV nodes to follow. The height/time threshold could be a
> predetermined value or relative to other events (e.g. 10000 blocks / 100
> days after 95% of miner support). The exact mechanism is out of the
> scope of this BIP. No matter what mechanism is used, the threshold is
> consensus critical. It must be publicly verifiable with only blockchain
> data, and preferably SPV-friendly (i.e. verifiable with block headers
> only, without downloading any transaction).
With the current codebase, it is significantly easier to trigger on the block
timestamp rather than its height or median-time-past. Using either of the
latter would require refactoring of CBlockIndex. As a hard-fork, even if the
rules are ineffective for a few blocks following the forking point, using the
hardfork version bit in this BIP would still ensure a clean break. While I
agree that median-time-past and height are superior methods that ought to be
used for hardforks, an emergency hardfork may need to avoid them for
simplicity, and I don't think they need to be mandated as such in this BIP.
> Although a hardfork is officially deployed when flag block is generated, ...
I would avoid implying the hardfork can be "officially deployed" without
> AUTOMATIC WARNING SYSTEM When a flag block for an unknown hardfork is
> found on the network, full nodes and SPV nodes should alert their users
> and/or stop accepting/sending transactions. It should be noted that the
> warning system could become a denial-of-service vector if the attacker
> is willing to give up the block reward. Therefore, the warning may be
> issued only if a few blocks are built on top of the flag block in a
> reasonable time frame. This will in turn increase the risk in case of a
> real planned hardfork so it is up to the wallet programmers to decide
> the optimal strategy. Human warning system (e.g. the emergency alert
> system in Bitcoin Core) could fill the gap.
This seems vulnerable to DoS attacks by rejected hardforks.
> VERSION BITS This proposal is also compatible with the BIP9. The version
> bits mechanism could be employed to measure miner support towards a
> hardfork proposal, and to determine the height or time threshold of the
> flag block. Also, miners of the flag block may still cast votes for
> other concurrent softfork or hardfork proposals as normal.
Rather not imply BIP 9 should be used for hardforks, or that miners have any
voice in the decision. This is already a serious misconception.
> POINT OF NO RETURN After the flag block is generated, a miner may
> support either the original rules or the new rules, but not both. It is
> not possible for miners in one fork to attack or overtake the other fork
> without giving up the mining reward of their preferred fork.
This is not actually desirable, and would suggest a possible reason *not* to
comply with this BIP. A legitimate hardfork would never have two continued
sets of rules for miners to choose from.
More information about the bitcoin-dev