Author: Natanael 2017-04-15 13:23:35
Published on: 2017-04-15T13:23:35+00:00
In an email to the bitcoin-dev mailing list, Chris Acheson raises concerns about User-Activated Soft Forks (UASF) and their safety. He argues that orphaning non-signalling blocks on the flag date is safer than just considering the fork active on the flag date. Enforcement by orphaning non-compliance makes it harder to reverse a buggy softfork, since you necessarily increase the effort needed to return enough mining power to the safe chain since you now have mostly unmonitored mining hardware fighting you actively, whose operators you might not be able to contact. Besides that, he also believes that UASF itself as a method to activate softforks is not reliable and that using a flag day or similar is more effective. Furthermore, Acheson notes that there's also the risk of the activation itself triggering consensus bugs if there are multiple implementations of it in the network (or one buggy one). This can both happen on the miner side, client side or both (miner side only would lead to a ton of orphaned blocks, client side means netsplit). Additionally, he points out that we have no way right now for a node to tell another "the transaction you just relayed to me is invalid according to an active softfork" (or "will become invalid"). This matters for several reasons, including the widespread usage of zero-confirmation payments in the network. Acheson emphasizes the importance of all nodes and services publishing all consensus critical policies that they enforce to make it easier to alert somebody that they need to prepare for whatever proposal that might conflict with their active policies.
Updated on: 2023-06-12T00:09:07.884888+00:00