Author: Luke Dashjr 2021-10-03 21:33:43
Published on: 2021-10-03T21:33:43+00:00
A discussion thread on the bitcoin-dev mailing list has raised concerns about potential attempts to introduce vulnerabilities into Bitcoin Core codebase. Some proposals suggest a "Red Team exercise" to test the system's resilience to such attacks. However, some contributors argue that these schemes could be harmful and waste time that could be better spent on actual development. One contributor suggests improving the review process instead to make it more resilient to such attacks. Another proposal involves initiating such an exercise from one person or group, who then randomly selects a team of people to back up their claim to be doing it in good faith. The Red Team exercise would require public precommitments collected at ceremonial intervals, with community approval granted for the opportunistically inserted security flaw. The random oracle could be block hashes, and the difficulty parameter controlled by group consensus at the ceremonial intervals. The suggestion is that any such scheme needs to be opt-out rather than opt-in, with a simple way for developers to ignore and opt-out of the study if they have limited time or other reasons.
Updated on: 2023-06-15T02:27:22.613328+00:00