Questions

  1. How have show-stopping bugs or disruptions to the network been handled in the past?

    Initially checkpoints were introduced as a safeguard against malicious peers broadcasting low difficulty chains which were disrupting the network.

    Following this, a show-stopping bug (specifically an overflow bug) was found and exploited which allowed (miners?) to create two high-value UTXOs, effectively increasing the total supply of bitcoins and granting the new supply to themselves. In this instance, Satoshi had to personally advise miners to re-org the chain containing the blocks with the malicious transactions.

    Satoshi then introduced an alert system which allowed the key-holders to issue alerts to the network and, in the case of critical bugs, knock alert-receiving nodes into a "safe mode" whereby all coin-related activities were halted.

    The "alert system" was removed in Bitcoin Core Version 13.0 because of the possibility of privileged users sending political alert messages, and because of the possibility of the alert key having been taken from Mark Karpelès by the Japanese police in 2014. The alert key was subsequently published to the public in July 2018.

    Since Satoshi departed the project and the alert system was retired, Bitcoin has relied on security disclosures via bitcoin-security mailing list, where potential vulnerabilities and explioits are handled by a smaller subset of (trusted) developers. For example, CVE-2017–18350 was disclosed by PracticalSwift to the bitcoin security team. A fix was then hidden in commit Improve and document SOCKS code and some time allowed for nodes to upgrade organically, before the vulnerability was disclosed to the general bitcoin-dev mailing list. A list of Bitcoin (and other related software) CVEs can be found on the Bitcoin Wiki here.

    In this way, bitcoin is now effectively relying on the goodwill of security researchers for responsbile disclosure alongside the measured stability of the network having been in existence for over 10 years with 99.985%+ uptime since inception. Bitcoin is estimated in May 2020 to reach 99.99% uptime around Friday November 14, 2025.

    In addition to security disclosures, bitcoin can also suffer from disruptions in the form of chainsplits. Bitmex’s great article Bitcoins’s consensus forks details all the known forks to-date, in addition to the lengths of any chainsplits that resulted from them. It would seem more likely today that critical bugs remain in Bitcoin’s source code (although naturally new bugs can be introduced!) and that therefore chainsplits might represent the greater risk of "disruption" to the network.