This quantifies the least likely attack. Really the things crypto people need to fear is a bug like the one that let someone make an extra billion bitcoin happening again. No one writes perfect software, it's just a matter of time and then all trust will be broken.
I'd guess that the odds of bug discovery is roughly proportional to the number of people looking at the source code times the economic incentive to find a bug.
Both of these are astronomically high in the case of Bitcoin and Ethereum, and it's been some time since any breaking bugs have been found, so the odds of any remaining exploitable bugs must be pretty low.
A new bug could be introduced, obviously, but I think the review period for new changes reduces the odds of that too.
Ethereum switched from PoW to PoS. While it has been very stable, it has a much much higher chance of having a catastrophic bug than Bitcoin, which has remained relatively stable for years now.
That assumes you actually get to keep the bitcoin (no hard fork to reverse, no value collapse due to sudden lack of trust, no gov throwing you in jail for stealing, no angry mobsters putting a hit out on you).
The ideal ecconomic outcome would be something small enough you don't get noticed. Whose to say that isn't already happening? By definition you wouldn't be able to tell.
Even if that where the case - extremely unlikely given that every fragment of bitcoin can be openly traced to it's origin, and double-spending detection is built deeply into the fundamentals of the system - it wouldn't really be any different to how the current fiat money system works.
Very unlikely. There is a massive payday for the first person to find a major bug. Even if that bug does not result in extra crypto in your pocket, doesn't matter. Its trivial to make money on downward crypto price swings as well. Find bug, take short position, release bug, collect payday.
Probably not in scope for Project Zero? Or they find other stuff more interesting.
Security researchers don't work for free. I did some light searching and I couldn't find any sanctioned audits against Bitcoin core. The Bitcoin team should hire someone like trail of bits to do a multiple month audit.
But the "security researchers" wouldn't be working for free. Bitcoin has had an enormous bounty on its head for at least 10 years: "hack me and get paid millions/billions". It would be naïve to think there aren't highly skilled people continuously trying to do that.
It's probably proportional to log(number of people looking at the source code) since the parts of the source code that people tend to look at are not uniformly distributed.
> Really the things crypto people need to fear is a bug like the one that let someone make an extra billion bitcoin happening again. No one writes perfect software, it's just a matter of time and then all trust will be broken.
This is why the idea of "smart contracts" seems so crazy to me. As many flaws as there are in human-based contract systems, the fact that contracts aren't an incontrovertible source of truth isn't one of them. This isn't even the classic mistake of trying to solve a social problem with a technical solution; this is creating an entirely _new_ social problem that doesn't exist with a technical "solution" to one that doesn't fix any issues that do already exist.
Code can be used to do very important things. In those cases you KISS and you check your code, sometimes mes formally and mathematically. Then you put it online and you wait. When you do those things the probability of a major bug existing over time converges to zero.
My point is that human-based contract systems don't suffer from needing to think of every possible edge case up front in order to be legally enforceable; courts make rulings based on stuff like "what would a reasonable person would infer in this case?" all the time, and in some cases, unreasonable contracts aren't even enforceable at all even if they technically are logically sound.
Yes, I understand, but legally enforced contracts can be both a blessing and a curse. Contracts where no nanny state/tyrannical state can intervene on a mutual agreement between two people have their own value.
> human-based contract systems don't suffer from needing to think of every possible edge case up front
This isn't always a good thing. As smart contracts are in a form enforceable by computation, they could be put through a series of automated checks to help ensure all edge cases have been considered.
Not really a thorough paper: For example it's missing the probably most lucrative attack vector: Buying put options on the two assets and then engineering a 51% or 34% attack. It also doesn't thoroughly dispel concerns regarding the continuously diminishing fees earned by BTC miners (which require a doubling of the price every 4 years to keep fiat returns the same) - the simple lack of a correlation between hash rate and fees is not convincing (miners probably mostly look at the price and plan more long term).
This paper was written by coinmetric employees
That willfully do not cite papers relevant for
This analysis.
I cannot trust coinmetric analytics knowing how they
surpress or neglect vital information.
Three papers related to this is
Meni Rosenfeld, Analysis of hashrate-based double spending
Doron Zeilberger and Evangelos Georgiadis, A Combinatorial-Probabilistic Analysis of Bitcoin Attacks
Cyril Grunspan and Ricardo Perez-Marco, Double spend races,
