Toms Blog

Where I talk about Bitcoin Cash and more

Deep reorgs protection

2018-11-23 Bitcoin Cash

Before I started working with Bitcoin I had worked in a Fintech company that built tools for traders. When I first got there the IT team was very proud of the stability of the platform. I asked how they did maintenance and the answer was: after market close. Which is when I learned that most of the financial tech had to keep their systems up only about 10 hours every day.

I compared this to websites and many other services on the internet that have to be up as close as 24 hours a day as possible and I thought I had to learn more about how the financial industry is so different.

The thing I learned in the end is that in Fintech there is a much lower trust in the technology. This is purely out of necessity, because if you trust your tech too much and it makes just one mistake that could mean your company goes out of business.

On the web you have websites and generally speaking the most costly bug is if you can’t create any new orders on your shopping site. But if we look at the financial tech, not being able to make new orders is the lowest risk mistake you can see. Any other software mistake will be surely a lot more expensive.

In other words; in the Fintech industry the risks are so much higher that blindly trusting your software to run your business, even while everyone is asleep is a risk that only a small number of companies take. And those will be writing and maintaining their own software.

What is a deep-reorg

Back to Bitcoin. A lot of dust was raised by people about reorgs in the Bitcoin Cash Blockchain. But what is this, really?

A reorg of 10 deep is in effect the complete erasure of all financial activity over the last 1½ hours. All companies that depend on those transactions will suddenly see those transactions reversed, like they never happened.
The money is back in the hands of the customer again, while they likely already got their product.

Many companies will be able to approach those customers again. If you paid for your VPN or your shipment or any other invoice you will just have to pay again. Exchanges for instance will simply be able to charge people the money again in order to not be financially indebted. Most exchanges have KYC info and know exactly who they are dealing with. So this is not a deep issue for them.

I’m even ignoring the supermarkets where one and a half hour of anonymous customer payments getting rolled back is going to be a very substantial risk.

What is the bigger issue is that a company needs to manually side-step all their software bookkeeping and manually edit them to account for the change. Sending out invoices with an explanation letter, not to mention the amount of helpdesk queries this will generate. This is where the real big problems will arise.

Risk management

In Bitcoin the idea of “chain-reorgs” is not new, many years ago the Core developers considered this and made sure that the software would do this automatically. They made sure that if new data came in from the Internet saying someone else has the longer chain, they would automatically roll back all transactions that are on the now shorter chain.

If you understood what I was trying to say with the first two parts in this article, you would quickly realise that a software deciding to just roll back the last hours of active trading is not the best thing there is.

A software deciding to roll back hours of trading is essentially missing all the processes outside of its own plastic box. The entire business would have to be involved in this decision. Front desk to accounting and maybe even HR if the salaries were just paid!

Software deciding to just wipe out your financial activity is the worst risk you can take as a business. This is the last possible thing you want.

Chain reorgs as an attack

A certain unnamed company has been spreading a lot of Fear Uncertainty and Doubt about the stability of Bitcoin.

They have threatened they will re-org the Bitcoin Cash chain whenever they have the chance. Which will cause a lot of extra risk to businesses using it.

There are two things we should conclude here:

  1. using reorgs as an attack means that if we somehow reject the work done by the attacker, we have no risks and no losses.
  2. software making the decision, and writing just a note in a log-file, will potentially leave us with the worst possible outcome.

The argument I’m working towards in this article is that as the Bitcoin Cash ecosystem matures, we should not make the mistake of thinking we need to make the software have AI capabilities and run our financial system for us.

Instead we should recognise the way that businesses actually work and want to work and involve them in decisions that could mean bankruptcy if the software makes it wrong, or even if the software makes it without the personal noticing.

Conclusion

The majority of the Bitcoin Cash software, including Flowee made deep reorgs something we detect, we log and mention to the operator. We no longer make the software act on it, we no longer just erase hours of financial activity.

The reality is that if an attacker wants to attack Bitcoin Cash, the human operator will always be able to determine correctly to reject it.

The attacker that was thinking they could try attacks against a piece of not-too-smart software is now facing real human beings, with financial interests, to decide if their attacks are valid or can be rejected.

Bitcoin is growing up, the stakes are getting higher and the value of the companies that depend on it are rising as well. We should not ignore how the industry works and just think one simple piece of software can replace all that. Human operators are useful.

And in the end, if we make the attacks fail 99% of the time, with very considerable cost to the attacker (and near nothing to us), then the attacker will stop trying this attack.

This way we keep the entire ecosystem safe, without any action needed.