pull down to refresh

A soft fork is a 51% attack on Bitcoingithub.com/libbitcoin/libbitcoin-system/wiki/Glossary#soft-fork
12.9k sats \ 66 comments \ @Scoresby 2 Dec bitcoin

A soft fork is a 51% attack on Bitcoin

A 51% attack can happen when a miner gets a majority of hashpower and is able to control the blockchain by refusing to build on valid blocks from other miners. A miner with a majority of hashpower can do this because we expect them to be able to produce a chain with the most work more quickly than the rest of the miners, thus orphaning blocks found by other miners.
A coalition of miners with a majority of the hash power can achieve the same effect. In fact, this is what happens every time we implement a soft fork.

Hard forks vs soft forks

You've probably heard the difference between hard forks and soft forks described like this: hard forks loosen block validation rules while soft forks tighten them. While this is a popular description, it doesn't always help us think about what is actually happening.

Your node can enforce a hard fork, even if the majority of the network disagrees with you

For a hard fork, nodes that run old software and don't update to the new rules will reject blocks that have transactions following the new rules. This is because the new rules are an expansion: some transactions that weren't previously valid now are. There is no way for old nodes to know about these rules unless they run new software. The choice is update or fork.
Under a hard fork, new nodes think old-style blocks are invalid, and old nodes think new-style blocks are invalid. Thus if old nodes continue creating old blocks, we get a chain of old blocks, and a chain of new blocks. Each community thinks theirs is the one true blockchain. -Nate Eldredge
If there is a chain split, it's fairly straightforward: the nodes and miners who like the new rules will end up on one chain and the node and miners who don't like the new rules will end up on another chain.

Your node must follow a soft fork if the majority of hashpower enforces it

In the case of a soft fork, nodes that don't run updated software with the new rules will still see blocks that follow those rules as valid. Old nodes won't reject blocks on the chain following the soft fork rules because the new rules are a subset of the previous rules.
Under a soft fork, new nodes think old-style blocks are invalid, but old nodes think both types of blocks are valid. New miners, which we assume are in the majority, will create a chain of new blocks only. Old miners may try to create old blocks within this chain, but since new miners won't accept those blocks, they'll get orphaned. The old nodes will think the old miners are just unlucky, and they'll continue to accept the longest chain of blocks which they consider valid. -Nate Eldredge
Even if there are miners still producing blocks that follow the old rules, old nodes won't recognize those blocks unless they are also part of the longest chain. So what determines whether a soft fork is implemented is if the majority of hash power enforces it.

An op_return soft fork example

Imagine there is a soft fork that imposed this new rule: transactions can no longer include op_returns. If you don't run these new rules on your node, you can still stay on the chain that is following the new rules, it may just look like no one is making those kind of transactions anymore.
But what would happen if you created a transaction with an op_return in it?
None of the new nodes would relay the transaction because they don't think it's valid. But, perhaps there are still enough old nodes out there for your transaction to make it to a miner (it doesn't take many).
If the miner is running the new rules of the soft fork, they won't mine your transaction because they don't think transactions can have op_returns in them. But if you reach a miner who hasn't updated their software to the new rules of the soft fork, they very well may include your transaction in a block.
Now we have a problem: all the nodes that are running the new rules of the soft fork won't accept this block as valid.
As far as you are concerned, this isn't much of a problem: all nodes can do is reject blocks that don't follow their rules. No skin off your nose.
But it may be a problem for the miner who mined your transaction. Miners who are running the new rules of the soft fork will throw out the block with your transaction in it because they don't think it's valid. They will keep building on the previous block and if there are enough of them, they'll build new blocks faster than the old miner and the block with your transaction will be orphaned. It all comes down to how many miners are using the new soft fork rules.
And now it may become a problem for you: if a majority of the hash rate refuse to build on the block containing your op_return transaction, it won't become part of the chain with the most work. Even worse: your node won't think there's anything wrong with this.

We need a 51% attack to enforce the soft fork rules

For a soft fork to be successful, a majority of the hash power must be enforcing the soft fork. In such a case, the miners who enforce the rules of the soft fork can refuse to build on top of a block that is mined by a miner who isn't following the soft fork.
This is exactly what a 51% attack looks like: a majority of hash power refusing to build on valid blocks.
I've been reading Cryptoeconomics again, and this is an attempt to work through the definition of "Soft Fork" in the Glossary, which I am copying below.
A Fork that implies a Split unless Enforced by Majority Hash Power. Contraction of the set of potentially-Valid Blocks.
write
preview
related posts
11 replies \ @Taj 21h
@Scoresby

I refer you to swap market's brilliant explanation a few days ago...

In a nutshell: A successful 51% attack will let the miners reverse payments and steal coins, but kill the trust in the network and crush bitcoin price. So the attackers gain nothing but a pile of worthless coins and useless hardware they cannot sell. And if they short shit ton of bitcoin before the attack they must be absolutely sure it works. This cannot be done stealthily, so others will see and have double motivation to thwart the attack, squeezing the shorts while saving the network and the value of their ASICs.
#1292917
reply
142 sats \ 9 replies \ @Scoresby OP 21h
I refer you to my reply from a few days ago...
I have often felt that the real risk of a 51% attack is control of the network. For instance, a miner with greater than 51% of the hash rate can attempt to reorg out blocks that include transactions it doesn't like.
We might say that this would wreck the value of the coin, but imagine it was to reorg out transactions that were from widely disfavored groups: a ransomware gang or a militant islamic group that had released a bioweapon. Less dramatically, do we believe the ETFs and exchanges and treasury companies will give a care if a single miner gains 51% of the hashrate and reorgs out blocks that include OFAC sanctioned transactions?
#1292937
51% attack doesn't have to mean stealing coins. It can also mean censoring transactions. While I agree that stealing coins would destroy trust in the network, a 51% attack that censors doesn't necessarily kill trust. That is somewhat my point with this post: we are all already fine with majority of hash power colluding to enforce segwit and taproot rules, so what makes you think that Bitcoiners will remain true and honorable and not be okay with miners colluding to work for the state? Would you even know it was happening?
reply
1336 sats \ 7 replies \ @Taj 20h
I normally post in Bitcoin beginners so I'm not trying to get above my station but...
I'll try and answer this llike swapmarket...
A serious attack on the network needs to dominate hashrate for months on end right?
They'll have to burn through billions of dollars in equipment and energy, while every man and their dog watches the mempool not confirming transactions as they did before
The price will crash, mining subsidy is dead in the water and as said before the equipment is useless and they're left holding it
An economic suicide mission
Bitcoin is the biggest goldfish bowl in the world, what other protocol or asset has this amount of visibility or scrutiny
Would we know if something was happening? I think so, yes
reply
123 sats \ 2 replies \ @ek 20h
The price will crash
I think this assumes big holders care enough, and big holders are ETFs, corporations, whales, and soon maybe even nation states themselves, and I don't think they would care enough if a 51% attack didn't even affect them.
For example, I have to admit that even in a 51% attack, I probably wouldn't sell my bitcoins. It's still better than fiat. At least someone would have to maintain 51% to censor transactions. Also, it would mean I would have to travel far to get them out of cold storage.
Will you go back to fiat just because a few morally questionable people were censored?
reply
50 sats \ 0 replies \ @Taj 20h
Yes, I see now 👀 what you mean, alongside power law and laffer curve, what's the rule, law or phenomenon in which the very entities Bitcoin was designed to make redundant, end up stealing the plebs lunch money
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
21 sats \ 2 replies \ @Scoresby OP 20h
First off, there's no stations. If you have something to say about the topic you should definitely post it. Honestly, I really appreciated your comment because it reminded me of that conversation with SwapMarket (which I couldn't find). Please do post when you feel like it!
I agree that there is a lot of scrutiny on Bitcoin. But I wanted to try to think about how we create little buckets for ideas like 51% attack or censorship, but in reality things are often very fluid -- in this instance, I'm trying to make the case that 51% attack and soft fork aren't so different from each other as far as what actually happens on the chain. It's just one is done cooperatively and another perhaps isn't.
reply
71 sats \ 0 replies \ @SwapMarket 17h
One more observation: bitcoin blockchain is too transparent and flows are already censored at the KYC exit rails (with questionable accuracy). All the shady transfers can and do happen on Liquid and Lightning networks. Controlling the miners will yield the state very little.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
171 sats \ 26 replies \ @047b99aa4d 2 Dec
So expand on that. What happens to the nodes running the new software IF less than 51% of the hashrate isn't mining blocks using the new software? Mechanic has described some kind of mechanism where the chain split can eventually catch up to the other and then a wipeout occurs. Any thoughts on that scenario or how/if it could happen?
reply
271 sats \ 17 replies \ @Filiprogrammer 2 Dec
Let's imagine a fork happens and 40% of hash is on the new rules and 60% of hash remains on the old rules. The chain with the old rules outgrows the one with new rules. (for now) Let's say at a later point in time more miners switch from the old rules to the new rules. Now 60% of hash is on the new rules, while 40% is on the old rules. In this case the new chain will eventually outgrow the old one. Now the new chain is also the valid one according to the old rules, since it is longer. Thus the blocks on the old chain are replaced by the ones on the new fork.
reply
102 sats \ 11 replies \ @047b99aa4d 2 Dec
So this is the wipeout scenario. If only Ocean is mining blocks on the new software split I don't know how they think their chain would ever be able to catch up... Also, how do block subsidies work in the "split then catch-up" scenario? If there is a reorg after 100 blocks pass does it invalidate the 3.125 Bitcoin awarded?
reply
31 sats \ 7 replies \ @Scoresby OP 2 Dec
Anything in the blocks that get reorg'd out is gone, so that includes block subsidies.
reply
223 sats \ 5 replies \ @adlai 23h
Anything in the blocks that get reorg'd out is gone, so that includes block subsidies.
I think your "anything" is overly general; transactions that are valid on either chain will probably get "sniped" across. The miners restoring these on the new chain would get paid fees from the transactions, and the people who had originally broadcast them would probably even be relieved that their transactions had returned to confirmed status.
reply
0 sats \ 3 replies \ @Scoresby OP 23h
Good point! I hadn't considered replay protections and cross-split sniping. That makes it a good deal more complicated than I considered.
reply
302 sats \ 1 reply \ @Murch 20h
It’s a frequent question we get on Bitcoin Stack Exchange: if a block gets reorged, what happens to the transactions in that block? Do they all get unconfirmed and returned to the mempool?
And the important thing to realize there is, that from the perspective of each chaintip the other block might as well not exist. The best chain has only one block at each height, so competing blocks do not at all influence each other in regard to what is included.
Most of the time two competing blocks at the same height will include almost exactly the same transactions with some minor differences in what txs they had seen when they created their template, or some locally prioritized transactions. Obviously, the coinbase transactions will differ, and very occasionally, one block could include a replacement of a transaction while the other block included the corresponding original. But because miners try to maximize the revenue from the available mempool, they pick all the same transactions, and for the most part, either both blocks or neither confirm a transaction, so it makes no difference for the users which block wins out in the end.
Addendum: Obvious exceptions are of course when someone is deliberately reorganizing the chain to revert a previously confirmed transaction, or when a reorg is so deep that coinbase transactions matured on both chaintips and said coinbase outputs don’t exist on the competing chains, so a reorg could remove whole chains of transactions from the history.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
102 sats \ 1 reply \ @Murch 2 Dec
Yes, if there were a reorg of more than 100 blocks, some of the coinbase outputs that had matured already would not be present in the new best chain.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
312 sats \ 1 reply \ @Murch 2 Dec
That’s a correct description of what would happen if the hashrate moved that way, but an unlikely scenario.
It’s the best practice to only start enforcing soft fork rules if they are expected to be enforced by a majority of the hashrate, exactly because a minority-enforced soft fork leads to a chain split. It would be against the interest of the miners on the heavier chain to switch to the minority-enforced soft fork chain, as they would be sacrificing their block rewards. Similarly, starting to enforce a soft fork with a minority of the hashrate most likely means that the block rewards will never become part of the best chain and therefore likely to incur the whole cost of mining with no reward.
In effect, anyone proposing to activate a soft fork with a minority chain is essentially advocating to create a forkcoin.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
10 sats \ 1 reply \ @Scoresby OP 2 Dec
the new chain will eventually outgrow the old one
This makes sense. Thanks for explaining it. The important point seems to be that a fork needs sustained period of majority hash power enforce its rules.
Thus the blocks on the old chain are replaced by the ones on the new fork.
This comes with a reorg of some length because the old chain that miners were working on gets orphaned.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
202 sats \ 2 replies \ @Murch 2 Dec
Was the double negative on purpose there, or did you mean “if less than 51% are enforcing the new rules”?
There are just two cases:
  • If a majority of the hashrate enforces the soft fork, the non-enforcing minority may occasionally find a block considered invalid by the majority, but the soft fork enforcing majority will ignore such a block and eventually build a heavier competing chaintip at which point the minority will reorganize to the majority chain.
  • If only a minority of the hashrate enforces the soft fork, it will create a permanent fork as the minority will not accept the non-enforcing majority chaintip and the majority chaintip will accumulate more work faster. The majority chaintip will simply pull away and the enforcing miners will be stuck on a less-work chaintip.
reply
21 sats \ 0 replies \ @DarrelXero 21h
Yeah, that was a mistake with the double negative. Your response clarifies what I was after though. Appreciate it!
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 3 replies \ @Scoresby OP 2 Dec
To be honest, I find this stuff difficult to reason about, so here's my best guess:
If a soft fork doesn't have majority hash power enforcing it
and if a block gets mined containing a transaction that is invalid according to new rules
miners running new rules won't build on that block
If majority of hash power will build on that block
chain will split
and miners and nodes enforcing new rules will fork off from rest of chain
I don't see how the soft fork side of the split is ever reconnected with old rules side.
reply
202 sats \ 1 reply \ @Murch 2 Dec
That’s right, the only way the network would converge back on a single chaintip without intervention would be if the soft forking chaintip outpaced the non-enforcing chaintip and the non-enforcing nodes reorged to the soft fork chaintip.
This is highly unlikely when only a minority of the hashrate enforces the soft fork.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
123 sats \ 5 replies \ @optimism 2 Dec
If done straightforward, it's more like a 95% "attack".
reply
100 sats \ 3 replies \ @Scoresby OP 2 Dec
oh man, I wish I'd said that.
reply
102 sats \ 1 reply \ @optimism 2 Dec
No worries - haven't seen an activation proposal that was straightforward lately. Don't listen to a renaissance man if you're living in modernity; in this case, the modernity of lot=true and bringing out the uasf stick before even proposing a masf.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
265 sats \ 7 replies \ @Filiprogrammer 2 Dec
A 51% attack would be a single entity reorging the chain because they have the majority of the hash rate.
A soft fork does NOT require a 51% attack. We had soft forks in the past. It just requires consensus among at least >50% of the hash rate.
reply
100 sats \ 5 replies \ @Scoresby OP 2 Dec
What is the difference between "consensus among at least >50% of the hash rate" and a single entity with a majority of the hash rate?
reply
202 sats \ 3 replies \ @Filiprogrammer 2 Dec
One turns Bitcoin from decentralized into centralized. The other is just the usual decentralized consensus forming.
reply
0 sats \ 1 reply \ @Scoresby OP 2 Dec
I suspect that it is difficult to make a distinction between "centralized" and "decentralized consensus forming."
Decentralization doesn't necessarily mean good decisions, just like democracy doesn't necessarily mean good decisions. Decentralization just helps us share risk.
It's not hard to imagine a decentralized consensus forming around something that you and I consider antithetical to Bitcoin (for instance, the jpeg people are somewhat decentralized).
My point here is not whether a soft fork is good or bad and I agree that we've had many soft forks in the past, but I want to point out that the mechanism is surprisingly similar to that of an attack.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
102 sats \ 1 reply \ @SHA256man 22h
it's time for some Andreas beats:
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 7 replies \ @BITC0IN 2 Dec
No.
reply
0 sats \ 5 replies \ @Scoresby OP 2 Dec
What do you see as the difference?
reply
102 sats \ 3 replies \ @BITC0IN 23h
specifics and context. Taking a 51% attack out of context and warping it into soft fork dynamics is click bait.
reply
100 sats \ 1 reply \ @Scoresby OP 22h
I worried about that when I wrote the title. I thought about doing it this way:
A soft fork is a 51% attack (that we like)
But I took off the parenthetical because I wanted to emphasize the point that a soft fork only works if miners work together to reorg out miners who don't do it.
I also don't like the feeling I get that we have all agreed that soft forks are somehow okay and not risky. Hard forks sound scary and Bitcoiners generally view the idea of a hard fork with skepticism. Soft forks on the other hand, we talk about like it's no big deal. This is not the case.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 1 reply \ @Fenix 16h
A definition of hard forks and soft forks that I had heard and that was useful for me as a layman is that a soft fork doesn't change the rules to the point where old nodes stop understanding the change as Bitcoin. They alter the code in a way that the old ones will still understand it as Bitcoin, even if it seems strange to those nodes. A hard fork, on the other hand, changes things so much that it becomes something else, to the point where nodes diverge and follow completely different paths. That's what you described; I just wanted to show how I heard and learned it because along with that comes the explanation of why Bitcoin is the best currency—because besides not having a creator controlling the code, it doesn't undergo drastic changes based on majority appeal. I think in this case they used the term "soft fork is a 51% attack" as a reference and to grab attention; I don't understand it to be the same thing.
reply
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
0 sats \ 0 replies \ @Tunegee4kt 4h outlawed
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.