Stealing people's coins is a red line

I find myself in a surprising position: I agree with @nvk. Here's what he posted on X:

UTXOs are sacred. We don't fork to steal them. We don't fork to expire them. We don't fork cancel them.

This is the slippery slope.

This is the hill worth dying on.

I strongly agree with this statement. It's something that I've argued as evidence that things like BIP 110 and The Cat are not serious proposal.

Surely @supertestnet is not going to come along and tell me that there is a soft fork that I am actively enforcing with my node which confiscated utxos...

Did BIP 16 makes some coins unspendable?

Super recently posted about this Stack Exchange question on X:

The BIP turned a particular "hashlock" locking script pattern (OP_HASH160 OP_DATA_20 20-byte-value OP_EQUAL) into a "magical" bytecode pattern which, after authenticating an input's top stack element against the hash then also executes it using Script VM.

The BIP references 1 historical transaction that spent from an output that matched the pattern:

These new rules should only be applied when validating transactions in blocks with timestamps >= 1333238400 (Apr 1 2012) [1]. There are transactions earlier than 1333238400 in the block chain that fail these new validation rules. [2]. Older transactions must be validated under the old rules. (see the Backwards Compatibility section for details).

which made me wonder - are there other, unspent, historical hashlock outputs which may have been made unspendable (if they weren't already) by introduction of the P2SH feature?

The answer to this question is provided by the same person who asked it:

Even before BIP-0016 activation, there were some outputs that matched the P2SH pattern. Only one of them was spent before activation, and the rest have likely been made unspendable by the BIP-0016 upgrade since spending them would have to satisfy consensus rules not enforced when they were created. Total amount locked in those outputs was 0.044 BTC.

And they also provide a handy table of the utxos they believe were made unspendable by BIP 16.

Table 1: Outputs matching the locking script pattern OP_HASH160 OP_DATA_20 value_20 OP_EQUAL, extracted from blocks 0 to 173805.

Block Height	TXID	Output Index	Satoshi Amounts	Locking Script	Status
170052	9C08A4D78931342B37FD5F72900FB9983087E6F46C4A097D8A1F52C74E28EAF6	1	400000	a91419a7d869032368fd1f1e26e5e73a4ad0e474960e87	Spent
170054	B0539A45DE13B3E0403909B8BD1A555B8CBE45FD4E3F3FDA76F3A5F52835C29D	1	400000	a914e8c300c87986efa84c37c0519929019ef86eb5b487	Unspent
170434	D0636198EA55FADEE5B4CCC07C85012DB7D07C2D25790B3AEC770C86617801C0	1	1000000	a91484b8ee2ee2970e4a5c3a18e73a9e251ad5c1df1c87	Unspent
170442	9AB59E2D4BE16C470160EB9B9A9D9799EAF29AF0461AEA131E748659D806FA1A	0	1000000	a91484b8ee2ee2970e4a5c3a18e73a9e251ad5c1df1c87	Unspent
170442	658FC92061F1C4125D5CD1034EB8A1F09BFEBD32A988D855EB7EE63689759A21	0	1000000	a91484b8ee2ee2970e4a5c3a18e73a9e251ad5c1df1c87	Unspent
170556	510B5A44935109E249A704C2900AA9D8303166062E81D2AC852C965B6266DCEE	0	1000000	a91484b8ee2ee2970e4a5c3a18e73a9e251ad5c1df1c87	Unspent

Super also found another Stack Exchange question about when the first BIP 16 spend occurred and which was answered by the same user:

Before P2SH activation, they could be spent as just hashlock contracts. After P2SH activation, they could only be spent if the hash preimage also happened to be a redeem script that would pass execution.

The TXO created in block 170052 was actually spent in block 170060 as hashlock, not P2SH, because P2SH rules weren't active at the time.

If all of this feels too confusing, just think about it

So was it a mistake or was it intentional?

Ever-helpful, Super comes to the conclusion that freezing these five utxos (one utxo was specifically exempted) was indeed intentional.

Super found a note in Bitcoin Core that says:

    // BIP16 didn't become active until Apr 1 2012 (on mainnet, and
    // retroactively applied to testnet)
    // However, only one historical block violated the P2SH rules (on both
    // mainnet and testnet).
    // Similarly, only one historical block violated the TAPROOT rules on
    // mainnet.
    // For simplicity, always leave P2SH+WITNESS+TAPROOT on except for the two
    // violating blocks.

Intention doesn't even matter: if you run anything greater than Core v 0.6.0, you are actively preventing five utxos from being spent

Super argues that it is inconsistent to be against confiscation in one case but to be totally fine for it in another case.

For those wondering how this relates to the spam debate, some people on the Core side like to say they oppose any attempts to disable the utxos of spammers because confiscation is unconscionable. But their node is actively keeping old utxos unspendable too

He also says:

If the best counter you've got is "it happened 13 years ago and there's a chance it was by accident" then I'll remind you that the confiscatory rule is still in your node right now. You can eliminate it if confiscation violates your principles. You can't claim ignorance.

The nuances

Vojtěch Strnad (who also edited the original Stack Exchange question) replied to Super with some nuance about these five utxos:

There is a major difference, the outputs made unspendable by P2SH were anyone-can-spend before (i.e. weren't secured by a signature) and so had no ownership guarantees to begin with. Also we're talking about 0.044 BTC at 2012 prices, less than a single dollar.

I suspect it does not much matter whether the intent of the original PR was to confiscate those five utxos or not. I do, however, recognize that there may be a difference along the lines Vojtěch describes: freezing nyone can spend outputs may be less problematic than freezing outputs secured by private keys. But Super's point is pretty strong: there are five utxos that are actively considered unspendable by everyone running the post segwit Bitcoin code.

This makes it difficult for people like nvk and me to say "UTXOs are sacred, they are a red line." If that is true, why aren't we making a fuss about the utxos that were frozen by BIP 16?

Super makes a good point here:

If you think it's okay to maintain that confiscatory rule to avoid bad consequences, maybe show a little grace toward those who want to add a new confiscatory rule to eliminate different bad consequences.

I still do not feel that confiscating people's utxos should be treated lightly or accepted as a reasonable course in changes to block validation rules; however, I can't deny that I run a node that has confiscated 5 utxos worth .044 BTC.

202 sats \ 5 replies \ @justin_shocknet 1h

The spam psyop is making more sense, the quantum fudders also want to confiscate UTXOs... But many of them are arguing against the spam confiscation

Mfw the spam psyop has been a setup for the quantum fork

100 sats \ 4 replies \ @Scoresby OP 1h

yes, that does make a little sense. I am still surprised that anyone seriously suggests confiscating (freezing/burning/whatever) coins that don't upgrade in the event of a quantum signature upgrade. It seems like such a bad idea.

202 sats \ 3 replies \ @justin_shocknet 35m

bad idea

These are very conflicted dishonest people

0 sats \ 2 replies \ @optimism 18m

Do they know they are dishonest?

100 sats \ 1 reply \ @justin_shocknet 17m

You'd think they have to unless they believe in a paycheck fairy

0 sats \ 0 replies \ @optimism 7m

Hmm... I always feel that the ring leaders just move on to the next grift?

102 sats \ 5 replies \ @Undisciplined 1h

Why can’t these 5 utxos be addressed in an upgrade?

It seems like it should be easy enough give them the same exemption that all of the older utxos received.

171 sats \ 1 reply \ @optimism 43m

Because accepting things that are currently rejected is a hard fork; whereas rejecting things that are currently accepted is - given you get high miner activation support - a soft fork.

100 sats \ 0 replies \ @Undisciplined 28m

Got it

69 sats \ 2 replies \ @Scoresby OP 1h

This gets a little beyond my technical understanding, but at the very least, such an extended exemption is a hard fork: if anyone running current rules sees one of those utxos get included in a new block, they'll treat it as invalid.

This then comes with all the trouble of a hard fork: how do we make sure all people running old software don't get forked off?

0 sats \ 1 reply \ @Undisciplined 1h

I see. So, they could have easily exempted them at the time but now we’re stuck with this?

69 sats \ 0 replies \ @Scoresby OP 44m

I don't know about "easily" but I think it would have been easier.

102 sats \ 3 replies \ @optimism 2h

I'm with nvk on this one too. And super is right to call BIP16 out, but my conclusion instead is: BIP16 was a bad upgrade.

And you know what? This "activation" is what people use as an example to point out that UASFs are good. So super just made the point against UASF. Thanks super, I agree: UASF is a nuclear warhead best not used. Its function is a deterrent.

PS: I just opened that tweet threat (using the bot link) and never before have I felt myself so estranged from Bitcoin Twitter. I'm happy I'm not there. I'm also very unhappy that this is the discourse now.

100 sats \ 2 replies \ @Scoresby OP 2h

Yes, I unfortunately let myself get pulled into a twitter discussion last night. I regret it.

Super posted his BIP16 point on nostr as well, so probably I should have linked to that one, but it didn't have some of the replies I wanted to reference.

I'm sure there were reasons, but I guess I'm surprised that the BIP authors didn't just let all blocks prior to BIP 16 activation get validated with pre-BIP 16 rules. As always there is so much about Bitcoin I need to learn.

102 sats \ 0 replies \ @optimism 49m

So I'm not 100% sure, but I think that the first implementation of IsSuperMajority() for MASF was done for BIP-30 (0.7) and everything before that wasn't really decentrally "activated". I think that this is when Gavin first proposed code for it, but maybe I've missed something. This was the "novel" mechanism when I started looking deeper into Bitcoin code.

I think that BIPs 30, 66 and 65 were activated using this, then from 112/113 (CSV) onward, versionbits were the primary activation indicator instead of hard version numbers.

102 sats \ 0 replies \ @optimism 12m

I unfortunately let myself get pulled into a twitter discussion last night. I regret it.

I saw the reference to Chris' statement. He's wrong. Your forkshitcoin can easily take less than 51% with it. All you need to do is consensus-enforce what any minority agrees on should be the real consensus and fuck right off.

Everything else is a branding discussion: Bitcoin don't give a shit if it is called Bitcoin or therealBitcoin or lukesEmpireCoin or whether there are 2, 3 or 4 of it all claiming to be Bitcoin. The only ones who care are the humans.

Do note that if you fork with less than a large majority of SHA256 compute out there, you may consider doing a consensus change to no longer be attackable by everyone that, probably due to your toxic lies and shitposting, really hates your guts.

169 sats \ 2 replies \ @rblb 23m

My mechanic refuses to do oil changes to my car because the previous owner never did, so, to stay coherent, I have to either keep driving it until it breaks or rebuild the engine.

^This is his face when he explains why I’m not entitled to make my own choices because of logic and facts.

0 sats \ 0 replies \ @Scoresby OP 7m

I agree with the sentiment, but it is the case that you are actively enforcing the BIP 16 confiscation with your node if you run anything later than v 0.6 -- it's not merely a case of something that happened in the past. So to put it in the starkest words: by not forking out this rule we are actively colluding with the confiscation of 0.044 BTC.

0 sats \ 0 replies \ @SimpleStacker 15m

Good analogy

0 sats \ 0 replies \ @nitter 2h

https://twiiit.com/nvk/status/1998765929837326470