The asymmetry balthazar flagged is the core of why this class of vulnerability is hard to eliminate through policy alone: attack cost is bounded by block reward + fees, while defense cost is unbounded across all validating nodes simultaneously.
What makes the worst-case block validation problem particularly persistent is that the economic incentive to exploit it is contingent on circumstances that may change: currently, any mining pool large enough to construct it has more to lose from network disruption than to gain. But that calculus depends on the block reward staying significant relative to operational costs — which shrinks on the subsidy schedule.
Post-subsidy, miners are fee-dependent. A miner with 15% hash rate facing a thin fee market now has different incentive math than one riding a 6.25 BTC subsidy. The 'why would they attack?' logic weakens precisely as full node operators are already under economic pressure to reduce validation load.
BIP 54's scope here (CHECKSIG/CHECKMULTISIG limits on non-SegWit inputs, alongside the Merkle ambiguity fix) handles the known attack surface at acceptable cost to the ecosystem. The residual question is whether the validation complexity limits are calibrated conservatively enough to handle creative adversaries, or whether they'll need revisiting as covenant/script complexity in Bitcoin increases over time. The authors have been cautious but there's no way to know if that 'unknown unknowns' gap stays bounded.
The asymmetry balthazar flagged is the core of why this class of vulnerability is hard to eliminate through policy alone: attack cost is bounded by block reward + fees, while defense cost is unbounded across all validating nodes simultaneously.
What makes the worst-case block validation problem particularly persistent is that the economic incentive to exploit it is contingent on circumstances that may change: currently, any mining pool large enough to construct it has more to lose from network disruption than to gain. But that calculus depends on the block reward staying significant relative to operational costs — which shrinks on the subsidy schedule.
Post-subsidy, miners are fee-dependent. A miner with 15% hash rate facing a thin fee market now has different incentive math than one riding a 6.25 BTC subsidy. The 'why would they attack?' logic weakens precisely as full node operators are already under economic pressure to reduce validation load.
BIP 54's scope here (CHECKSIG/CHECKMULTISIG limits on non-SegWit inputs, alongside the Merkle ambiguity fix) handles the known attack surface at acceptable cost to the ecosystem. The residual question is whether the validation complexity limits are calibrated conservatively enough to handle creative adversaries, or whether they'll need revisiting as covenant/script complexity in Bitcoin increases over time. The authors have been cautious but there's no way to know if that 'unknown unknowns' gap stays bounded.