Bitcoin Forum

I read here how the UTXO set is structured in the leveldb
https://en.bitcoin.it/wiki/Bitcoin_Core_0.11_(ch_2):_Data_Storage#The_UTXO_set_.28chainstate_leveldb.29

In the key-value pairs of the database, I don't see the amount for each UTXO represented.
When a client or a miner wants to check for the bitcoin amount for some UTXO, where is this fetched from? And how is it done securely? (i.e. without anyone being able to manipulate this amount?)

the whole point of storing UTXO is to store everything the client needs to verify transactions without having to look them up from the blocks. they store transaction  hash, version, is coinbase or not, the output scripts, amounts and the block height the UTXO comes from.

Yes but what is the answer to my question? How does the client or a miner know the amount that corresponds to a UTXO? I dont see the amount stored in the leveldb.

the amount is stored alongside hash, index, script, etc in the UTXO database. the client has to search inside that database using the hash and index (found in each input of the transaction they are validating).

each tx looks like this:
the client uses the hash+index in the input list above.
then updates the database with the UTXOs from this transaction using its hash and the output list, as you can see the output list contains amounts and scripts which are then stored as UTXO in that database for future looking up.

Ok so the amount is indeed stored in the key:value pairs, the link above is missing that.

My next question:
How is a client or miner ensured that this amount is correct?
In other words, an attacker could compromise the majority of nodes storing the database and manipulate an amount for a specific UTXO he owns. Where would this discrepancy be detected exactly?

i believe that the node software trusts that the data it stored on disk is reliable and not manually modified. but i don't have enough information about this.

it is nearly impossible to attack majority of nodes, even if they did that those nodes would be go on an invalid forked chain.
if an attacker could attack nodes the node operators have to worry about much more serious matters such as losing their coins to the attacker.

the node has to construct the database from scratch by going through all blocks from block 1. it should be faster than initial download since there is no need to download and the node already has the block files on disk and there is no need for signature verification.

I don't think it is impossible. We are not talking about PoW here.
Someone could just buy a *lot* of AWS instances and make them bitcoin nodes, then manipulate the leveldb.
Expensive? Yes. Impossible? No.

Still I'm curious on how such an attack would be prevented.

they can't attack other people's nodes this way.
to perform the attack you described the attacker has to access the other person's hard disk remotely and then edit their database. then have to repeat it thousands of times successfully to affect "majority" of nodes.

No need to attack other nodes. Right now there are about 10k nodes. Some could buy 20k AWS instances, turn them into nodes and have the majority.

that won't affect bitcoin network. anybody is free to create an altcoin with an invalid chain at any time and their blocks will always be rejected immediately and their IP addresses banned by any node that receives their invalid chain. it doesn't matter how many of them are around.

So to get things into the right path: I don't think bitcoin's security is that weak, i.e. trusting 10k bitcoin nodes that will behave honestly. Scenarios like compromising a majority of these nodes or instantiating a greater number of malicious nodes are unlikely, but not impossible. There must be a safeguard somewhere and I'm looking for it.

Suppose you got a zillion nodes pretending to be honest bitcoin nodes and there are just few people like me who run truly honest nodes. Your puppets claim that you got 1 bitcoin in some utxo BUT my node along with those few nodes doesn't approve it, it is why I won't pay a penny for your bitcoin as we are not on the same ledger obviously. You are free to do business with ... wait with whom? You!

Back to your original issue:
Implementation of the UTXO (blockchain state) is somehow complicated and not well documented, but it doesn't imply that it is bogus, actually amounts are stored properly in the chainstate key-value pair in leveldb for each output of each entry, it is not summed-up for the entries separately because it is not a recommended practice in software engineering and database design to maintain redundant data; besides being a waste of space, redundancy opens doors to consistency problems.

10k honest nodes with their UTXO would only accept blocks that correspond to their UTXO list
any double spends would get rejected.

your 20k nodes with edited database would relay out a bad tx. and honest mining pools and node wont even bother looking at it. meaning no chance of even getting put into a block. and honest nodes wont even keep it in mempool

you would then need to also be a block minering to make a block with your bad spend in it.
if you then propagated that block, honest nodes would reject that too. and instead accept a good block elsewhere.

so YOUR 20k nodes would accept YOUR block. thus making your blockchain fork away from the blockchain of the honest nodes.

in short editing your database and making your own mining pool. is making an altcoin just for yourself to play in alone

..
the real risk. is if bitcoin devs programming the main bitcoin core nearly everyone downloads added in unnoticable code that made all users seed data from a certain source and that data was manipulated.
however an unknown guy making an unknown client and himself running thousands of them.. just forks him off by himself

It shouldn't be considered as "trust". It doesn't have to do with the majority, since the bitcoin nodes won't be manipulated by it. They work autonomously. The network doesn't "tell you what to do". Instead, your bitcoin client already knows what to do, and it makes it's own decisions. Everyone makes the same decisions, but even if the majority of nodes are malicious, it wouldn't bother the honest ones. They would keep validating the information they receive and reject anything invalid. That's why it is recommended to have a full node, instead of SPV. You don't have to trust any node, you know what is valid and what's not. But even if you do, the worst thing that can happen is simply broadcasting an invalid transaction.

Ok so here is exactly the safeguard.
The miners have to run a full node themselves, and they have an honest view of the UTXO set. Any transaction that was created based on some malicious full node database would be rejected from the miner.

Nope, it is not just about the miners, beware!
Exchanges, whales, explorers, devs, researchers, ... power users in general should run a full node, and they usually do so. Hence, miners are not in charge of the network security solely because other economically active nodes won't commit to any protocol breach, so they fork off in case of a compromised mining scene.