Today I found another incompatibility between the rules of Bitsofproof and the rules of Satoshi client. I will report today to Grau. Bitsofproof is still in BETA, but looks very promising.
But the point is: Should all the Bitcoin community (apart from the alternate client project maintainer) be notified of the possibility of a network split?
Thank you for taking a deep dive into the code and reporting your findings. I am not (yet) convinced that the difference you spotted by reading the code does lead to exploitable different behavior, since there are numerous tests shared between Satoshi and bits of proof targeted exactly at these subtleties. Specifically the tests
https://github.com/bitsofproof/supernode/blob/master/server/src/test/resources/script_valid.jsonand
https://github.com/bitsofproof/supernode/blob/master/server/src/test/resources/script_invalid.json would have very likely caught the difference you claim.
The process you followed by notifying the author with the details in the first place is correct. It would be fair to wait for a confirmation of a vulnerability and its fix before you announce that you found something, just to avoid it sound like FUD-ing an implementation. There are bugs in every software and there must be countless differences between implementations. Bugs have to be fixed but differences have to be carefully evaluated if they really offer a practical exploit.
Your work is valuable to all of us, please continue but be vary not only the network security but the reputation of the implementations that in some respect also support security.
Yes Grau, you're right. That's why I didn't make public the problem details. But honestly, the problem is there in the Bitsofproof code, I'm quite sure.
The fact that BisofProof is still in Beta (but won't be in Beta forever) is the reason that I'm asking people: how should we handle a problem with one (but not all) of the client implementations.
I think that, for the community good, as fast as a bug that can cause possible network split is discovered, all users must be notified. I mean all (including users that do not use this client). This does not mean that the bug must be exposed. But if people know their clients can bee "knocked out" of the best chain, they can put additional protective measures to periodically check if they were.
Related to the test cases Grau posted, I'm quite sure they do not check the problem I spotted.
Those test cases do not test the result of each opcode, only they test if the script verification fails or not.
That's completely wrong, or at least it's incomplete.
If you want to check if OP_ADD1 works, you should check that before executing the opcode and afterward the stack have some known values. Now the script test cases only check that the result is TRUE or anything else.
Gavin or donor coders should try to build more detailed test cases for each script arithmetic opcode, to avoid screwing up things in future versions and to help other implementers to verify their codes.
Grau: my impression is that your code is good, as is Mike Hearn's code. The problem is not on your code, but in the lack of a "Bitcoin Bible" manual to specify the hidden and often forgotten rules of the protocol.
Would you allow me to post the problem here?
