Software bugs in cryptocurrency represent an ever-present issue many users and developers wish to ignore
It is an often misunderstood and generally ignored phenomenon within the crypto world, that bugs do occur in software, or rather the fact, bugs will always be present in complex software development, and that if left untreated can cause dire results.
Software bugs are such that in complex evolving software they can generally never be entirely eradicated, however, in cases such as blockchains, where potentially millions or billions of dollars are tied up in a protocol, ethically, we must approach the development of these platforms and pragmatically. This fact is especially salient when we are dealing with changes at the consensus or protocol level.
Events made public on August 10th that had unfolded earlier this year demonstrate the ever-looming threat to cryptocurrency investors…
”On April 25, 2018, I anonymously and privately disclosed a critical vulnerability in Bitcoin Cash, one of the world’s most valuable cryptocurrencies… A successful exploit of this vulnerability could have been so disruptive that transacting Bitcoin Cash safely would no longer be possible, completely undermining the utility (and thus the value) of the currency itself.”
Bitcoin developer Cory Fields describes how he ethically disclosed the critical bug to developers in private, proving many cypherpunks and bitcoin engineers are truly worth their weight in digital gold. A catastrophic bug of this magnitude if exploited would have caused a chain split and sent shockwaves in the value, which at the time of disclosure BCH had a market cap of over 22 billion dollars…
Creating complicated software takes time, but it takes even longer to audit, peer review, and to perform extensive QA on it in a test environment. With potentially billions of dollars at stake, cryptocurrency projects have an ethical duty to ensure that they do not introduce any mission-critical bugs into the wild, the consequences of which would likely be devastating.
In the fast-paced world of blockchain where various chains are competing for relevance, many projects are engaging in risky development practices, rushing to shorten development times, and pushing unsafe and untested (or under-tested) code changes live in hopes of riding the next round of media hype it generates. Stop! We must be aware that every line of code written could potentially destroy the lives of an incalculable number of people, so act accordingly…
”Working through this bug, which certainly had the potential for catastrophe, has reaffirmed my belief that the threat of software bugs is severely underestimated in the cryptocurrency world”– Cory Fields
Software development is an art, and you can not rush either without destroying their value. Testing and peer review should be of paramount importance to blockchain development. Complex Code will always have bugs, but it’s the developers’ job to minimise these and to ensure they don’t introduce critical errors into the codebase that affect the underlying architecture. Therefore, code changes in cryptocurrency are even more crucial pieces to get right before pushing those changes live. The potential to introduce consensus breaking bugs or glaring security holes into live software is the ever-looming doomsday scenario that cryptocurrency engineers wrestle with on a daily basis.
Facebook once had the motto ‘move fast and break things’, until Facebook moved too fast and broke too many things, hence ‘Move fast with stable infrastructure’ was born. While it might be vital to ensure Facebook delivers a consistent user experience if a user finds a bug on a social platform the losses aren’t catastrophic. While they may suffer a poor quality experience they won’t incur drastic financial losses. Therefore, taking into account the gravity of the situation when vast sums of money are at risk, ‘Move slow and don’t break things’ is a more fitting motto to live by as an ethical cryptocurrency developer.
This is not a race, creating the future of digital currency it takes time and cryptocurrency is still highly experimental. When the gravity of the situation is that introducing errors in live code can, and will cost billions of dollars, we have a duty of care to ensure that we act accordingly. Move slow and don’t break things.