Is the scripting system an incalculable security risk?

Why does Bitcoin have a complicated scripting system?
https://en.bitcoin.it/wiki/Script
https://github.com/bitcoin/bitcoin/blob/master/src/script.cpp

I guess because it makes fancy contracts possible: https://en.bitcoin.it/wiki/Contracts Could even be kinds of contracts that we would never think about today.

Still, from what I understand currently there are only a handful of scripts in popular use.

Would it not be wise to restrict the scripting engine to a limited number of well understood scripts? It seems like an invitation for trouble. New scripts could be added over time.

Answer

New scripts could be added over time.

And how would you do that (without breaking old clients / getting all bitcoin clients to work the same way with the same scripts / etc) ?

I think the script language will let bitcoin evolve, without having to make any (fundamental) changes to the protocol. It’s a futurewise smart decision (just like bitcoin has some protection against quantum computers, even though they ain’t “dangerous” yet – and might never be). IMO it’s one of the thing that make bitcoin ‘better than the rest’.

Ofc having a less complex script language would minimize any potential attack vector, but I think the complexity of the language already is low enough for it not to be of any concern. At most we will probably see DoS attack (e.g. transactions which loops endless), but this should be easily fixable with an update (and the currently client already have lots of “anti-DoS” checks, to protect against this).

Leave a Reply

Your email address will not be published. Required fields are marked *