Why there was No Double-Spend on the Bitcoin Blockchain
In case you read no further, let’s be very clear about the (non-)event that took place on the Bitcoin blockchain yesterday (20 January 2020), prompting fear amongst some investors:
- There was no double spend
- Brief chain splits at the tip are harmless and happen all the time
- The system worked exactly as it should
What actually happened is that two instances of the same Replace-By-Fee (RBF) transaction with an escalating fee happened to be included in two competing chain tips during a one-block re-org. That’s quite the mouthful, but the short story is that this was a misreported non-event wherein a relatively common occurrence happened together with a very common occurrence in an uncommon manner such that it made two benign versions of the same RBF transaction initially look like a double spend.
Closer inspection done within an hour of the original report revealed that it was in fact not a double spend. But at that point it was already too late: A set of journalists lacking the technical ability to verify the occurrence for themselves and relying on initial observations and unfinished analyses, reached straight for the sensationalist headlines and became unwitting spreaders of potentially market-moving fake news.
We sincerely hope that no investors were financially harmed by this misinformation and hope it will serve as an important reminder to not take everything one reads in the news media as accurate, especially concerning issues of a technical nature. Cryptocurrency is a new and difficult knowledge space and this should make it exceedingly clear to investors that not everyone who purveys information about the industry actually has a full grasp of the details.
In this short piece we’ll go through what actually happened in some detail and with illustrations, but first, let’s look at some important semantics.
What is a double spend?
There is no strict definition of a double spend. However, in this context we are not interested in purely technical definitions or whether or not this event qualifies as such. What most people are wondering is whether or not what happened was bad for Bitcoin; if it was a bug or glitch in the code; or if it was otherwise a problem. Therefore we will use the following simplified definition as it is the one investors are most likely to be familiar with, and also one where it is clear that the outcome is highly problematic.
In the context of bitcoin, a double spend is a situation where a user (the buyer) is able to send bitcoin to another user (the seller), irreversibly receive some goods in return, and then rewrite the blockchain such that a new alternative transaction — which uses the same input as the original — instead of going to the seller, would go back to the buyer. The outcome being that the buyer ends up with both the goods and the bitcoin.
In other words, a double spend is an intentional attempt to defraud a receiver of bitcoins by showing them a blockchain where they have received coins, and then creating (or colluding with a miner to create) an alternative longer chain where this transaction never took place, with its input instead being sent to another address controlled by the buyer. In more colloquial terms it is the bitcoin equivalent of bouncing a cheque.
Bouncing bitcoin cheques is one of the things you can do during a so-called 51% attack, and represents a clear example of why such attacks can be bad.
Let’s look at this scenario in a little more detail.
A double spend illustrated
(this example doesn’t make much real-world sense, but for the sake of explanation, just pretend it does)
In the below illustration, the buyer (B) sends a transaction to the seller (S) and this transaction is included in the longest known (and therefore by definition the canonical) chain.
The transaction (Tx 1) sits in block 104, and moves coins from B to S. This chain is the longest known chain, and the seller accepts the transaction as settled even though it only has one confirmation—it only sits one block deep. The seller dispatches the goods and they arrive immediately and irreversibly.
But here comes the trick: Unbeknownst to the seller, the buyer has colluded with a large miner who’s actually managed to mine two alternative blocks on top of block 103, but has kept them secret from the network. As soon as the buyer receives her goods, the miner publishes these two blocks, including an alternative transaction (Tx 1a) in which the funds, instead of going to the seller, goes back to another address controlled by the buyer.
This new blockchain is longer than the previous one and therefore by definition the new valid chain. The new transaction (Tx 1a) uses the same input as the old transaction (Tx 1), but moves the coins from the buyer, to another address controlled by the buyer. This means that even if the buyer kept a copy of the previously valid transaction Tx 1, and tries to get it confirmed in a later block, Tx 1 would now be invalid because its input has already been spent in transaction Tx 1a.
The buyer, in collusion with the miner, has now defrauded the seller and is in possession of both the goods and the bitcoin.
This is a double spend.
So what actually happened then?
A full explanation requires a bit of background so please bear with us for a moment while we go through some necessary background knowledge.
First, let’s talk briefly about re-orgs. A re-org, is a situation in which a chain that was previously the longest chain (at least as seen by some network participants), becomes outpaced by another chain, causing it to be discarded. This is a relatively common occurrence.
Most of the time, there is one clear chain tip, and all miners cooperate to add blocks to the end of that chain.
Re-orgs happen when two miners find a new block at more or less exactly the same time. They then propagate their respective blocks to the rest of the network, some of which receive one block first, and the rest receive the other. Both blocks are valid and of equal length, so miners will start mining on whichever one they received first.
In this instance, there are two competing chain tips, both of which are valid, and the mining network is momentarily split according to which block they happened to receive from their peers. Miners will then mine on their own respective chain tip until a new block is found. It is exceedingly unlikely that two blocks are found at the exact same time again and the split resolves itself whenever a miner finds a new block on either competing chain.
As soon as a miner finds another block, and this block propagates, miners who were working on the other chain tip will abandon this chain, accepting the now longest chain as the valid one. The competing block is now said to be orphaned and is discarded by the network. All miners will now switch to mining on the longest chain.
Re-orgs are relatively common and benign. Their common occurrence is an ongoing reminder why it is not a good idea to accept transactions that are less than a few blocks deep as fully settled. In fact, the more valuable the transaction, the more confirmations one should require. And indeed most exchanges and wallets wait for 6 blocks as an industry standard.
What we observed on January 20 was an example of a single-block re-org as illustrated above. Whilst deeper re-orgs can happen, they are much less likely and very uncommon.
What is Replace-By-Fee?
Bitcoin transactions compete for inclusion in new blocks by bidding in an ongoing auction of transaction fees. When a transaction is signed by a user, it is propagated to the entire network on a best-effort basis and entered into a pool of unconfirmed transactions (called the mempool) individually kept by each node. Since transactions sometimes do not fully propagate through the network, it is possible for nodes to have slightly different mempools, but for our RBF illustration let’s pretend there is only one unified mempool.
We can picture the mempool as a stack of unconfirmed transactions ordered by the fee they offer.
New transactions are continuously added to all areas of the stack by users, and removed from the top by miners who want to secure as much transaction fee income for themselves as possible.
The process then repeats infinitely.
From a user’s perspective, a problem might arise if they find themselves in a hurry to have their transaction added to the blockchain, but they have offered a fee that sits too low in the mempool stack to be added any time soon. This is where RBF comes in.
Replace-By-Fee is a wallet function whereby a user can, figuratively speaking, double spend themselves by adding another transaction to the mempool, spending from the same input (and this is likely where the confusion arose) as the original one. This second transaction offers a higher fee and conflicts with the original transaction by relying on the same input. By the rules of Bitcoin, only one of the two can be valid and entered into the ledger, and this will be whatever transaction makes it into the blockchain first.
The assumption is that the transaction version offering the highest fee will be mined first, and this is almost always the case. But there is a chance that one of the transactions failed to propagate equally to all miners and so it is possible that something slightly weird could happen, and that is indeed what we observed on January 20.
The non-double spend
What happened yesterday was a weird combination of a thrice-fee-escalated RBF transaction and a single-block re-org. For simplicity we are leaving out the third instance since it did not make it into any block at all.
During a single-block chain split, two different instances of the same RBF transaction happened to be included in each of the competing chain tips, which, when the next block was found and the chain reconsolidated and orphaned one of the blocks, made it appear as if a double spend had taken place.
As you can now see, this was in fact not a double spend. The only way this could be construed as a double spend is in the most figurative and technical sense since an RBF can be considered as a double spend of oneself, but this is purely semantic word play and not of any usefulness or relevance to investors who may have been unduly worried by the use of the phrase.
The lesson learned
Digital assets are still a nascent asset class, and understanding the finer details of protocols like Bitcoin can require a level of technical understanding that not all who spread information in the industry will necessarily possess.
Events like this highlight the importance of high-quality research and the role of competent research desks as an invaluable resource for investors, both current and prospective, to access reliable and factually accurate information regarding this new and exciting technology.
This material has been prepared by CoinShares and its affiliates for research and informational purposes only and it is not intended to be relied upon as an offer or a recommendation, offer or solicitation to buy or sell a security. Nothing within this document constitutes (or should be construed as being) investment, legal, tax or other advice. This document should not be used as the basis for any investment decision(s) which a reader thereof may be considering. Past performance is not a reliable indicator of future performance. Any potential investor in cryptoassets, even if experienced and affluent, is strongly recommended to seek independent financial advice upon the merits of the same in the context of their own unique circumstances. Cryptoassets are a highly volatile asset class. Your capital is at risk. The value of crypto assets can go down as well as up and you can lose your entire investment. Cryptoassets are not covered by financial compensation schemes.
Predictions, opinions and other information are expressed at the date of publication and are subject to change as circumstances vary. This information has been developed internally and/or obtained from third party sources believed to be reliable; however, no representation or warranty, express or implied, is made as to the accuracy, reliability, or completeness of such information. To the extent permitted by law, we do not accept or assume any liability, responsibility or duty of care for any use of or reliance on this information.
The CoinShares Astronaut is a trademark and service mark of CoinShares (Holdings) Limited.
Copyright © 2021 CoinShares Group, All rights reserved.
Sign up for our monthly newsletterSubscribe
Our latest insights & research. Never spam.