Double spend 'security flaw' reignites BCH vs BTC debate

What would an end of the year be without one last BTC vs BCH battle royale?

Bitcoin subreddits were working overtime today, following a bombastic article and video that claimed ‘dangerous Bitcoin flaws’ have been discovered in the network’s code and warning 200+ Australian merchants currently accepting BTC that they might be at risk:

So what exactly is this critical new bug that got the BCH community busting out the nuclear mushroom JPEGs in their video thumbnails? Well, according to the accompanying text:

“In a major blow to BTC security, it is revealed that customers using standard off-the-shelf wallets can purchase goods and trivially reverse the transaction upon leaving the store. The ability to double spend Bitcoin is made possible by the anti-feature replace-by-fee.”

Yes - apparently, the fatal new security flaw bound to bring BTC to its knees and first identified at the tail end of 2019 is...rbf-enabled double spend?

For the uninitiated, ‘replace-by-fee’ (RBF for short) is an opt-in feature of the Bitcoin system that allows transactions to be flagged as replaceable until they are confirmed in a block. Both the concept as well as the implementation of RBF are certainly not new to the Bitcoin blockchain. In fact, transaction replacement was introduced by Satoshi himself as part of Bitcoin’s first release.

As BitcoinCore.org explains:

‘During the period when transactions are waiting to be confirmed, some wallets would like to be able to update those transactions in order to increase their fee (which may help them get confirmed faster), compress multiple transactions into one, create background coinjoins (to improve privacy), or to perform a number of other useful actions.’

The new video demonstrates how a person could technicaly abuse RBF to pay for their services with BTC at a brick-and-mortar shop, only to then ‘reverse’ the transaction after exiting the store, leaving the merchant empty-handed.

This is only possible in case of a ‘0-conf’, or a zero-confirmation transaction, meaning that said ‘fraudulent’ transaction has yet to be included in a block, mined and confirmed by a node. 0-conf transactions are inherently risky, which is why a merchant may choose to mark the payment as complete only when a transaction has received at least a single-block confirmation. The downside to this, of course, is the increased wait time between the customer paying with BTC and the vendor accepting said payment as valid.

Again, this is not a new issue. That, however, has done little to stop the ensuing flame war and stick measuring over on r/btc and several other subreddits, as mentions of ‘rbf’, ‘conf’ and ‘merchants’ ballooned on social media and made its appearance on our Emerging Trends list:

Many in the BCH crowd used the ‘news’ as further proof of their hard fork’s superiority:

By the way, notice the ‘where-is-satoshi’ user? He seems to have been the original posted of the initial, strongly-worded RBF thread:

We’ll get back to him in a sec.

In the meantime, others in the BCH community have dubbed this a non-story:

With some pointing out that double spends exist on BCH just as well:

And even purporting that this new RBF narrative is just a distraction from Roger Ver's connection the recent HEX token launch:

Finally, it’s worth noting that this groundbreaking new bug was also the focal point of a heated BCH vs BTC debate...back in February this year.

We covered said flame war at the time, which started when Roger Ver posted a video on reddit featuring a BCH-operated candy dispenser:

‘Just wanted to show everybody just how fast Bitcoin Cash is’ he says before executing a 40c transaction that releases a slew of M&Ms a few seconds later.

After the video made rounds on the main bitcoin subreddits, several users pointed out that this was another instance of a ‘0-conf’ transaction, meaning that said 40c transaction has yet to be included in a block, mined and confirmed by a node.

The major talking points at the time - and even the main pro-BCH voices - seem oddly similar to this latest network-wide ‘scandal’:

Based on this, I think we can safely assume that the RBF debate has now finally been put to rest once and for all - until next time.