|
@patio11: So, your attack basically amounts to "find RCE, then use RCE to gain control of whole network at once". Okay, the problem with this argument is that it is technically valid on any network of any kind. If I invent magic exploit that lets me execute any code I choose, then I can gain control of entire network because I now can execute any code I choose on it. Sure. That much is obvious, but not specific to Bitcoin. You originally put the price of "Subtle bug in the Satoshi client C code: $100,000" but without giving any meaningful reason behind this number. You know that throwing money at finding bugs doesn't actually find them, right? If the bug does not exist, then it cannot be exploited, no matter how much money is thrown at the problem. Now, I'm not saying that there is no such bug, because I have no idea whether there is or not. However, when the existence of said bug translates directly into a money-stealing opportunity, in the most literal possible way I can imagine, then there is a rather large incentive amongst those concerned to make sure no such bug exists. I wouldn't be particularly surprised if that particular piece of code wasn't the most ridiculously oversecured thing you can imagine. Now, obviously flaws can exist elsewhere, and often do. But you're pointing to something that is fundamental to the network and saying "what if it has a flaw", and that seems too obvious to actually be meaningful or insightful to me. Anything can have flaws. The useful question is not "what if there's a flaw?", but "does it have a flaw?". |