Bitcoin Security Lessons for Ravencoin
Security is the priority for any network
The Honey Badger Tank Known as Bitcoin
Bitcoin is extraordinarily complex with layers of security and years of dedicated experts working on it.
There are thousands of eyes on the Bitcoin code. Hundreds of active devs on the core code.
Thousands more working at wallets, universities, incubators, financial cos, miners, exchanges etc.
It’s been argued and tested and attacked more than any other piece of code in history. Bitcoin is a complete marvel of computer science and science in general. It is unique.
Bitcoin is very secure.
While Raven shares some features and code with Bitcoin, users should not mistake this as being the same security level. Bitcoin is in a special category due to its large developer network.
The Raven project benefits from A LITTLE BIT of Bitcoin security in the form of the original code. The code that came from Bitcoin at the time of the fork was good code. Even then a critical bug was found and patched by the heroic BlueMatt and others in Bitcoin last year. Fortunately the Raven devs patched BlueMatt’s Bitcoin improvement into the Raven code and it wasn’t a problem. But the lesson illustrates that even Bitcoin is not perfect code. If Bitcoin could have a flaw, Raven most definitely has a higher chance of having a flaw.
As soon as the Bitcoin code is copied to another repository and tinkered with it loses some security because it loses those hundreds of eyes and active devs.
Each change, particularly hard forks, present more new security risks and more attack vectors.
While Raven is interesting and special, it’s security can’t be compared with Bitcoin.
As Sam Jackson once said “It’s not the same ball park it’s not even the same game.”
That doesn’t mean Raven is bad, it’s great. It’s about as successful as any user or contributor could want in terms of interest and implementation.
(Note: when I say it’s great I mean from a dev, structure, design and user standpoint, not financial. RVN is very risky as an investment and I don’t recommend it)
From a security standpoint, Raven has a fairly strong network for its age and it can benefit from Bitcoin’s security improvements. But it’s still got lots of risks.
Even aside from code security flaws, the mining is still far less.
The goal is to see if a modified version of the code can be used to help users securely create tokens which the protocol is aware of. That part of the experiment has worked well so far.
What remains to be seen is whether this works for use cases like securities. RVN seems to work as a platform to easily and securely issue tokens.
Since the tokens are not run by smart contract they have some advantages but also some disadvantages. Who knows if the disadvantages can be overcome. Even if they are, it doesn’t mean Raven would be the best source for certain tokens or have market share. Even if it has use and a market share there is no guarantee the project will have any economic value.
Increased Attack Risk
Increased interest and financial speculation in the project increases risk of attack.
There is more motivation for a 51% attack and more motivation for hacks, tricks, scams, dupes, misinformation and redirection.
A 51% attack always remains a concern. Especially with the looming threat of FPGAs & ASICs.
The best way to address this is for more people to work on it.
Security lessons RVN can learn from Bitcoin:
- Have robust security debates about every change and fork
- Decentralized power and control removes some security holes
- Public peer review and discussion is key
If you are interested in Raven, please help find and patch security holes. Tell other developers and invite them to contribute to open source projects.
(Disclosure, I own RVN. I am an unusual case and not a financial model that others should follow, particularly retail investors. RVN and all crypto are very risky. You can lose all you invest.)