2027 protocol upgrade ideas

It’s not just DEXs. Not all 0-conf transactions have the same risk, see CHIP 2025-11: Unsettled Inputs Break Zero-confirmation Transactions - #4 by bitcoincashautist.

Example 1: if you swap some token for BCH on Cauldron DEX, and immediately use that unconfirmed UTXO to pay a merchant, such 0-conf has increased risk of getting cancelled because it has an unconfirmed “anyonecanspend” ancestor.

Example 2: if you put dust in an OP_1 “anyonecanspend” P2SH UTXO and reference it as input in your TX, then any miner monitoring for such “free” UTXOs could sweep it and effectively cancel your TX, so a payment that has any input spend P2SH also has increased risk of getting cancelled.

Thanks for the info.

I also noticed that even Cauldron gets hung up sometimes when there is too many unconfirmed swaps on a token and will not work until a conf comes in.

10 minutes was fine 10 years ago but now is just too long.

You selling 100 BCH isn’t going to get processed with 1 confirmation either It would need a bunch of blocks. So your base assumption is false, “a confirmation” is not what is targeted, instead a certain amount of (proof of) work is.

Faster blocks doesn’t actually give people what they hope it gives them, this is a good example where hope outstrips knowledge. If you talk to many people in the community you’ll notice the pattern, they expect a lot of issues to be solved with 1 min blocks that upon critical review, there is no reason to believe they will be solved with 1 minute blocks.

These examples really just show the problem of finding actually beneficial outcomes that are not trivial to debunk, BCA here creates completely imaginary situations that not a single wallet today is capable of producing and claims it is a problem that needs a solution. While in actual fact not a single human ever had this problem, and as such doesn’t need solving. They can’t have had this problem since no software exists that does this, or anything close to it.

And on top of that, the solutions to this imaginary problem are easy and obvious to any engineer, they automatically follow from basic UX requirements and they do not require you to have faster blocks.

The basic premise of the faster blocks change is that people hope it will make the price go up. As CashDragon here says “we need this to compete” and Jeremy said basically the same thing in another thread here on BCHR. Talk on Twitter and Telegram as much as you want in order to influence the price, but this forum is the wrong place for that.

1. app.cauldron.quest → create wallet
2. buy some tokens
3. create a liquidity pool with those tokens
4. destroy the liquidity pool before block confirmation
5. send the bch back to your regular spending wallet

No matter how you look at it faster blocks will speed things up just due to lower variance, if blocks always came in 10 minutes apart there would be no issue, one minute blocks effectively gives us 10 minute blocks in the worst case scenario.

Kallisti, you provide some steps, not sure which wallet actually does any of that. It probably is some web page, not a wallet. Nothing you can use in a store at the payment terminal. “Oh, wait a moment sir, I need to scan your QR to find the address to then go through this website and do some shit there to pay you from my withdrawal.”

So in reality you went to a website to send money to your wallet address. But that is not the scenario BCA was talking about.
He was talking about the transaction needing to be protected FOR THE RECEIVER. Which you yourself are here. There is no danger, no problem to solve in the scenario you gave.

So maybe you forgot the add the last line:

• go to a physical store and spend your coin from your mobile wallet.

Well, and for that go actually happen, that wallet you have on your phone should prefer unconfirmed UTXOs, which AFAIK none of them do… And you have to be pretty fast to avoid your website initiated transfer having confirmed before you get to the store and select your goods or drinks and finish them to get to the point where you pay.

The end result is that there is nobody that is seeing problems today, because the scenario is just not something that happens in real life. No actual (single) wallet can create this issue, and existing ones combined don’t run into it either.
On top of that, the solution is trivial, the end user that creates this issue ends up waiting for a confirmation at the payment terminal. Because DSProof is about enabling the 99.9% of usecases, not about making that 100%. You can avoid becoming the 0.1% and keep things going smooth.

And to strengthen the point; making a change to the protocol as massive as block time changes needs actual real life problems to be solved. Not some imaginary problems that we are not seeing any amount of actual end users having problems with.

Lets not do what Peter Todd did to push through RBF; be the attacker and victim in an artificial scenario that when it “succeeds” in failing is then used as proof to show it is a real issue.

ok, I see what you’re saying. tl;dr we addressed this in this thread: CHIP 2025-11: Unsettled Inputs Break Zero-confirmation Transactions - #17 by ShadowOfHarbringer

This definitely can become a bigger issue as the ecosystem evolves though. More user wallets will be able to make more complex transactions in the future… let’s say I’m at a merchant POS and I have a special savings vault contract that I need to access, because I forgot to do that transfer in the morning before I got to the store… no problem, I’ll spend from the contract into my everyday spending wallet… but the transaction is unconfirmed, and now the inputs have a non-p2pkh ancestor…

perhaps I misunderstand somewhere - the non-p2pkh ancestor is assumed to be confirmed in the example, I suppose, so maybe that’s also a non-issue.

AFAIK we currently don’t have any wallets that use contracts directly as inputs… unless maybe paytaca does this with their stablehedge feature.

regardless…

the solution is trivial, the end user that creates this issue ends up waiting for a confirmation at the payment terminal

yeah… shouldn’t be much longer than 10 minutes from now, eh?

The point you’re side-stepping is that the solution lies on the side of the end-user. The tech doesn’t have to be fool-proof. The universe will always invent better fools in response anyway.
The current status is that the 99.9% of the usages on chain are in actual fact protected and will not be miner extractable value and thus there is no reason whatsoever to doubt they will get mined the next block.

Sure, smart people can come up with scenarios THAT NOBODY IS SEEING TODAY which fall in the 0.1% which may be exploited by a miner, a thing that hasn’t actually happened in the lifetime of Bitcoin either.

But the solution to that is to detect them early on and put the responsibility squarely on the wallet makers and users because this really never happens to normally honest behaving users using well designed wallets. So, if a point of sale hits this, the user simply get checked more. Because of the inherent issue of this being possibly a scam. The risk of the merchant getting scammed. It really isn’t complicated and the industry is entirely used to this kind of solution.

In short: avoid behaving like a scammer and you don’t have to wait for the (maybe more than) 10 minutes. Everyone happy. No protocol changes needed. Like Shadow concluded in your linked thread, the lower level parts are all solved.

even without those scenarios, faster block time are a general improvement that will make life better for everyone facing any confirmation requirements for whatever reason

I don’t have anything against organic “no-op” year, as in – nobody put in the effort to have something ready, for whatever reason. By accepting “no-ops” can just organically happen we don’t fall into the trap of “oh but we have to have something to show this year, so let’s rush something”. If nothing is ready, it’s fine if we get a “no-op” year.

But to have intentional “no-op” year would be silly, as in – even if somebody had something ready, we’d just let it sit out a whole year before activating it.

Elliptic curve cryptography may become obsolete in a decade or two. I don’t think we should add these opcodes knowing that they have limited shelf life. For cases like this I think read-only inputs are the better approach - you could once define your own EC op using Script, and then call it from other contracts as many times as you need with only 40-50 bytes of overhead for “loading” the function into your contract, and then you just do OP_INVOKE in places you need it.

Makes sense. Maybe the same effort would be better spent toward making some kind of on-chain “standard lib” for stuff like this

Before they grow too much in your mind, the concept sets off all sorts of alarm bells with regards to scaling.
I mean, people explain op-return as not filling the utxo, but then want a special output that can never be reaped? That just sounds like a really easy attack vector.

So before this idea grows too much in your mind, please do (or wait for someone else to do) the scalability research on how this affects utxo growth and thus the cost of a node operator.

CHIPs describes the balance a bit better than this.
There are a lot of what are called “stakeholders”.
The point is that it is not just “somebody” that made a thing. While we value those people, they are really a small minority in the list of stakeholders. As such I feel the need to push back to your statement that it is silly to make them wait. In reality there are a lot of stakeholders in the forms of people and companies that need to actively agree to the disruption that results from protocol upgrades.

You do remember the head of bitcoin com stating that it is actually very expensive to support bitcoin cash because of the continues upgrades?

The stakeholders that find yearly upgrades too expensive will not come here and object, they’ll just leave and maybe go to build on another chain.