-
@ Laser
2025-05-09 19:05:43
#Bitcoin Knots critique by nostr:nprofile1qqs936kc97s4k4gqjnmltljgqns0uadh08d77t5mypg3anxkneks37gpzamhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuegpz4mhxue69uhkummnw3ezumtfd3hh2tnvdakqx3v2gk largely mirroring my own:
"There seem to be a lot of misunderstandings about the tradeoffs and risks of running Knots instead of Bitcoin Core, so I'll try to dispel as much as I can.
If you want to make a well-informed decision before deciding to migrate to Knots, start here!
Don't run code blindly, even open-source code!
As Knots has not been widely used and has little to no developer base outside of Luke Dashjr, you should be very cautious when switching to it instead of Bitcoin Core. If you can't vet the code yourself, I'd recommend waiting for others to do so before making the jump.
Knots is still 99.999% Bitcoin Core code
Knots isn't an alternative client for Bitcoin (like btcd or libbitcoin) and is instead a minor code fork of Bitcoin Core. It relies almost exclusively on the upstream Bitcoin Core repository for bug fixes, vulnerability fixes, improvements, etc. Luke Dashjr applies his own preferred patches on top of that base, often of PRs that are yet to be merged (or won't be merged) into Core as he sees fit.
This means that you're reliant on Luke to keep up with Core to avoid your node being vulnerable to attacks. In a quick check of Bitcoin Core vs. Knots release timing, Knots usually lags anywhere from 1wk to 3mo behind Core.
Knots relies on a single maintainer
Luke Dashjr has complete control of the Knots repo on Github, and is the sole maintainer, meaning he merges whatever he sees fit into Knots without peer review. If you take a few minutes to look at the repo, you'll notice no pull request has ever been merged by an outside contributor, he has disabled any contributor tracking, and the vast majority of commits to the default branch are by Luke.
This places immense trust in Luke as an individual, as any mistake or malicious action on his part can happen without anyone else having any say or putting any eyes on the code. If you can't validate the code yourself, you're blindly trusting one individual with your view into the Bitcoin network.
Luke Dashjr has a terrible security track record
Along those same lines, Luke as the sole maintainer is terrifying to me. He has a poor track record of security practices, including leaking his GPG key (used to sign previous commits and releases) and leaving hundreds of Bitcoin on a hot wallet on a server instead of properly securing them offline.
Make of that what you will.
Knots still validates and stores all spam
If a transaction is valid under consensus rules and mined by any miner into a valid block, Knots will necessarily still validate all spam transactions and store them locally. By running Knots you are not rejecting any spam on-chain or on-disk, and are absolutely still storing Inscriptions, jpegs, OP_RETURNs, etc. on your hard drive forever.
The only place Knots may differ from Core is in the mempool, something that merely harms your fee estimation as you won't see transactions that may actually make it into blocks until they're mined.
Still want to run it? More power to you.
While I absolutely would not recommend running Knots, if you read and understand the above points and still choose to run Knots, more power to you. One of the beautiful things about a permissionless network like Bitcoin is no one can stop you from running whatever client you want, as long as it abides by consensus rules.
The only positive I see in growing Knots adoption would be if more devs and security researchers take the time to look through the diff between Core and Knots and find bugs and vulnerabilities that apply to both (and then responsible disclose them). That could be beneficial to the entire ecosystem, so I'm curious to see if that unfolds.
If I've missed anything or you have any addition questions, please don't hesitate to chime in!"
https://x.com/sethforprivacy/status/1920871546437943683
https://blossom.primal.net/0586cf885ea5e73565be73c7a7c72b0d3d98b8515393759f6d977288a9eb6f5b.png