That's a good point, it would be magnitudes simpler to review just the pertinent security bits. Thank you DrHax
I'll check out btcd, I had thought that was a part of bitcoin core.
First, the latest is v26
Second, I believe there are other implementations of Bitcoin (however I expect bitcoin core makes up >50% of the nodes, so a vulnerability in core would still be a huge risk)
Third, you don't have to read all the code to determine certain security properties. For example, lets say you are concerned with your private key being leaked. Just read the code that processes the private key. The code that validates blocks, doesn't matter for this purpose.
So you have to know what it is you are trying to prove, but then it becomes a much more managable task.
A quick search turned up this alternative bitcoin implementation: https://bitcoinmagazine.com/technical/btcd-a-full-bitcoin-alternative-written-in-go-1368114292
Discussion
Just to be clear, I'm not recommending btcd because I don't have any experience with it, but I do think that having ecosystem diversity is a good thing.
I agree, I will most likely run bitcoin core v25. But that gave me a better understanding of what exists in terms of bitcoin software. Thanks.
Yeah, I used to run a practice and lead a team of people who did software security audits, so I've spent a good deal of time thinking about how to go through all the relevant code as fast as possible and make sure nothing was overlooked.
I appreciate it when:
I. Code is really small, or failing that
II. It's architected in a way that I can be confident that a failure in one part of the code won't affect another part of the code
You have such a deep pool of experience. I appreciate you sharing so much of it here with us on nostr and with your offline work devving.