Is Bitcore's hooking into bitcoind safe?


I recently made the mistake of joining the Bitcoin Core Slack channel. While I was there I mentioned that we were hosting a Bitcore node as a backend for our wallet. Patrick Strateman stated that Bitcore hooks into private Bitcoin methods without respecting resource locking, and that such behavior is incredibly dangerous and could result in “literally anything happening”.

How much truth is there to this?


Any specific examples? Most of the functionality is a mirror of RPC methods however give Node.js and V8 types instead.

No specific examples, but I’ll share what he said to me.

that codes does something insanely dangerous, it hooks into the very core of bitcoind and fails to respect the locking requirements

the way in which bitcore hooks into bitcoind could cause quite literally any behavior at all from bitcoind including but not limited to incorrectly marking an invalid block as valid

bitcore works by running bitcoind as a shared library and then hooking into virtually all of the methods using some npm “native code” tooling

however they call functions and methods which have contracts around which locks are held that are not enfroced by the function/method

in c++ concurrent access to objects protected by a lock without acquiring the lock can result in… well basically anything happening