LocalChain Checkpoint Invalidation: A Deep Dive

Jan 16, 2026 by Editorial Team 48 views

Question re: when `LocalChain::apply_update` invalidates checkpoints

Hey guys! Today, we're diving deep into a fascinating question about when LocalChain::apply_update invalidates checkpoints, particularly focusing on some potential discrepancies between the documentation and the actual implementation. Let's get started!

Understanding the Bug: Genesis Block Replacement

So, the documentation for merge_chains states that a CannotConnectError pops up when an update tries to replace the genesis block of the original chain. Makes sense, right? But, here's where it gets interesting. As highlighted in the test case "fix blockhash before agreement point" in update_local_chain, the implementation actually allows the genesis hash to be changed. Yep, you heard that right! If the update gives a new hash at height 0 and the rest of the update is consistent, it's a go. The function isn't stopping you from replacing the genesis block; it just wants to make sure the update is clear and properly invalidates any conflicting blocks above the point of agreement.

This mismatch between the documentation and what's really happening can cause some confusion for users. Imagine someone thinks the genesis block is set in stone, as the docs suggest. They might be surprised to see it can be "fixed" by an update. This could totally change how they think about LocalChain behavior, especially when it comes to invalidation heights and chain reorgs.

Now, is allowing the genesis block to be replaced intentional? Maybe. But, the documentation needs to spell this out clearly. If it's not intentional, then the implementation needs to be updated to match the documentation. We need to keep everyone on the same page, ensuring clarity and predictability in how LocalChain operates.

Consider this scenario:

Original chain: [0, A] Update: [0', A] Result: [0', A] (Okay, apparently)

But, the expected behavior should be:

Result: CannotConnectError { try_include_height: 0 } (Error! No genesis block replacement allowed!)

The Challenge of Chain Reorganization

Now, let's talk about chain reorganizations. Currently, merge_chains doesn't allow a simple reorg by switching forks unless the update specifically includes a point of agreement. If we keep going through blocks below the last update height, the function gets confused. It can't figure out how to connect the update to the original chain, so it throws a CannotConnectError. It's like trying to fit a square peg in a round hole – just doesn't work without that agreement point.

However, if the update at the invalidation height claims to connect to a block in the original chain, or doesn't conflict with it, shouldn't it connect without issues? This would allow a reorganization by switching to the longest chain. It feels like a logical expectation, right?

Let's illustrate this with another example:

Original chain: [0, A] Update: [A', B'] Result: CannotConnectError { try_include_height: 0 } (Error! Can't connect!)

But, the expected behavior should be:

Result: [0, A', B'] (Success! Reorg complete!)

Diving Deeper: Context and Considerations

To really understand this, let's look at some additional context:

Check out the documentation of merge_chains
Consider the unfortunate restriction with LocalChain discussed in this BDK pull request.

These resources provide valuable insights into the nuances and limitations of LocalChain and merge_chains.

Build Environment Details

For those who want to dig into the technical details, here’s the build environment used for testing:

BDK tag/commit: a161ee24d38b038a51161816a9f90a87f90d157d
OS+version: macOS 15.7.2 (Sequoia)
Rust/Cargo version: 1.92.0
Rust/Cargo target: aarch64-apple-darwin

Backend Relevance:

This issue seems to be related to the core logic of bdk_chain and bdk_core, so it's not directly tied to any specific backend like Electrum, Esplora, or Bitcoin Core RPC. It's more about how LocalChain handles updates and reorganizations.

Impact on Production Use:

Good news! This isn't blocking production use. It's more of a clarification and potential improvement area.

Summing Up: Ensuring Clarity and Correctness

So, what's the takeaway here? We've identified two key areas where LocalChain::apply_update could be improved:

Genesis Block Replacement: The documentation should clearly state whether replacing the genesis block is allowed or not. If it's not allowed, the implementation should be updated to prevent it. If it is allowed, the documentation needs to reflect this.
Chain Reorganization: The behavior of merge_chains should be more intuitive when handling chain reorganizations. If an update connects to a block in the original chain at the invalidation height without conflict, it should allow the reorganization to occur.

Addressing these points will make LocalChain more predictable, easier to use, and less prone to unexpected behavior. This, in turn, will benefit developers and users who rely on BDK for their Bitcoin projects. By clarifying the conditions under which checkpoints are invalidated and ensuring consistency between documentation and implementation, we can enhance the overall robustness and reliability of the BDK ecosystem. Let's aim for code that not only works but is also easy to understand and reason about!