b3chain — B-2 Rebranding Regression Audit

1. Forbidden-pattern table

Pattern	Where it must NOT appear	Why
`"Bitcoin Signed Message"`	Anywhere outside `src/test/`	Replaced with `"B3Chain Signed Message"` for chain-specific signing
`"bitcoin:"` URI scheme literals	Source code (was: BIP21 URI scheme literal)	Replaced with `"b3chain:"`
`bitcoind` / `bitcoin-cli` / `bitcoin-qt` ...	Markdown docs (excluding release-notes & lines that compare old/new)	User-visible binary names
`HelpExampleCli/Rpc("...bitcoin..."`	RPC help strings	Visible in `help` output
`tr("...Bitcoin...")`	Qt translatable strings	Visible in the GUI
`"Bitcoin Core"`	Outside copyright / attribution lines	The product name is now "B3Chain Core"

Whitelisted (intentionally not flagged): copyright lines, "The Bitcoin Core developers" attribution, source filenames like src/bitcoin-util.cpp, external URLs, and lines that contrast the old and new names side by side.

2. Findings from the first run

The audit caught real regressions. They were fixed in the same commit set as the audit framework:

5 leftover Qt tr() strings in src/qt/intro.cpp, guiutil.cpp, sendcoinsdialog.cpp, addressbookpage.cpp still said "Bitcoin" → replaced with "B3Chain".
src/rpc/rawtransaction_util.cpp raised "Invalid Bitcoin address: ..." → replaced.
doc/Doxyfile.in set PROJECT_NAME = "Bitcoin Core" → replaced.
30+ bitcoind / bitcoin-cli references in contrib/*/README.md → bulk-renamed.

3. How to run

cd b3chain
bash contrib/testing/audit/audit-rebranding.sh

# Also re-run the test suites (slower, ~30 min on a laptop)
RERUN_TESTS=1 bash contrib/testing/audit/audit-rebranding.sh

4. Expected output

[B-2] Rebranding regression audit
========================================================================
  PASS  no leftover 'Bitcoin Signed Message' string
  PASS  no leftover 'bitcoin:' URI scheme literals

  PASS  no leftover bitcoind / bitcoin-cli in .md docs
  PASS  no 'Bitcoin' in RPC help strings (HelpExampleCli/HelpExampleRpc)
  PASS  no 'Bitcoin' in Qt tr() strings (user-visible)

  PASS  no "Bitcoin Core" string outside attribution context
  SKIP  test reruns skipped (set RERUN_TESTS=1 to enable)
------------------------------------------------------------------------
  6/6 checks passed
AUDIT RESULT: PASS  [B-2]

5. Common pitfalls

Source filenames like bitcoin-util.cpp. The audit ignores file paths but flags binary-name references in prose. We deliberately do NOT rename the C++ source files to avoid merge churn against upstream Bitcoin Core.
Copyright lines. "Copyright (c) 2009-2025 The Bitcoin Core developers" stays everywhere it currently appears — that is correct attribution and the audit ignores it.
Translation files. .ts / .po / .xlf are auto-generated from the source by the Qt toolchain; the audit excludes them.

6. Source files

The problem in one sentence

A B3Chain release that says "Bitcoin" anywhere a user can see is a trust-destroying bug; a B3Chain release where a "Bitcoin"-named test quietly stops running is the much bigger silent bug.

The theory

Rebranding a Bitcoin Core fork involves two distinct kinds of change:

String changes — every user-facing mention of "Bitcoin" /

bitcoind / bitcoin-cli / bc1 / etc. that should now read "B3Chain" / b3chaind / b3chain-cli / b3.

Behaviour changes — the underlying logic must keep working.

Renaming a class member or a config flag often means a test that referenced the old name now silently doesn't exercise the new one.

Both classes of bug have bitten previous Bitcoin forks. The audit covers both.

Hands-on demo

bash contrib/testing/audit/audit-rebranding.sh

The script does:

Forbidden-pattern grep over src/ and contrib/:

"Bitcoin Signed Message" outside src/test/
bitcoin: URI scheme outside protocol constants
bitcoind / bitcoin-cli in non-historical .md files
tr("...Bitcoin...") in Qt source
allowlist for legitimate references (copyright lines, contrast tables, etc.)

Behavioural regression: rebuilds the project and re-runs the

full unit + functional + regtest simulation suites. Any change in pass/fail counts vs the pre-rebrand baseline is reported.

Hands-on: see the catch

The first time we ran this audit it caught 9 real string regressions that the rebranding pass had missed:

5 Qt tr() strings still saying "Bitcoin" (address book, intro

dialog, GUI utilities, send-coins dialog).

1 RPC error message ("Invalid Bitcoin address" in

rawtransaction_util.cpp).

1 Doxygen project name still set to "Bitcoin Core".
9 contrib README files referring to bitcoind / bitcoin-cli in

command examples.

All fixed in the same commit set as the audit framework. See doc/SECURITY-AUDIT.md "Findings and remediation" section for the full table.

Exercise

Add a string regression: in src/qt/utilitydialog.cpp, change a visible label to mention "Bitcoin":

ui->aboutMessage->setHtml("Welcome to <b>Bitcoin</b> wallet"); // was B3Chain

Re-run:

bash contrib/testing/audit/audit-rebranding.sh

Expected output:

  FAIL  [B-2] forbidden pattern 'Bitcoin' in user-visible Qt string
        src/qt/utilitydialog.cpp:127: setHtml("Welcome to <b>Bitcoin</b>...")
AUDIT RESULT: FAIL  [B-2]

Why allowlists are dangerous, and how we manage them

Some references to "Bitcoin" are deliberately preserved:

Contrast tables: README files that explain B3Chain by reference to

Bitcoin

External URLs: e.g. org.bitcoincore.flathub

These are explicitly allowlisted in audit-rebranding.sh. The risk is that the allowlist grows quietly until it hides real bugs. We mitigate by:

Keeping each allowlist entry on its own line with a comment justifying

it.

Forbidding allowlist additions in the same commit as the change being

allowed (must be a separate, reviewed PR).

Periodically auditing the allowlist itself.

B-2 — Rebranding Regression Audit