Controlling 51% of all staked ETH is enough to launch some attacks, but the cost of the attack is way way higher than in PoW. The gist of it is that the community can reach a new consensus in which the malicious majority staked funds simply don't exist anymore. This means any single attack costs a lot of money, and there's a well-known recovery process to negate the attack and penalize the attacker.
Wouldn't this require a fork? I believe as eth gains adoption, forking will become less possible. I say this because asking big vendors/payment processors don't really have an incentive to change. Is there a way to do this, without forking the chain?
It's indeed a fork. Ethereum has shown to embrace forking as the tool of choice to update their own consensus, thanks in part to the lesson learned with Bitcoin, where the lack of incentives to change the consensus have resulted in extreme conservatism that prevents most changes. Ethereum has the Ice Age built into their PoW algorithm, ensuring consensus has to be renewed periodically. I'm not aware if there exists a PoS equivalent to this.
I don't think Ice Age protocol solves our problem, especially in a PoS setting. Ice Age tries to incentivize a move by raising difficulty till its unprofitable, the only equivalent I can see is decreasing interest rates for staked tokens. But once someone is in control of the chain, they just have to be clever about stealing stuff without raising too many alarms. I believe more drastic measures will need to be taken and consensus will need to be made between actual humans and no protocol can help with this.
"Stealing stuff" is not possible. All this time we've been talking about subtler avenues of attack such as delaying or banning transactions, or overpowering and replacing some of the blocks at the top of the chain.
Proposed blocks must conform to the rules. If not, bad faith actors can get their stake slashed by anyone else. Anyone doing anything outside that framework is not following consensus. Whatever they are doing, is not Ethereum. I'm not fully up to date on what could happen if part of the stakers keep on doing that, but I think that the result of that kind of contested fork would be that each part would be able to slash the funds of the opposing part in their own consensus. In short, it results in a split, with the good faith actors in one side. After that split, the good faith actors would now control 100% of the staked funds.
Btw, you're absolutely right on your last sentence. Consensus was and is always a social contract between humans. The protocol is just a neat way to distribute it.
Hmm... I was not aware that is how slashing works. So basically slashing would spontaneously result in a forked chain. At that point, how do people choose which chain to follow? Is that where human interaction comes in? As in, if enough people choose to follow one chain, that is the truth now. Even if people are running some nodes which follow other chains. Does this mean people who control the nodes are actually the ones who hold power?
Edit: BTW, isn't this what stealing a token would be?
> overpowering and replacing some of the blocks at the top of the chain.
People choose their chain by choosing the software they run on their standard (non-mining, non-staking) nodes. Dishonesty requires custom-made software.
Regarding "stealing a token": remember that even in the case a block gets replaced by another, both have to be valid blocks, containing valid transactions. This is why the most famous attack is a just a "double spend attack" and not any kind of money steal. Problems with tokens, that is, transactions that run arbitrary code, happen due to bugs in such code, not because of fundamental issues with the protocol.
This is the bit I don't understand. A block is a set of transaction information which is chosen by the miner/staker. What's stopping them from just making it up? It will still be a valid transaction.
I can't reply to your last comment, we're at the limit of comment nesting :)
Transactions are signed using public key cryptography. A miner can't modify a transaction present in the pool or make it up. Transactions need to be correct in order to be part of blocks.
This was the best conversion I have ever had about this topic. Now everything seems a bit more clear. Basically the only transactions we can "make up" is from wallets we already control because we will have the keys for it.
reply