
Miners Aren’t Friends - vinnyglennon
https://blog.keep.network/miners-arent-your-friends-cde9b6e0e9ac
======
MrBingley
Can someone explain to me how on earth Ethereum is still a thing? People have
lost hundreds of millions of dollars in the Ethereum ecosystem, many due to
basic flaws in the "Solidity" language. For example, last November $280
million was frozen in Parity wallets because function visibility defaults to
external rather than internal (see the previous HN discussion here[0]). Just
for fun, I was looking through the Security Considerations[1] in the Ethereum
docs, and here are two so-called "minor details":

\- In `for (var i = 0; i < arrayName.length; i++) { ... }`, the type of `i`
will be `uint8`, because this is the smallest type that is required to hold
the value `0`. If the array has more than 255 elements, the loop will not
terminate.

\- The `constant` keyword for functions is currently not enforced by the
compiler. Furthermore, it is not enforced by the EVM, so a contract function
that "claims" to be constant might still cause changes to the state.

WTF?! Trivial loops won't terminate to due (unchecked) integer overflow, and
the `constant` keyword does nothing? It's a complete gong show. I'm not
touching anything to do with this language with a 100 foot pool. Is the hype
bubble just that big?

[0]
[https://news.ycombinator.com/item?id=14807779](https://news.ycombinator.com/item?id=14807779)

[1] [https://solidity.readthedocs.io/en/develop/security-
consider...](https://solidity.readthedocs.io/en/develop/security-
considerations.html)

Edit: Oops, it looks like I'm mixing up my multi-million dollar screw-ups.
First in July $30 million was stolen due to the "public is default" debacle,
and then _the fix_ for that problem introduced another bug (the developers
forget to call the `initWallet` function), which lead to the $280 million
being frozen in November[2]. Holy crap.

[2]
[https://news.ycombinator.com/item?id=15642856](https://news.ycombinator.com/item?id=15642856)

~~~
Bromskloss
Does Ethereum's existence hinge on Solidity? Isn't Solidity just a language
that one can compile to the lower-level language actually built into Ethereum?

~~~
masklinn
Solidity is the official language, part of the ethereum project, and pretty
much all you get when you look for how to develop eth contracts, unless you
specifically exclude mentions of solidity. Then you get Ivy (prototype & for
bitcoin not eth) and Pyramid Scheme.

So I'd say yeah, technically not but practically it is.

~~~
Pxtl
Wait, there's a scheme variant for Eth called Pyramid Scheme? That is the best
programming language name ever.

~~~
weavie
[http://www.michaelburge.us/2017/11/28/write-your-next-
ethere...](http://www.michaelburge.us/2017/11/28/write-your-next-ethereum-
contract-in-pyramid-scheme.html)

"Pyramid Scheme is implemented using the appropriately-named Racket."

~~~
cat199
could have used larceny as well..

[http://www.larcenists.org/](http://www.larcenists.org/)

------
runeks
> Again, let’s design a simple smart contract. This time Alice wants to play a
> guessing game. Alice puts 5 Ether in her contract. That ETH goes to the
> person that guesses closest to the number she’s thinking of. Alice calls
> commit with the hash of the number, so she can’t change her mind. Anyone
> else can call guess to submit a guess. After 2 blocks Alice calls reveal to
> tell everyone what the number is.

This scheme is not unsafe because of miners. Transactions are public. As soon
as Alice’s “reveal” message is published to the network, _everyone_ can submit
guesses using the revealed number. And miners are incentivized to include
whichever transaction pays the highest fee, which means the transaction fee of
the guessing transactions published after the “reveal” transaction will
converge with the prize sum.

Alice’s commit transaction needs to specify some block height after which
further guesses are ignored, and then publish the “reveal” message some (safe)
number of blocks after this.

~~~
xucheng
> Alice’s commit transaction needs to specify some block height after which
> further guesses are ignored, and then publish the “reveal” message some
> (safe) number of blocks after this.

I think this is unsafe as well. Noted that since everyone can verify the real
answer, there is no point for Alice to reveal it. As a result, as soon as
anyone submits the correct answer, the miners can cheat and replace the answer
as their own.

After some degree of thinking, I find that it is quite difficult to design a
secure smart contract such guessing game. I haven’t find a way can fulfill all
following security properties: (a) the Alice has to pay for the first person
who finds the correct answer; (b) that person can only collect reward after
showing the the correct answer; and (c) the miner cannot cheat.

I wonder if anyone has a solution for the above problem. Also, if such
solution exists, we can actually use it to implement the RSA challenge [1] in
smart contract.

[1]:
[https://en.wikipedia.org/wiki/RSA_Factoring_Challenge](https://en.wikipedia.org/wiki/RSA_Factoring_Challenge)

~~~
zaat
You can solve that with additional step: 1\. Alice send the challenge. 2\. You
submit the answered, encrypted. 3\. After you verify that your answer was
included in a block, you post the private key you used for the encrypted
answer. 4\. Profit

~~~
xucheng
I think the miner can cheat in step 3. After you submit your private key as a
transaction, the miner can delay it to be included in the blockchain for
arbitrary time. During which, the miner can use your private key to decrypt
your answer submit in step 2. And resubmit their version of the answer.

~~~
zaat
That won't help him much, since my answer is already published in the
blockchain when he will publish his answer.It is trivial to see that my answer
was published first.

------
anigbrowl
IT's capitalism in its purest form. The work done is work n the physical sense
of production, but from a labor perspective it ends up as a constant rote of
attrition and self negation - people gt interested in coins to make a quick
buck and take it easy, but either drop or spend all their time, energy, and
money racing for a slice of the pie while producing little of value - in this
case, trust tokens which may or may not turn out to be valuable later. The
rewards always go to people who were there early and had excess capital to
spend on buying, or could mine easy pickings and then let someone else take
over the grind.

Oddly the mining analogy reminds me most of Eve Online, which has a
professionally tuned in-game economy and where you basically have a graphic
representation of everything mentioned in the article, including the tedium
and energy of mining, the endless technological arms race (designed to make
you invest as much time as possible or buy credits to leapfrog other players),
and pointless destruction of wealth - intra-player conflict is where most of
the action and excitement is because the exploratory aspect of the game is
only as interesting as it yields new technology that gets recycled back into
the arms race.

Perhaps the solution is a medium of exchange that doesn't use absolute units,
but is a function of your ability to pay.

~~~
rphlx
> a medium of exchange that doesn't use absolute units, but is a function of
> your ability to pay.

This is already implemented in many areas of modern life, especially by
governments (Obamacare, progressive taxation, social security, etc), and it
has a major negative side effect of incentivizing poverty: either real (by
encouraging the young to work as little as possible) or faked (by encouraging
those with accumulated wealth to conceal it as much as possible).

~~~
lsc
yes, if we take away the "he who does not work, neither shall he eat"
incentive[1] people will work less. Is that good or bad? depending on your
ideology, it could be either one. Do you think that it's ethical to threaten
the poorest with starvation to add a few points to our gdp?

My own personal view is that using starvation to incent work is acceptable
only if society is unable to produce enough food for everyone; in that case,
those few points to the GDP have real impact. I personally don't feel that
it's okay to use starvation to incent work when that work largely produces
luxuries, but that's just me, and everyone has an opinion on this one.

[1]Interestingly, historically this aphorism has been a leftist saying... that
is, the rich should have to work, too. Leaving aside my controversial views of
the bible, in more recent history, John Smith used it to this meaning in
Jamestown, and then in the early 20th century, Lenin argued that it was a
fundamental principle necessary for socialism to work. Both were talking about
situations were people were starving (the early days of Jamestown and the
early days of the Russian revolution, respectively) More recently, it's used
as a rightest saying, arguing that the poor ought to work or starve, something
that was the assumed truth in earlier ages.

~~~
bzbarsky
> I personally don't feel that it's okay to use starvation to incent work

I think most people would agree with you on that one. And the fact that people
in "rich" countries are still food-insecure is horrible.

One problem is that there isn't a clear bright line between "starvation" (in
the sense of malnutrition) and "nutritious but not very tasty food" and
"nutritious and tasty but not very pretty food". And you can keep going in
that vein to things like "not having a flat-screen tv", say, which I think
most people would classify as quite different from "starvation". But there
isn't an obvious cutoff point on the way.

Oh, and what we consider sufficiently nutritious today may not be so
considered tomorrow. Both literally (at some point nutrition science
discovered vitamins and then trace minerals, etc), but people nowadays also
get into arguments about whether internet access is a fundamental right like
food or a luxury. And whether personal transportation (e.g. cars) is a
fundamental right. What will people think about access to a self-driving car
50 years from now: luxury or fundamental right?

In practice, what we consider below-acceptable standards of living (which we
as a society need to subsidize until they reach acceptable levels) are a good
bit higher than what was considered totally acceptable 50 years ago. That's a
natural consequence of society growing richer, of course and I would say it's
a _good_ thing.

But here's the question that bothers me: Had we frozen per-capita production
at 50 years ago levels, while subsidizing living standards to a level above
the 50-years-ago acceptable minimum but below the today acceptable minimum,
such that vast numbers of people today would be forced to live below what we
consider an acceptable living standard today, would that be a net gain? In the
short term, clearly yes (we subsidized people at a higher level). In the
medium term (to today), it seems clear to me the answer is no. In the longer
term (200 years from now, say), I have no idea.

It's hard to tell even post facto, much less a priori, whether we're over-
subsidizing or under-subsidizing to achieve maximal happiness. And that's even
if we can all agree on a timeframe. Combine that with the fact that different
people already have different definitions of what constitutes minimum
acceptable living standards, and it becomes very hard to apply ethical
considerations to this problem in a principled way. :(

------
DINKDINK
>Ethereum is a decentralized platform that runs smart contracts: applications
that run exactly as programmed without any possibility of downtime,
censorship, fraud or third party interference.

Except that ethereum is lying when they say this. The DAO contract was
nullified and censored. The Ethereum Foundation and the DAO team were bailed
out and had preferential treatment.

~~~
anjc
And how was the contract nullified exactly?

~~~
robert_davidson
It was replaced with a new contract via a hard fork. Doing so was the right
move, by far, but purists loathe the move.

~~~
anjc
I was partially being facetious :) But you said it precisely, it was via a
hard fork, which was agreed upon in a democratic fashion. The person I was
replying to was suggesting that transactions were simply revoked from
Ethereum-HQ, which is far from the case.

------
rhaps0dy
The title of the piece is "Miners aren't your friends", implying that the
interests of miners and the reader differ. However, the title of the HN
submission is "Miners aren't friends", which implies that the interests of two
separate miners diverge.

We should probably change the title to match the original one.

~~~
scott_karana
Agreed, I was frustrated at that too.

------
cjbprime
Nice article! Here's another type of failure with its solution:

* You want to register a domain name on the blockchain and associate it with your address, so you submit "register foo".

* The miner sees it, and inserts an earlier transaction registering foo to them instead.

Solution:

* You register the _hash_ of foo, which registers the plaintext encoded by that hash, then wait until the transaction is accepted publicly and submit a second transaction that reveals to everyone the plaintext of the hash that you registered.

The miner could still try to guess at which name you're registering based on
the hash (by having a long list of potential names to hash just in time), but
I can't think of a way to do better than that. Anyone else?

~~~
bdr
You register the hash of domain+seed. Second transaction reveals both.

~~~
SimonPStevens
Couldn't someone else then simultaneously register the hash of the same domain
with a different seed? Neither of you would know of the duplicate until you
revealed your seeds.

~~~
pbhjpbhj
What's the chances of simultaneous transactions? (That's a question, not a
snarky statement).

~~~
Tepix
There aren't any. That's what the article was about: The order of the
transactions in a block.

~~~
pbhjpbhj
Sorry I shouldn't perhaps have said transactions - the parent asks what to do
with simultaneous requests for to reserve a unique unduplicable good, it was
the simultaneity of identical requests I was asking about rather than the
impossible simultaneity of processing the blockchain transactions.

------
JohnJamesRambo
Almost all miners use a mining pool so wouldn't have access to these tricks.
The pools on the other hand...

I used to have an Ethereum mining operation, before it became unprofitable to
do so. It was one of the most fun ventures of my life. All the cards and
enormous heat and fans exchanging outside air in. It felt like I was part of
something futuristic and new, solving problems I had never had experience with
before. I miss it very much, I wish it could have gone on forever.

~~~
doctoboggan
If you have modern cards you can still mine with one of the services that find
the most profitable algorithm for you.

I use NiceHash and have historically made about $2/day per GTX1070. This past
month though I've been making more that double that.

EDIT: Use this site to find out if your cards will be profitable considering
your energy costs: [https://www.nicehash.com/profitability-
calculator](https://www.nicehash.com/profitability-calculator)

I do want to leave one important caveat. NiceHash was recently hacked and
anyone who left their money in their online NiceHash wallest lost it. They
recently came back online and claimed they have a plan for paying people back
and will give more details at the end of this month. That being said they have
paid me for my mining since the hack. If you do use them I'd recommend
withdrawing to wallets you control as often as possible.

~~~
corford
I don't understand the economic argument for personal mining (I totally get it
from a fun, geeky PoV if making money isn't the primary goal - it's how I got
started in crypto).

A GTX1070 costs about $800. At $4/day, it will take you 200 days to make back
your principle (ignoring power costs, difficulty scores going up etc. - in
reality it will obviously take you even longer to cover your costs).

If you had put that same $800 in to buying ETH (picked because it's a
relatively safe, "boring" coin) on 1st July, 200 days later (or 7 months) it
would have been worth $2,140 (yielding a $1,340 profit per card equivalent
cost invested - note I'm using ETH price on 1st Jan 2018 and not including the
recent growth to a new all time high). And the profit will likely x5 (or more)
this year if you hold on to your ETH.

~~~
AlwaysBCoding
If you're buying stuff on darknet markets it's nice to be able to do it with
freshly mined coins that don't have transaction histories associated with
them.

~~~
wk2jkhkjdfglsl
This would only apply to solo-mined block rewards. If you use a mining pool,
there is a coin trail through the pool. The pool likely has the IP address
records of your miners and can link these to your payout transaction.

Mined coin is only just a little less traceable than exchange purchased coin.

------
pbhjpbhj
>"In this way, Proof of Work forces miners to constantly re-invest revenue."
(the OP) //

Classic capitalist view. It's not that miners are forced to reinvest, if all
miners were satisfied with the _status quo_ then it could continue and each
miner would get the same returns - depending on the structure of the system,
greater demand could even drive hash value up.

But miners aren't satisfied, they want more, and new miners want a go at
picking from the money tree. So the available pickings get higher up (require
more resource expenditure). In theory, and often practically, it drives
optimisation. Ultimately the return should be so low as to match safe
investment returns.

It seems it should be possibly to design a system such the the coin holders
can effectively own the means of hash production, which would keep value in
the system.

~~~
andybak
> Classic capitalist view

I would consider myself center-left and I think you're confusing "capitalism"
with "realism".

Any political system that requires altruism towards strangers is doomed.
Altruism grows out of community - and requires consequences for "bad"
behaviour to some degree. Tragedy of the Commons and all that.

~~~
deft
Capitalism demands constant growth. His usage fits perfectly. Center-left
means you are a capitalism supporter and makes no difference. Claiming the
capitalist mode of production is "realism" is really you trying to say
capitalism is natural.

~~~
andybak
Before I answer that, could you clarify your definition of "capitalism"?

(Genuine question)

------
blunte
Some of these issues do seem concerning, but most wouldn't be profitable
unless every miner was doing it (because the impact on one of these malicious
behaviors will be felt in a later block).

Unless you're lucky enough to mine two blocks in a row, I don't see how you
can gain directly from malicious transaction reordering. You'll consume the
first retrieve fee, but the second retrieve will be in a later block (which
you probably won't mine).

I'm not saying this is ok, but I'm also not sure this particular situation is
worth the effort to exercise.

Transaction insertion, however, sounds like it would be very effective for the
case presented. On the other hand, how big a deal are "guessing game" dapps?

You can sum all this up by saying, "consolidation of mining power can be used
to exploit the network at the cost of non-miners". But consolidation is a
problem for reasons beyond just these examples.

Finally, if a network becomes so corrupt, people will move to a different
cryptocurrency (which will lower the value of the corrupt network). Thus, the
bad actors would be taking small short term gains at their own cost of long
term survival (especially when considering sunk costs in hardware).

~~~
shadowfiend
Full disclosure: tech lead on Keep (the project whose blog this is posted to),
and the post is by one of our advisors.

It might not be worth the effort when volume is low, but if you have a highly-
used set of contracts susceptible to this, there will be a stronger incentive
to take advantage of them. With high volume, if you do it only occasionally,
you can gain an edge without necessarily revealing network corruption (unless
someone is looking for it). Additionally, this kind of careful misbehavior can
lead to consolidation---by allowing some clever miners to gain enough of an
advantage to continually grow their operation.

Note also that only the most basic transaction reordering gains solely from
transaction fees. Transaction insertion requires no further blocks, and forced
errors can be used to subsidize miner transactions (rather than simply to gain
later on). Lastly, censorship has more than economic advantages, depending on
the underlying application.

If the whole network becomes corrupt, people will move; however, there's a lot
of room between "enough malicious transactions to cause a problem" and
"network is so corrupt people are leaving", particularly if a chain is
popular. Indeed, if a chain is popular, "just leaving" is not necessarily an
immediate option. The important thing is that, as a developer for a given
chain, you want to make sure you're aware of these pitfalls (whichever ones
apply to your chain---many will apply across many chains) so you can design
around them. More than many platforms, building for public chains require
adversarial thinking. Or perhaps better put, they _should_ require adversarial
thinking. It's easy to forget that when you're getting started.

This is even more true when you're building components that you intend others
to build on, which is what we're doing. That's what motivates the interest we
have on our team in these kinds of concerns. We feel they're important to
share as development on public blockchains gains greater visibility, interest,
and therefore new developers.

~~~
UncleEntity
> and forced errors can be used to subsidize miner transactions

Sure, you _can_ error out a transaction but what gain is to be had over just
being a 'rational actor' and collecting the transaction fee rather than giving
your rivals a potential payday?

Unless they have an _extremely_ high probability of mining the follow-on
transactions this attack seems to have a very low (or even negative) benefit.

Though I would posit that if this attack were ever consistently profitable the
system would have a much bigger problem to deal with.

------
ggregoire
Miners are surely not gamers’ friends. All high end cards have been sold out
for weeks. They are now completely overpriced ($1300 for a GTX 1080 Ti).

~~~
cookiecaper
Are people now moving on to nvidia cards for mining? I haven't followed
closely for several years, but back in the day, it was all about AMD because
nVidia's chips were much less efficient at this type of work.

If nvidia is now in demand for mining, are people going for that because AMD
is nowhere to be found and they're just going for the next-best thing, or has
nvidia gotten better at this?

~~~
dave7
The latter. Less efficient, but in the current market still pennies on the
dollar as far as nVidia efficiency goes.

------
bfsg
So many false assumptions in this post. As if only 1 miner is trying to mine a
block. There is simply no way to know whether you or someone else is going to
mine that specific block, it's totally random.

> There are two ways to increase mining profitability: generate more revenue,
> or reduce expenses.

No. There are more ways. Mining the right coin at the right time and selling
it at the right time for example.

Mining has a lot of common ground with investing in the stock market. It's not
that simple.

------
scyclow
It seems like a lot of these problems are due specifically to using proof of
work. Do any of these problems go away with other consensus algorithms? I
would at least expect that miners wouldn't have as much incentive to
arbitrarily cause errors if they were using something like proof of stake.

Also, how easy is it to detect that miners are doing these things? If it's not
terribly difficult, then maybe a federated system would iron out some of the
wrinkles?

~~~
mhluongo
They do! But usually they get shifted elsewhere. While he was working on this
post James and I discussed how PoS might yield stronger incentives to DoS
rivals and get an advantage, since some of these other optimizations (attacks?
Unclear) will be unavailable.

Edit: Regarding detection, of course- but I'm not sure detection lends itself
to a general solution outside name-and-shame. Most of these are things
developers should code defensively against.

Disclosure: lead at Keep, edited this piece

------
bsenftner
Can any explain how the economics of mining does not promote the creation of a
miner monopoly, aka a "miner Amazon". Once a single entity controls mining,
Game Over: the economy is owned.

~~~
tinco
You are answering your own question. Suppose someone would invest billions in
obtaining a mining rig that single handedly achieves 51% of the mining power
of the network, then he effectively kills that network, and makes his
investment worthless.

There's a reason the valuations of Bitcoin and Ether waiver every time it
seems a pool is coming close to 51% mining power, it's because everyone is
scared of what happens when that happens.

In the real world, I think miners approaching 51% of mining power is an
accidental and temporary thing. It means that the coin is overvalued, and
investors are over investing in mining operations. As the article states, the
amount of profit these operations turn really isn't that big. They're
operating on thin margins, and operations going bankrupt is not unheard of.

There's simply no reason to go and "own" the network. Best case, you'll turn a
loss, worst case, you destroy the network and lose your entire investment.

~~~
plantsbeans
If you can keep your majority a secret, you can avoid the devaluing scenarios.
The trick is to use the majority only when you need to, and to avoid
detection.

------
caf
Another instance of this is if you managed to build a business around a
particularly profitable contract or set of contracts, the nature of which
requires you to regularly post maintenance transactions of some sort.

If you get big enough and profitable enough, the miners will have an incentive
to specifically refuse to include your maintenance transactions unless you
include a large transaction fee - in other words, market segmentation for
transactions.

------
JonasJSchreiber
As someone who has a couple rigs mining 24/7 I would say he’s looking at the
profitability of mining wrong. Personally I don't reinvest my mining profits
in more mining equipment. There's a hard cap on how much amperage can be
delivered to my house, and I have no interest in interfering with my daily
appliances.

As far as when does it becomes profitable to play games with consensus? Never.
Most miners mine using pools like suprnova, ethermine, and nanopool. I don't
have control over whether we are appropriately confirming transactions or not,
but it would be pretty unwise for my pool to start violating consensus.

------
nspassov
To my limited understanding of Ethereum and Bitcoin, the network already has
rules in place to punish nodes that misbehave or cheat. In the case of
Bitcoin, that is part of layer 1 so it is independent of any application
layers and thus it should always be at the core of the network.

With PoS cheating is likely to become a bigger issue [1], since with PoW the
miners who get punished will have wasted their time and electricity.

Would be great to hear comments from more knowledgable people.

[1]
[https://twitter.com/hugohanoi/status/951762596255838209](https://twitter.com/hugohanoi/status/951762596255838209)

~~~
barbegal
Proof of stake doesn't work in practice unless we can find a source of
randomness that is globally available, non-influencable and everyone can agree
on [1]. At the moment, that source of randomness is completely elusive. It
might be possible to create a random source from some form of binary
astronomical event which can be widely verified but it would have an
incredibly low bit rate of new randomness. One possible candidate is randomly
nulling pulsars [2]. Unfortunately, the equipment required to observe this
phenomenon is probably not widely available outside of large observatories.
Having said that the costs would still be lower than the energy costs of the
Bitcoin network.

[1] [http://www.truthcoin.info/blog/pos-still-
pointless/](http://www.truthcoin.info/blog/pos-still-pointless/)

[2] [https://arxiv.org/abs/1706.05407](https://arxiv.org/abs/1706.05407)

~~~
RoboTeddy
Can imagine a protocol for generating randomness to some arbitrary security
level (at the expense of locking up security deposits):

(1) Anyone can decide to become a 'randomness provider' by putting up a large
security depsoit

(2) Every epoch (some number of blocks), each provider chooses a private
random number and commits to it by publishing its hash

(3) During the next epoch but, each provider publishes the random they
committed to earlier.

(4) xor together all the random values. The result is a pseudorandom number
everyone can agree on, and which should be sufficiently good for many
applications include PoS selection __

If any provider fails to publish the random number they committed to, they
lose their security deposit and there is no random value provided for the
associated epoch. The process starts over.

If you're worried about bribing attacks over all providers, recognize that all
we need is a _single_ altruistic provider to keep the system safe. Altruistic
behavior may be rare compared to selfish behavior, but I think we can usually
rely on its nonzero presence.

If you're still really worried that collusion could be going on amongst ALL
randomness providers, just become a provider yourself.

 __It 's possible for a provider to wait for all other providers to reveal
their values, and then privately determine whether or not the final random
value would be favorable to them; they then have the option of canceling the
epoch by keeping their private value hidden and losing their security deposit.
This option (in combination with a particular application, and the size of the
security deposit of providers) puts a bound on what the random value can be
safely used for (e.g., if it's for a lottery, the expected value of another
truly random swing at the jackpot has to be lower than the value of a security
deposit).

~~~
konschubert
> If you're worried about bribing attacks over all providers, recognize that
> all we need is a single altruistic provider to keep the system safe.
> Altruistic behavior may be rare compared to selfish behavior, but I think we
> can usually rely on its nonzero presence.

You also need to be sure that the others don't ignore the single altruistic
source.

In a byzantine system, you can't distinguish if somebody is offline or if the
others are silencing him.

~~~
RoboTeddy
> You also need to be sure that the others don't ignore the single altruistic
> source.

Well sure, but the code people run listens to all the providers. Everyone is
listened to automatically. That's part of the social consensus encoded in
software. If you don't follow along, you end up on your own fork. That's how
these systems work — e.g, you also need to make sure that people don't
"ignore" the consequences of failed hash checks throughout a cryptocurrency
codebase.

It would be quite possible to run your provider on a machine hidden somewhere,
and inject your transactions to nodes at random points in the network. It'd be
pretty tough to silence someone directly.

Miner censorship attacks, e.g. a 51% attack, are also possible (i.e., all
miners, or a sufficient majority, refuse to mine your tx until the epoch
ends). This kind of censorship threat is always present for all kinds of
transactions; in theory they're particularly pernicious for protocols like
this one that require a tx to be submitted by a deadline. But no one is
claiming that these systems are completely invulnerable to a misbehaving
majority of miners or validators.

------
abecedarius
The LeastAuthority audit of Ethereum gas economics in 2015 brought up this
issue of transaction reordering: [https://github.com/LeastAuthority/ethereum-
analyses/blob/mas...](https://github.com/LeastAuthority/ethereum-
analyses/blob/master/GasEcon.md)

(They also pointed the issue that led to the DAO hack and recommended "value
reverts to the sender upon exception".)

------
thisisit
Miners have proven to be unreliable. F2pool has been accused of manipulating
Status ICO:

[https://steemit.com/ethereum/@dhumphrey/f2pool-
manipulates-u...](https://steemit.com/ethereum/@dhumphrey/f2pool-manipulates-
usd1-2-million-on-the-ethereum-blockchain-during-the-status-im-ico)

------
pmontra
Aren't all of those scenarios covered by fraud laws? Obviously one should be
able to provide evidence that an actual miner willingly reordered transactions
to get paid twice. I don't know if this is possible (gathering the evidence.)

~~~
Tepix
Miners are not required to put anything into a block in any particular order.
If you don't like what they are doing, stop paying them.

------
CloudYeller
Do these vulnerabilities affect BTC? Is there any unbiased source of security
reports on all the various coins?

~~~
wk2jkhkjdfglsl
Not exactly because bitcoin only supports a few simple transaction types --
Pay to Public Key, Pay to Public Key Hash ('standard tx'), Pay to Script Hash,
Pay to Public Key Witness Hash, Pay to Script Witness Hash.

These are only serial dependent -- ie: A pays B, B pays C. You cannot reorder
and still remain valid.

The security of the standard tx is the strength of the public key hash
function RIPEMD-160. The security of Pay to Script Hash is finding a valid
SHA256 collision with OPCODES.

The witness variants are a new tx format that uses less space (aka segwit).

The attack is simply a Denial of service, an attacker can block a tx. So if A
pays B was never included in a block, B could never pay C.

------
moon_of_moon
Just a miner inconvenience.

------
hashkb
Sounds like insider trading is built in fundamentally. Should help legitimize
ETH on Wall Street.

~~~
throthro
COuld you elaborate on builtin insider trading?

------
ShabbosGoy
Looks like the author of this piece is not aware that proof-of-work is
antiquated and essentially obsolete.

There are way better methods to achieve distributed consensus, like Hashgraph
or even proof-of-stake.

Edit: The critique that if the blockchain is slow, your Dapp will be slow is
fallacious as well. You can mitigate that using side chains.

