The previous official wallet's repository says "Mist and Ethereum Wallet have been deprecated.".
Is it true that the Ethereum foundation isn't providing a wallet software anymore?
Why is that?
I would consider it as quite unsolvable as a user to determine which of the 24 third-party wallets is the most trustworthy, hence I'd prefer to just use one developed by the same people as Ethereum.
I went from mining Ethereum and even releasing a minimal mining GUI for folks who wanted to support PortableApps.com to feeling uneasy about it. I don't even have an ETH client on my PC now, so I can't even access the fraction of an ETH I own. I'll probably ditch ETH donations to PortableApps.com as well.
I was, however, right about everything else. Lee sold all his coins, made a giant pile of money, the value of the coin collapsed to literally fractions -- and has yet to come anywhere close to a recovery.
If Elon sold 100% of his Tesla shares and "stayed a visible and active advocate for electric cars" I'm not sure you'd be as bullish.
No, he didn't run away (he's still very active in the community: https://twitter.com/SatoshiLite) and the foundation wasn't on the brink of bankruptcy.
About the only thing you were right about is that he sold his coins. (According to him the reason was so he could be financially secure and able to focus on the project instead of feeling incentivized to pump the price)
Well, they received $ 18.3 million in crowdfunding , so I would dare to say it's not only "their" resources but also the resources of the community which they're spending, isn't it?
Given that the central thing a user needs to use a cryptocurrency is the wallet it would seem a bit weird to collect $ 18M from their users to develop a cryptocurrency and then not develop the software which the users need to use the currency?
I mean they're a non-profit organization, if they don't hand anything out for the $ 18.3 M then they have profited quite a bit by taking in money but not delivering effectively usable goods from it?
Developing yet another Ethereum wallet when there are so many on the market would be a waste. It’s better for the foundation to provide a list of high quality wallets that already exist.
It's actually quite easy: I opened the websites of all the 24 wallets they list and checked the imprint of each. None says it was developed by the foundation.
> Developing yet another Ethereum wallet when there are so many on the market would be a waste.
> It’s better for the foundation to provide a list of high quality wallets that already exist.
What would you think of me if I raised $18M to build a non-profit children's hospital and then used it to instead build a website which lists children's hospitals which were built by other people, most of which being for-profit companies, some even proclaiming themselves as registered in shady tax-haven countries, and most not even clearly showing where their company is registered?
Now they've delivered the first part of ETH2 today.
I personally prefer the role of the EF as a facilitator more than monolithic employer. And they can (and do) do facilitate in more ways than just handing out grants. It's just they experience has shown that helping out this way for wallet development (or even more generically software development) works better.
To add, they did start out providing the software as you say. After a certain point though, their efforts were outpaced by community effort or business opportunities arising in the Ethereum ecosystem. At this point it took a while for them to figure out what new role to take on with their ("our") funds, eventually settling on what they're doing now.
> It's just they experience has shown that helping out this way for wallet development (or even more generically software development) works better.
Does it really work better from the perspective of a user though?
Because as a user I am now sitting in front of 24 websites which look equally "meh" in terms of trustworthiness (fancy design and huge claims), each of them trying to get me to hand out money to their software (that's what a wallet is about!), and almost all of them seemingly being for-profit companies which avoid listing their address.
A single 1 well-known website (EDIT: I meant wallet, not website) of a non-profit would "work better" for me as a user in terms of trusting my choice to keep my money safe. (If I had any, not buying ETH in this situation :)
> To add, they did start out providing the software as you say. After a certain point though, their efforts were outpaced by community effort or business opportunities arising in the Ethereum ecosystem.
Do you notice that you're actually arguing in favor of my point? :)
You say that their efforts were "outpaced", i.e. they failed. That's not a good thing to yield for $ 18 M :(
> Because as a user I am now sitting in front of 24 websites which look equally "meh" in terms of trustworthiness (fancy design and huge claims), each of them trying to get me to hand out money to their software (that's what a wallet is about!), and almost all of them seemingly being for-profit companies which avoid listing their address.
Yes, I guess that's definitely a disadvantage of the ecosystem growing so much. It's great that that happened, but it also means that the EF does not control everything anymore. They cannot advertise just one solution with so many out there, lest they rub someone the wrong way. But they also can't say nothing either. And then it just becomes very confusing with this information overload for beginners (though I think "list of 24 websites" is a bit of an exaggeration; it's not _that_ bad imo )
I don't think this is entirely new in the world of software though. Generally you then get to things like looking for advice on forums or word-of-mouth, and then there's a guy like me saying "if you're a beginner only wanting to make transactions on Ethereum, get a Ledger Nano X hardware wallet and use their Ledger Live application". And "if you then want to move on interacting with dApps, use Metamask and connect it to your Nano X".
> A single 1 well-known website of a non-profit would "work better" for me as a user in terms of trusting my choice to keep my money safe. (If I had any, not buying ETH in this situation :)
Well, you would definitely know cryptocurrency is a bit different than a website securing your funds. Someone needs to hold onto the private keys. If you're looking for something similar to a bank, then get something similar to a bank (Coinbase?). But this difference (custodial services, private keys, hardware wallet) definitely adds to the barrier one needs to overcome to get started. I would also argue that "1 well-known website" (or 1 major client implementation that then becomes the defacto standard) does not quite fit into the whole "decentralization" aspect of cryptocurrencies, but not everyone cares as much about that.
> Do you notice that you're actually arguing in favor of my point? :)
You could look at it that way I guess ;) Progress is a function of money, and the EF has more to attend to than just software/wallet development. They could certainly blow through all their ("our") money in a year building a super fancy wallet. Or, as has happened, spend a little to jump start the ecosystem, and then comes along not one but multiple better wallets _for free_! None of "your" money was spent on developing these. Seems like a good deal to me, as now "your" money can be spent jump starting other awesome things that no one is paying much attention to yet.
In my book that's not too far off from an "official" ethereum wallet.
Mmh thanks, well security is more relevant to me, but I nevertheless went to their website.
Apparently it's a browser plugin. That's a big security no-no from my side, too much attack surface - sorry.
Hardware wallets are extremely insecure IMHO:
The people who sell them - and many people in their supply-chain! - are handed the very dangerous combination of:
A) Being able to hard-code software into the silicon whose source code you will be completely unable to inspect unless you own an electron microscope and a very large amount of knowledge on hardware reverse engineering. What if the hardware forces the PRNG to be predictable so they can remotely know my crypto's private keys without any internet connectivity whatsoever?
B) Knowing 100% for sure that the device they sell will be used to store money. They don't need to first find victims, they know ALL of their customers can be. It's like writing "MONEY INSIDE" on your house IMHO. Better use a general purpose PC whose vendor doesn't know what it'll be used for.
Then, if you require P2P protocol compatibility, I would say this issue shows that nobody really cares about alternate implementations: https://github.com/btcsuite/btcd/issues/1661
When Btcd was first released, it was pretty capable, and had lots of development. But it has fallen behind, which makes sense. Why would anybody take the risk of trusting that an alternate implementation when it doesn't decide what bitcoin is, in the end? You may have to patch bitcoind a bit to get your desired interface, but that is much less work than maintaining a full P2P and consensus layer.
It is also dangerous to use you a non-standard crypto library. Check this vulnerability, which was caused by LND relying on the btcd project's library: https://lists.linuxfoundation.org/pipermail/lightning-dev/20...
Does that? What I see here is bitcoind adding a new feature that isn't yet implemented in btcd. The new feature uses a different extension mechanism in the p2p protocol (a new message to signal knowledge of a new feature vs using the existing version message bits in the main p2p handshake). That new version of bitcoind also hasn't yet been released, but I'd imagine that btcd will land a fix sooner to permit unknown message types being sent from its PoV.
> Check this vulnerability, which was caused by LND relying on the btcd project's library
Incorrect. The btcsuite libraries we use weren't related to the bug at all. Instead, the bug was introduced by _new_ code which attempted to convert between the fixed 64-byte signature encoding used in the LN Protocol, and the variable sized encoding used in the base Bitcoin protocol. The resulting signatures _were_ valid ECDSA signatures, but didn't adhere to an additional constraint that the Bitcoin system places on this signatures from a mempool policy standpoint. The signatures themselves were still valid from the PoV of Bitcoin consensus, in that they would be included in blocks.
bitcoind doesn't decide what Bitcoin is either: a recent consensus issue introduced for a period of times in _newer_ versions caused it to potentially fork off the "actual" chain. In this instance, btcd was unaffected along with many other implementations and earlier versions of bitcoind.
If there is any way in which different implementations of consensus-critical code behave differently for the same inputs, it can be used to split the network. If you are running a node implementation other than the majority hash-rate reference client, you open yourself up to be potentially vulnerable during the fork. This remains just as true, if not more so with staking instead of proof-of-work.
You can do things to protect yourself like run ALL implementations and shut down if a fork is detected, although properly setting that up is nontrivial and in the end what value is gained? It very, very, VERY rarely makes sense to have multiple reference implementations of consensus code.
I always hated how wasteful and energy-inefficient mining is. Staking reduces energy costs by many, many orders of magnitude. With lightweight clients in development, it is possible to validate chain using Raspberry Pi.
I hope (but don't expect) that some time in the next 10 years Bitcoin will follow. If not, it's just so much CO2 that could have been avoided.
Right now, most of the mining is financed via inflation. But as this comes to an end, eventually, the cost of mining will be borne by anyone making transactions on the network through tx fees.
Somebody has to pay the electricity bill on all these ASICs.
EDIT: One could try to argue that high transaction costs are not a problem because nobody wants to trade bitcoin, people just hodl it. Cool. But if that's what people will do, then the money raised through transaction fees will not be enough to support a sufficient hash rate to protect the network.
I wrote about all this two years ago already: https://www.konstantinschubert.com/2018/11/28/proof-of-stake...
For 'kill' as in 'stops being big and important' I think it's going to happen relatively soon, mostly agreeing with your article. Bitcoin already lost its past domination in users and total fees paid to ethereum, the only missing part is for eth to actually monetize that by fully switching from PoW to PoS. When eth stakers start making even billions annually while btc buyers lose billions annually to mining, btc losing its first place is only a matter of time. After that, PoW is going to be widely discredited and viewed as obsolete.
I'd like to hear from Bitcoin proponents where we are wrong in our thinking. What assumptions are incorrect? Is there a flaw in economic reasoning? If not, what is being done with Bitcoin to address this existential risk for Bitcoin?
Selfish mining is possible, at least for a short period of a time, but sunk costs are eventually sunk costs and you compete for the next block.
That means block rewards plus TX fees need to be greater than the cost of running the network. Block rewards are effectively a tax on existing holders through inflation of supply, but that will go to zero in the long run. As the rewards decreases, TX fees will need to increase, which means the average TX will rise. This will increasingly make using BTC prohibitively expensive unless the block size is increased so as to allow more TX per block.
But if the scenario should arise where revenue no longer covers the costs of being a miner, the whole economic model breaks down. This could even get to the point where going rogue, and attempting to exploit the network with the hash power, could become more profitable for a miner.
The rest of your analysis is correct: as rewards decrease, TX fees may increase. You can also see that due to competition for the limited tps, as seen in 2017.
But this is also exactly why the scenario discussed in the paper is implausible: miners get to pick the transactions with the highest fees for inclusion in the next block. If your transaction is not urgent, you pay the minimum and wait. Eventually, it will be processed - if the expected delay (given the mempool) is not to your liking, you can update the fee with RBF.
But again, it means there will be little variance - just a smooth adjustment, meaning the required condition this whole paper is based on is dead wrong.
About the economic model breaking down, you make 2 mistakes: 1) you fail to account for difficulty adjustments made just for this situation, but even people who do often forgot 2) when revenue no longer covers costs (as say for a factory), the company doesn't immediately give up and fire everybody.
It's industrial organization 101, and due to the difference between short term and long term.
Of course, there is less friction and fewer rigidities with software, and mining equipment could be deployed differently if it was still CPUs or GPUs.
But the genius of ASICs having no alternative use means it can't happen (except maybe switching to another coin with the same algorithm)
Overall, regardless of the situation and what you throw at it, there's no situation I can see where the economic model break - except maybe if miners are tracked and executed on sight by the army? But even then, all it would do is move the mining to another country - or lead to bribes!
Mining is competitive. A miner who shuts down while revenue is less than electricity cost, and starts up again when fees rise, will outcompete a miner who just leaves everything running even while taking losses.
>Figure 2: Illustration of Mining Gaps. Miners will
only mine when the instantaneous expected reward
exceeds the instantaneous cost
This makes no sense, rational actors generally consider discounted future cash flows, not just instantaneous reward. Perhaps the quality of the paper is explained by the researchers following this strategy and only working on 15th and 30th of every month (when their salaries are remitted to their bank account representing an instantaneous reward).
> We also assume that miners always have space to include all available transactions.
This is also a pretty bad assumption. In reality the bitcoin mempool is almost always non-zero as bitcoin has smaller and/or less frequent blocks than many other cryptocurrencies.
This also assumes that miners will be holding enough bitcoin that price increases alone will not only pay for their operations but also cover a reasonable interest in their holdings. It's not logical to think this will happen. And even of it does, you'll be left with only a handful of miners.
I see your point but doesn’t sound like a great pitch.
Flash loans/minting, for example, have turned the markets into the ultimate meritocracy. Anyone - rich or poor - can access up to hundreds of millions of dollars instantly to execute any profitable transaction, no human review or approval necessary. Liquidity pools, introduced by Uniswap, solved many of the problems and risks associated with holding thinly traded assets. Smart contracts have enabled any new project’s tokens to instantly have real value, because in most cases new tokens can only be released to the market by locking ETH into the contract in exchange for the new tokens.
These innovations, along with those that are coming, enable a shockingly large number of new opportunities in the finance world to a much larger audience than ever before. It might be a few years before security, market manipulation protections, etc. are mature enough for mass adoption. But the opportunities that DeFi enables will drive demand for ETH, in a way that today’s Bitcoin simply cannot.
What does this mean? If I'm poor (or rich), why not borrow hundreds of millions of dollars to make some highly speculative trade? If it goes well, I win big; if it goes tits up, the lender loses big (not me).
I'm certain that's an uncharitable reading of your comment - please take it in the spirit of "this is what I'm asking you to explain to me in simpler terms," not as an argument.
This means you can't take the highly speculative trade, you can only go for a sure thing. But if you do have a sure thing, you can borrow as much currency as the lender can provide.
What sort of situation could this be used in? I'm having a hard time truly imagining use without any risk of transaction rollback.
The markets are not currently too efficient for that, and never will be. In fact Uniswap’s entire design depends heavily on arbitrageurs balancing out the markets between itself and other exchanges.
How are the transactions composed, with a smart contract/s, in combination with Dex API’s?
Then you would have a separate program running on your client machine to scan for market opportunities, and when it spots one, have that program send a transaction to your deployed smart contract to initiate the loan and set into action whatever logic you programmed into the smart contract that will yield a profit.
Yes, it’s quite a rabbit hole indeed. It is hard to believe that something like this is even possible, let alone profitable, but it really can be. I have seen single flash loan transactions yield up to $46k in profits. That profit is irrevocably delivered back to you in a couple of seconds.
The inflation curve in Bitcoin is considered sacred. In Ethereum, it's developer whim and EIP approval.
return math.exp(31556926 / 384 * 64 / 31622 / total_staked_eth ** 0.5) - 1
RSK MainNet launched about 3 years ago. Currently, most blocks have no transactions, with 0 gas spent.
But... is it like sports memorabilia at that point, the value is all perception rather than utility and could one day just.. collapse
It's a way of selling BTC for other tokens, extracting and removing its value over time, and instead investing it into DeFi and similar.
Primarily two extremes for how this is done: Centralized, like WBTC (https://coinlist.co/help/what-is-wrapped-bitcoin-wbtc), and decentralized, like tBTC (https://defirate.com/tbtc/)
I always thought the hardwired reward for mining, namely, X btc every 10 minutes, is the cause of Bitcoin's wasting electricity.
The electricity used is roughly proportional to the hashrate, which in turn is roughly proportional to the price of btc -- until the next halving, which I think is more than one year but less than 2 years from now.
These halvings of the reward every 2 years (which occur on a schedule set before Bitcoin was launched all those years ago) will some time in the next 10 years (which is 5 halving, representing a reduction in the reward by a factor of 2 * 2 * 2 * 2 * 2 == 32) or 12 years bring the Bitcoin network's electricity usage down low enough that a reasonable person will no longer avoid Bitcoin out of worry that it is bad for the global climate.
Note that this mining reward doled out every 10 minutes is not a transaction fee. E.g., neither of the transacting parties (i.e., neither the sender nor the receiver) pays it.
So tell me again what will eventually kill Bitcoin.
> Right now, most of the mining is financed via inflation. But as this comes to an end, eventually, the cost of mining will be borne by anyone making transactions on the network through tx fees.
> Somebody has to pay the electricity bill on all these ASICs.
This is just wrong.
If the award available to miners decreases due to lack of inflation they will use less power-consuming hardware.
If that still results in loss due to electricity cost then miners will leave the market until the amount of miners in the market is equal to the amount of tx-fees available.
In other words: This is a market with supply and demand. If one decreases the other also goes down until they're balanced. It won't just make the market disappear!
So even if almost nobody was willing to pay any tx-fees and there was no inflation then Bitcoin would still be running. It may just move back to running in the background on consumer hardware which was bought for other purposes instead of having giant mining data centers.
This also means that mining isn't going to infinitely waste energy:
The demand for energy cannot go higher than the offer of tx fees / block reward.
So there is a finite upper boundary to Bitcoin's power consumption. I think a finite upper boundary is enough to justify its existence, the precise value of such a constant is arbitrary so you might as well not waste your time in arguing if it is too high or too low and instead be happy that there IS a boundary :)
Those tools don't work in this chain death scenario of dwindling hash rate.
Satoshi's coins are always uneffected in case of a reorg. So if everyone else's who have never transacted since the reorg.
Chain reorg's are usually temporary even in chains with low security budget.
Congrats to the Eth folks though, this really was a big undertaking.
Doing the same for Bitcoin would be very hard, and if it simply follows Ethereum's footsteps, then it is unclear why even use Bitcoin.
But -- I hope we see this fork sooner rather than later. Bitcoin miners will have no economic incentive to capture back the CO2 produced.
Ethereum is built to a spec. That's why the different client developers had to coordinate their work. This is not the case with Bitcoin. There, the official client is the de-facto spec you have to comply with if you develop another client.
The bigger problem is that the current narrative of Bitcoin heavily discourage hard forks.
Transitioning to PoS would be a social task with Bitcoin, not a technical one. Also note that Ethereum was promised from the beginning to transition to PoS, they just didn't expect to take this long.
If the Bitcoin developers would push for a POS hard fork I would expect the chain to split into a POS and POW version but which version would become the canonical Bitcoin would be up for debate.
ETH is still on PoW and will continue to be on PoW for many more years.
- If people pay high effective tx fees, it's shit because, well, it's expensive.
- If people pay low effective tx fees (through lightning or block size increase or whatever) then, as soon as inflation ends, the money won't be enough to pay for a sufficient hash rate.
This means hash rate will be low compared to the market cap, and the necessary capital for a double spend attack may be worth it.
Maybe it’s all less of an issue because bitcoin will develop a network of trust that can replace the block chain.
But then, why not go with something like Stellar right away.
Bitcoin solves the need for third parties in the financial system. That's it, it's not meant to be some eco currency - never was.
Where's the validation that the current financial system needs to have its energy needs reduced? Bitcoin cuts out the energy requirements of all the countless third parties, for a start.
POS is a joke.
I don't have numbers (I suspect it's impossible to do a true apples-to-apples comparison), but I feel like Bitcoin still likely fails by this metric. I recall reading a year or so ago that Bitcoin was using the same amount of electricity as a small developer nation. I expect the other financial systems use more than that in total, but consider that these other financial systems handle orders of magnitude more transaction volume, and include a lot more services than Bitcoin does.
> We can just use renewable energy sources long term.
Renewables aren't free. It costs time, effort, and energy to build the infrastructure (solar panels, windmills, etc.), not to mention caustic chemicals for some of these, which do have negative environmental effects. Maintenance has costs, as does eventual replacement. The land required to house these production farms also is not free.
Yes, the energy produced by renewables is obviously much much cleaner than that produced by other means, but they still have costs.
The very core of Bitcoin is PoW.
any scaling solution or consensus change that doesn't retain this important feature wouldn't be bitcoin, just another fork. potentially could go from PoW as long as supply is not inflatable it could still be considered Bitcoin (depending on whether users switched to the new version or not)
GP is correct. The Bitcoin community is fiercely conservative, and a proposal to switch from PoW to PoS would be met with about as much scorn as a proposal to increase the total supply.
Ethereum, on the other hand, has never had any strong attachment to PoW -- quite the opposite, really. Switching to PoS has been a major goal since the early days of the project.
What about Ripple/XRP or Stellar? I mean, I'm not a fan of it but they've been doing a non-proof-of-work chain since 2012.
Not true. Cardano has been operational with PoS since early 2020. And it’s staking process is much more straightforward and user friendly.
It doesn't damage the environment if used with solar power or an energy source that isn't damaging to the environment. In other words, it isn't necessary that it damages the environment.
Is it wasteful when you use the elliptical machine or tread mill? It is a tragedy that energy is being wasted in such magnitude in gyms around the world?
"I don't know how to communicate this, or even if it is possible to do so... but the question of justice has concerned me greatly of late. And so I say to any creature who may be listening: There can be no justice, so long as laws are absolute. Life itself is an exercise in exceptions."
As far as smart contracts are concerned; they're hardly "contracts", but you probably already knew that. Even Vitalik Buterin regrets calling them that way .
- Every system will be gamed, no exceptions.
- It is impossible for the architects of any system to imagine all the ways it will be gamed.
That's why it's not possible to create fixed laws that are just. Inevitably someone will find a hack that turns the intent of the law around while remaining true to its letter.
This seems to be what dooms both pure libertarian capitalist schemes and pure socialist command economy schemes. In the former case there is not enough structure to contain exploits and no recourse when someone finds a good scam. In the latter case it's impossible for central planners to imagine the results of their plans when they are exposed to opportunistic economic agents. The fatal flaw in both ideologies is their dogmatism. It causes them to fail to adapt when flaws and exploits in the rule system are inevitably found.
- people aren't assholes
- all involved parties can audit blockchain transactions
- all involved parties are programmers and can audit a contract written in an esoteric programming language
- all involved parties voluntarily agree to be bound by these contracts despite the fact there's no way they can be enforced
Maybe I'm misunderstanding, but I don't think ETH contracts count on humans doing anything.
However, if you want to use services or exchange goods, then people are involved.
A simple example: person A requests goods or services from person B. According to Ethereum website, "Customers have a secure, built-in guarantee that funds will only change hands if you provide what was agreed." Person B provides goods/services. Person A says no goods or services were provided. The assumed guarantees turn out to be fiction.
Here's a real world example. A typical contract between a supplier and a chain store common in many parts of the world goes something like this:
- supplier provides goods on a continuous basis
- the chain store pays for goods once every three months
In the real world this contract is enforceable by, well, centralised laws of the respective countries. If the chain store reneges on payment, it can be taken to court and forced to pay.
In case of "smart" contracts, well, keep sending goods for three months in the hope that you get paid.
> To be clear, at this point I quite regret adopting the term "smart contracts". I should have called them something more boring and technical, perhaps something like "persistent scripts".
> I do think that persistent scripts controlling assets compete with the legal system on some margins, but so do locks on doors. So IMO it's wrong to equate them with a specific philosophy of law privatization.
Then, as I said, it's just a very slow and ineffecient API and protocol.
However, to quote ethereum's marketing material 
--- start quote ---
Ethereum allows you to move money, or make agreements, directly with someone else. You don't need to go through intermediary companies.
Customers have a secure, built-in guarantee that funds will only change hands if you provide what was agreed.
--- end quote ---
This directly involves people. With all the issues described above.
On their dapps page  currently:
- Foundation. Buy, trade, and sell unique digital artwork and fashion from some incredible artists, musicians, and brands.
- PoolTogether. Buy a ticket for the no-loss lottery.
- Augur. Bet on outcomes of sports, economics, and more world events.
All this involves people and the belief that they will honor their end of the deal.
I think the current lowlevel framework is fine, because it's allowing different projects to explore how to introduce flexibility back into the system at a higher level -- but because it's being done at the level of a project within the Ethereum ecosystem, each approach can live & die on it's own, without risking the entire ecosystem on one approach.
The main set of coding patterns I've seen all center around deploying contracts which act as an "upgradable proxy" -- an immutable frontend contract, which can be redirected to point to another contract that does the actual work.
This "redirect" usually can only be done via txn signed by an "admin" account, which may be a single anon -- or it may be something more complex, like MakerDAO or Aave.com, where any updates are proposed by the dev team, but have to be approved by on-chain governance votes. Said votes in turn literally have $$$ staked on-chain to properly motivate them to make things work. There are also time-locks on many of these updates, giving users a last chance to run for the hills if governance does something malicious / stupid.
The nice thing about that structure is that it also allows governance to let in updates which compensate users for mistakes or exploits at a meta-level, all without violating the underlying immutability of the smart contract bytecode.
It's a pretty rapidly evolving space, and I'm sure what I described won't resemble the final form in even a few years.
I think it's really great to see that there is a way to introduce justice and flexibility on top of an immutable system, rather than making the system itself become mutable. This allows the immutability of the lowlevel system to act as a source of trust between anonymous groups, that they have to act within some immutable set of ground rules, while then re-introducing the flexbility on top, so humans can act like humans when mistakes occur.
Put another way: how good is a smart contract if it’s easy to create a deceptive one?
But establishing agreement with another human means I have to establish a common language with them, then work out what we're agreeing to, then establish some set of mutual trust between us (usually involving some form of identity verification, even if it's a "who are you on twitter?" level of thing). And then we perpetually have to track that the other person's incentives haven't changed outside of the contract in such a way that violating it would be more profitable. The effort involved in all of that scales very poorly, especially from the service provider's perspective.
On the other hand, if someone wishes to operate in good faith, their incentive is to make the smart contract as simple as possible, and as amenable to independent verification from outside parties (as well as theorem provers).
And no one has to worry about establishing mutual trust with the other person, or that they'll just change their mind in the future. Even if a contract is upgradable, if you only choose to work with ones that are either immutable, or require a timelock / voting period before changes take effect, you (collectively all the consumers of the contract) know your margin of safety.
And that margin of safety is provided because you can trust the base layer is itself immutable and secured. Whereas with risk mitigation through bonds etc, who is the trusted third party we mutually agree to hold our deposits? how do each of us trust that third party isn't in league with one of us? (I trust the "Certified Bank of Nigeria In England", but do you?).
That's the core bit that a smart contract platform like Ethereum provides -- a base layer for establishing mutual trust in objective terms. You can build whatever manner of agreements on top of such a base layer, but if the base layer isn't there, each separate agreement (expensively) requires the two parties find some common ground.
At least for any contract in which "everybody" is reasonably defined, known upfront, and finite.
The switch to eWASM would greatly improve security, efficiency and perhaps allow a diversity of languages to be used on Ethereum. It should be a matter of exposing the appropriate primitives to call other contracts, generate log events, write to the store and so on.
 For instance, see a PR that reduces codegen from 55K to 1.6K bytes on an innocuous contract https://github.com/vyperlang/vyper/pull/1488
 I'm guilty of it too; https://github.com/ActorForth/evm-assembler/blob/master/docs...
Your evm-assembler looks pretty interesting. It's crossed my mind before to write an evm Forth, just for fun, and the lack of a return stack so far has dissuaded me.
eWASM does look interesting, though!
Seems like there's discussion of scrapping the whole phase 2 "execution environments" and just allowing heterogenous execution on rollups.
As blockchain tech goes, Ethereum always seemed the most interesting.
Last but not least, full eth2 turns eth into a positive yield asset, a share in ethereum (real income depends on fees paid by users - ethereum already dominates).
To not overhype, the current launch is really an incentivized testnet only for PoS itself - real ethereum still runs on PoW as it was. It's important because it shows that after long delays eth2 is finally starting to happen, and because consensus itself is like a car that can drive without transporting anything or anyone - not very useful at the moment, but changes required to make it useful are relatively small compared to building the car from the ground up.
Uh, why do you say that?
The security of PoS in fact ought to be much LOWER than the security of PoW:
The goal of requiring proof of work is that you cannot just send multiple versions of the same transaction into different areas of the network to double-spend your money - because you need to commit work for producing a block, and due to consuming energy you can't fake that.
Well, you can compute two (or more) blocks in parallel, but then you'll spend half of your available CPU (or ASIC nowadays) cycles on each block, thus cutting your speed in half. So the non-malicious competitors on the network will produce more blocks meanwhile because they're not splitting their computation power, and thus your fake blocks will get invalidated because they're on the shorter chain.
With PoS on the other hand you can create as many fake blocks as you want and spam them to the network. The only security is the hope that the random network topology arbitrarily results in the double-spending blocks arriving at the targets under attack after the other blocks arrive.
But if you run thousands of nodes on the cloud and thus have better network connectivity than the victims you can make your double-spend blocks arrive first at the victims.
- PoW: Relies on physical limits, you need to have physical hardware and physical energy to conduct an attack.
- PoS: Relies on the network connectivity of the attacker being hopefully worse than the connectivity of the non-malicious network. Who can guarantee that? Nobody.
Last but not least, there's no way to delete PoW attacker's gpus, but hostile stake is always going to be slashed. Asic pow chain can be forked - once - to a gpu pow, but that's it, and after that there's no recourse to sustained attacks. This property virtually guarantees that no attack against PoS with slashing is ever going to happen.
What defends against the attacker configuring his nodes to just not relay the blocks which slash his deposits, by having a majority in the network connectivity, and thereby convincing victim nodes that he in fact is the victim of false slashing because the victims will only discover the slash-claims much after the attackers "valid" blocks?
Or in other words:
Isn't the slashing mechanism also reliant upon mere hope that the network topology randomly happens to be in favor of non-malicious peers?
when a PoW block is mined, there's no way to know how much hidden equipment is out there mining a parallel chain, which could suddenly appear and take over with more accumulated work. You hope the malicious actor doesn't have 51%, but there's no way to actually prove that they aren't out there.
with PoS on the other hand, the set of validators who are voting on a block is known many blocks in advance. so say a malicious validator has X% of the voting power on a given block: he can't refuse to relay the other votes, because it will be obvious to all other nodes that he only speaks for X%, and what he's broadcasting lacks quorum, because the other (100-X)% votes are missing.
Whereas the other (100-X)% group will be actively broadcasting that they're slashing his stake; and if (100-X) has quorum, those votes will be accepted as valid by all the nodes on the network, regardless of what the malicious actor decides to broadcast.
TLDR: under PoW, silence is assumed to be absence of dissent, since number of miners out there is unknown. Whereas under PoS, silence still allows proving lack of quorum (since the voters are known well in advance), so censorship doesn't let a malicious validator legitimize their vote.
>and thereby convincing victim nodes that he in fact is the victim of false slashing because the victims will only discover the slash-claims much after the attackers "valid" blocks?
It's not possible for 'false slashing' to occur, because slashing requires presenting conflicting votes.
>Isn't the slashing mechanism also reliant upon mere hope that the network topology randomly happens to be in favor of non-malicious peers?
topology doesn't matter in this case, 2/3+ consensus is asynchronous. 2/3 of stake is required to finalize blocks, so the attacker would finalize his own chain without slashing.
There are some ideas about 99+% proof consensus which rely on topology and nodes being online (which means they can observe that censorship is happening) but it's not currently implemented. Eventually I expect it to happen, making attacks a practical impossibility, by coupling asynchronous 2/3+ consensus guarantee with synchronous 99+% guarantee, effectively automatically coordinating anti-censorship forks.
There are probably many botnets of IoT devices with 10x that many nodes, aren't there?
So a single botnet could probably ensure that a target victim has the majority of peer connections to the attacker.
If I understand it correctly, you are now saying that someone would DDOS the entire gossip network, completely halting any more production of blocks so that their slashing doesn't go through?
We're not even talking about "nothing at stake", or anything having to do with PoS anymore. We're just talking about a massive DDOS of an entire network. Node operators in PoS networks, as well as Bitcoin, have ways of dealing with DDOS which are the same as how anyone deals with it, and I don't need to get into them here.
If someone was able to overcome these DDOS mitigations and completely prevent a PoS network from receiving any legitimate transactions, they could do this to Bitcoin as well.
Who will record this "evidence" to the blockchain? Anyway there will be two versions of the blockchain. In one of them attacker's stake was not slashed and there is no any "evidence" of his malicious actions.
Not sure what these two versions of the blockchain you're talking about are. Signing two blocks at the same height with the same chain id is the slashable offense. It doesn't matter what's in them.
If the attacker wants to have his own blockchain off in the corner where he has all the money, nobody cares.
Really?! One version is "Vitalik's fork" and another one is "non-Vitalik's fork". Which one of them is a valid chain? Any idea?
Assume the attacker is Vitalik and there an "evidence" of his attack. Who will dare to slash him? Vitalik won't include this evidence into "Vitalik's fork". If Vitalik wants to have his own blockchain, nobody cares, isn't it?
Also, I'm not sure why you and the other commenter are so argumentative about this. There are several PoS networks out there such as Cosmos, Tezos, etc, holding more than a billion dollars. If there was an issue, someone would have hacked them by now.
Is that a link to an article from a peer reviewed academic journal?
> There are several PoS networks out there such as Cosmos, Tezos, etc, holding more than a billion dollars. If there was an issue, someone would have hacked them by now.
I'll give you a hint: "slashing" is not a thing that sustains security of these networks.
In proof of stake, mining equipment and electricity consumption is replaced by the cryptocurrency itself. You put up your currency as a bond, get rewarded more for running the network, and lose your bond if you misbehave.
The other big advance for ETH2 will be sharding, so each node doesn't have to process every transaction. But that's not the part that launched today.
A new virtual machine for smart contracts (EWASM instead of EVM) giving better contract analysis options, and possibly higher sync speeds due to optimisations.
Also, sharding - so multiple jndependent blockchains, that should fix the scalability.
If I’m not mistaken, this release is not yet a full blown new chain, but just a partially functional one, designed to test stabiloty and safety.
Disclaimer - I’m a bit out of loop, so I meay be slightly wrong somewhere.
The roadmap has changed for the phases after this launch so that Eth1 contracts and the Eth1 chain can run on Eth2 so that the past years of Eth1 development are not thrown away.
Reading on the roadmap: https://ethereum-magicians.org/t/a-rollup-centric-ethereum-r...
Disclaimer, this roadmap is valid as of today Dec 1st 2020 but it might have change a couple of months from now.
I wouldn't mind staying with EVM, since EWASM doesn't seem to offer much significant improvement (static jumps only, really).
- scaling issues (it can't be used as a currency if this isn't fixed)
- power issues (would be nice if we didn't create a huge pointless energy sink if we could avoid it)
- the amount of footguns in ethereum (I think the language is too permissive)
It looks like this solves at least 2 of the three!
The other part, which is on Ethereum mainnet already, is a layer-2 idea called rollups, which store transactions on chain in a very compressed format without losing security guarantees. There are several rollup systems, capable on today's Ethereum of doing 1000 to 9000 simple tx/sec.
Once both systems are live, total capacity will be 20K to 100K tx/sec, not counting the quadratic improvements.
On the research side, there's also work to make data validation more efficient by replacing merkle trees with something more compact, like polynomial commitments. That would add another 10X factor to rollup scaling.
Regarding footguns, people are working on more rigorous languages than Solidity that still compile to the EVM. So far their compilers aren't as solid so they don't get much production use yet.
Anything more than ~3000 tx/sec will be a game changer and maybe ethereum will finally deliver on the promise of usability as currency.
Not 100% sure what ETH is using here but there is a mechanism.
If someone would want to fake timestamps, they would need to deviate from the protocol and would thus not be on chain.
Here is how they sync:
Assuming they describe the BeaconBlocks mentioned here:
Also, which effect would an increased difficulty have?
It would seem to be a way to avoid the rich-get-richer aspect because hiring people wouldn't make sense - they'd get more value going it alone, so existing capital has reduced influence.
Obviously there is no nation that backs its currency value for an objectively "good" common cause - every nation probably only thinks within her interest for most of the time. If you want to create such an institution which can print money backed by the values you like - then the answer is much more political than technical, and the crypto algorithms alone wouldn't help you in achieving that.
I was merely talking about replacing proof of work with a human step rather than something computed. Intellectual labour (such as to plug our gaps in AI) moreso than physical. Answer a quiz when you buy a coffee or sit there for a few hours to mine coins while analysing a corpus. Something like that.
I saw that some exist, I don't know how relevant they are.
If it is useful then it won't be secure because it would be free to "hash". The mechanism has to be costly. Proof-of-work is in many ways proof-of-waste. If tomorrow we find out that hashing is profitable then everyone can start hashing and be able to attack the chain for free (subsidized by the usefulness). Only the hash power above the useful level can add security.
Now that the launch has succeeded, I will stake some of my Eth. As more people do that, APR will fall.
Poo, minimum 32 ETH or at current prices $19k. This reinforces my dislike of staking. Only making the already rich richer. Keeping lesser ETH holders out of the profit.
But who am I kidding; if I magically had 32 ETH to stake I'd probably feel differently.
i.e. can an ETH holder somehow delegate a pool to be able to stake with that ETH but not spend it?
The trick is that as the pool leader, you have to put up a 16 ETH stake and other participants pool together to make up the other 16 ETH.
If you misbehave as the pool leader, your 16 ETH is the first to get slashed.
They published a blog post this week talking about how they are pushing back their roadmap until the Eth1/Eth2 merge, though.
Their proof of concept was working great on testnets.
You can't do anything with Eth2 that is locked. Some pool staking services offer a token for each ETH staked, but you can not use the staked ETH.
Using staked ether in the defi ecosystem will be possible once withdrawal and smart contract functionality is enabled. Until then, there are liquid staking services that offer eth2 derivatives that can be used in defi, as you point out.
What distinguishes Bitcoin from most cryptocurrencies is that a) It has a (relatively) simple goal -- sound money -- and thus less attack surface; and b) Its community is fiercely conservative, to the point that major changes to Bitcoin (e.g. increasing the total supply) are completely off the table. These properties inspire confidence, making Bitcoin a much safer bet than any other cryptocurrency.
The narrative that is often pushed forward is that they have different use cases. Bitcoin is a limited-supply store of value (analogous to precious metals). BTC blockchain isn't well suited for quick transactions, but it is the blockchain that is the most robust and secure. Ethereum, being Turing complete, provides an ecosystem on which other applications can be built.
Both are valuable because of their universally recognized scarcity and value. If you want to put your wealth in a SoV cryptocurrency, Bitcoin is the clear schelling point.
Ether will remain competitive with BTC, it may even flip it in market cap, but I doubt Bitcoin will ever go away.
I don't think taxes justify the value of a state currency, otherwise the value would fluctuate wildly when close to tax season.
Ethereum's mining fees exceed Bitcoin's:
That would mean it has better long-term security prospects than Bitcoin, as security is proportional the revenue earned by validators.
That's why I said that Ethereum's long-term security prospects are better. Its mining fees have exceeded Bitcoin's and with the multi-pronged efforts to further scale Ethereum - that are vastly more promising than Bitcoin's - there is a high likelihood of these fees further increasing their gap with Bitcoin's.
As long as speculation is the main thing going on in crypto, BTC is king, since it is purely speculative, has the best name recognition, and doesn't try to hide that fact.
It's different from a conventional bank account, because there the returns are (theoretically) coming from the bank loaning it to entrepreneurs to buy factory and farming equipment and create value.
You could however be morally against earning interest through others speculating. In that case you could still earn better interest by just by being USDC-sUSD LP on curve.fi.
if one entity somehow manages to control over half to the total ETH tokens, does this enable an attack analogous to bitcoin's 51% problem (which happens when one miner controls over half of the network's raw cpu power)?
Also, see this tweet from Vitalik: https://twitter.com/VitalikButerin/status/130129808602782105...
So even if there was a successful first attack from some organised body that's all the time they get.
I'm not sure that's correct (the tweet doesn't get into any details so I went to ethereum's website https://ethereum.org/en/developers/docs/consensus-mechanisms...)
> The threat of a 51% attack still exists in proof-of-stake but it's even more risky for the attackers. To do so, you'd need to control 51% of the staked ETH. Not only is this a lot of money but it would probably cause ETH's value to drop. There's very little incentive to destroy the value of a currency you have a majority stake in. There are stronger incentives to keep the network secure and healthy.
The keypoint seems to be that if your attack fails your stake gets destroyed so besides the positive incentives (a good stable network working for all) this system also relies on punishing failed attacks.
A 51% staker who just censored transactions could hold out longer. If the problem were severe, the community would have to decide whether they want to manually fork off the attacker. The equivalent for PoW would be changing the hash function.
Gaining 51% can be more expensive to do on PoS than on PoW. If 10% of the tokens are staked, you need to accrue another 10% of the total market cap. On PoW, if the annual inflation rate is 2%, the hardware is good for two years, and half the mining cost is electricity, then the total value of mining equipment is only 2% of the market cap, and that's how much you'll have to spend to get 51%. (If miners are rentable, then much less for a brief attack.)
The community will notice and can decide to do a hard fork of the network where they "delete" the attackers coins.
So the network would have experience a hickup, but the hacker has lost billions of dollars worth of ETH and can't attack anymore.
This is different from Proof of Work & Bitcoin. If an attacker gets 51% of the "mining power" (physical hardware), there's nothing the community can do to "delete" their hardware.