Hacker News new | past | comments | ask | show | jobs | submit login
Ethereum 2.0 launches (twitter.com/ethereum)
629 points by 0x64 45 days ago | hide | past | favorite | 606 comments



Eth2 dev here, maintainer of https://github.com/prysmaticlabs/prysm, one of the implementations currently running the blockchain written in Go. This has been a monumental effort. There are 3 other implementations in mainnet, and consensus is running perfectly. Few other protocols in blockchain have more than one dominant implementation. The beauty of eth2 comes from its efficiency in signature aggregation: https://twitter.com/technocrypto/status/1330150362427387910. This tweet thread summarizes the importance of the technology used.


Hey, I tried figuring out what the most recent official Ethereum wallet is, but the wallets which the website lists all seem like third-party ones.

The previous official wallet's repository says "Mist and Ethereum Wallet have been deprecated.".

Is it true that the Ethereum foundation isn't providing a wallet software anymore?

Why is that?

I would consider it as quite unsolvable as a user to determine which of the 24 third-party wallets is the most trustworthy, hence I'd prefer to just use one developed by the same people as Ethereum.


Honestly, I'm in the same boat. I have the full Bitcoin, Litecoin, and Dogecoin core clients installed and with a full blockchain on my PC. With Ethereum, I always found the base client much buggier than the others (browser-based apps do that). And now, it's just 'pick one of these 24 random wallets'. Really?

I went from mining Ethereum and even releasing a minimal mining GUI for folks who wanted to support PortableApps.com to feeling uneasy about it. I don't even have an ETH client on my PC now, so I can't even access the fraction of an ETH I own. I'll probably ditch ETH donations to PortableApps.com as well.


Sorry for the tangent but isn't litecoin and dogecoin one and the same now? Why separate clients?


Nope one was started as a joke and the other one, the founder sold literally his entire holdings at the top of the market for $600/LTC, 8x current price (and ran away to an island somewhere, I assume) years ago, leaving the foundation on the brink of bankruptcy - the bankruptcy claim which to be fair they denied in 2019. Smart man!


Honestly I'm surprised the coin is still around after that. What exactly does LTC bring to the table to support it's position as a top 5 cryptocurrency?


Not sure where you get your facts, but Litecoin all-time-high was around $360. The founder, Charlie Lee, stayed and is still a visible and active advocate for litecoin to this day.


My bad, I was wrong about the peak price (this was just from memory, and that was almost 4 years ago -- however no excuse for not looking it up).

I was, however, right about everything else. Lee sold all his coins, made a giant pile of money, the value of the coin collapsed to literally fractions -- and has yet to come anywhere close to a recovery.

If Elon sold 100% of his Tesla shares and "stayed a visible and active advocate for electric cars" I'm not sure you'd be as bullish.


> I was, however, right about everything else.

No, he didn't run away (he's still very active in the community: https://twitter.com/SatoshiLite) and the foundation wasn't on the brink of bankruptcy.

About the only thing you were right about is that he sold his coins. (According to him the reason was so he could be financially secure and able to focus on the project instead of feeling incentivized to pump the price)


It is not and never was


They use the same mining hardware, but they are not the same chain.


With the advent of hardware wallets, and so many competing wallets/interfaces out there (tailored to different user bases), I feel it makes little sense for the Ethereum Foundation to pour their own (human) resources into this. They will support the ecosystems as necessary though, e.g. Metamask got funding way back in 2016.


> I feel it makes little sense for the Ethereum Foundation to pour their own (human) resources into this.

Well, they received $ 18.3 million in crowdfunding [1], so I would dare to say it's not only "their" resources but also the resources of the community which they're spending, isn't it?

Given that the central thing a user needs to use a cryptocurrency is the wallet it would seem a bit weird to collect $ 18M from their users to develop a cryptocurrency and then not develop the software which the users need to use the currency?

I mean they're a non-profit organization, if they don't hand anything out for the $ 18.3 M then they have profited quite a bit by taking in money but not delivering effectively usable goods from it?

[1] https://en.wikipedia.org/wiki/List_of_highest-funded_crowdfu...


It’s odd to accuse the Ethereum Foundation of not delivering and it would be hard to back that claim.

Developing yet another Ethereum wallet when there are so many on the market would be a waste. It’s better for the foundation to provide a list of high quality wallets that already exist.


> It’s odd to accuse the Ethereum Foundation of not delivering and it would be hard to back that claim.

It's actually quite easy: I opened the websites of all the 24 wallets they list and checked the imprint of each. None says it was developed by the foundation.

> Developing yet another Ethereum wallet when there are so many on the market would be a waste.

> It’s better for the foundation to provide a list of high quality wallets that already exist.

What would you think of me if I raised $18M to build a non-profit children's hospital and then used it to instead build a website which lists children's hospitals which were built by other people, most of which being for-profit companies, some even proclaiming themselves as registered in shady tax-haven countries, and most not even clearly showing where their company is registered?


The Ethereum Foundation's purpose is to fund and coordinate the building of the protocol and infrastructure surrounding it. That does include funding of wallet developers which it has done in the past but it's better for the ecosystem and decentralization if there are lots of high quality wallets instead of one default wallet everyone uses.


A better analogy would be, it's a fully-functioning hospital but they don't provide their own shuttle service, you have to arrange transportation to the hospital yourself.


They delivered ETH1 on July 30 2015, with several clients including Geth which is still popular today. That covered their promise to presale investors. They also made the Mist wallet/GUI, which was ultimately abandoned because competitors were better.

Now they've delivered the first part of ETH2 today.


I guess I shouldn't have put the "human" in parentheses. I did give an example of how the EF is spending their money on development of the ecosystem though, hoping that'd make it clear what I meant. I even chose a grant to a wallet as the example.

I personally prefer the role of the EF as a facilitator more than monolithic employer. And they can (and do) do facilitate in more ways than just handing out grants. It's just they experience has shown that helping out this way for wallet development (or even more generically software development) works better.

To add, they did start out providing the software as you say. After a certain point though, their efforts were outpaced by community effort or business opportunities arising in the Ethereum ecosystem. At this point it took a while for them to figure out what new role to take on with their ("our") funds, eventually settling on what they're doing now.


Thanks for your further reply! :)

> It's just they experience has shown that helping out this way for wallet development (or even more generically software development) works better.

Does it really work better from the perspective of a user though?

Because as a user I am now sitting in front of 24 websites which look equally "meh" in terms of trustworthiness (fancy design and huge claims), each of them trying to get me to hand out money to their software (that's what a wallet is about!), and almost all of them seemingly being for-profit companies which avoid listing their address.

A single 1 well-known website (EDIT: I meant wallet, not website) of a non-profit would "work better" for me as a user in terms of trusting my choice to keep my money safe. (If I had any, not buying ETH in this situation :)

> To add, they did start out providing the software as you say. After a certain point though, their efforts were outpaced by community effort or business opportunities arising in the Ethereum ecosystem.

Do you notice that you're actually arguing in favor of my point? :)

You say that their efforts were "outpaced", i.e. they failed. That's not a good thing to yield for $ 18 M :(


How does being a non-profit make their product more secure?


(I have no clue how to reply when the depth is reached)

> Because as a user I am now sitting in front of 24 websites which look equally "meh" in terms of trustworthiness (fancy design and huge claims), each of them trying to get me to hand out money to their software (that's what a wallet is about!), and almost all of them seemingly being for-profit companies which avoid listing their address.

Yes, I guess that's definitely a disadvantage of the ecosystem growing so much. It's great that that happened, but it also means that the EF does not control everything anymore. They cannot advertise just one solution with so many out there, lest they rub someone the wrong way. But they also can't say nothing either. And then it just becomes very confusing with this information overload for beginners (though I think "list of 24 websites" is a bit of an exaggeration; it's not _that_ bad imo [0])

I don't think this is entirely new in the world of software though. Generally you then get to things like looking for advice on forums or word-of-mouth, and then there's a guy like me saying "if you're a beginner only wanting to make transactions on Ethereum, get a Ledger Nano X hardware wallet and use their Ledger Live application". And "if you then want to move on interacting with dApps, use Metamask and connect it to your Nano X".

> A single 1 well-known website of a non-profit would "work better" for me as a user in terms of trusting my choice to keep my money safe. (If I had any, not buying ETH in this situation :)

Well, you would definitely know cryptocurrency is a bit different than a website securing your funds. Someone needs to hold onto the private keys. If you're looking for something similar to a bank, then get something similar to a bank (Coinbase?). But this difference (custodial services, private keys, hardware wallet) definitely adds to the barrier one needs to overcome to get started. I would also argue that "1 well-known website" (or 1 major client implementation that then becomes the defacto standard) does not quite fit into the whole "decentralization" aspect of cryptocurrencies, but not everyone cares as much about that.

> Do you notice that you're actually arguing in favor of my point? :)

You could look at it that way I guess ;) Progress is a function of money, and the EF has more to attend to than just software/wallet development. They could certainly blow through all their ("our") money in a year building a super fancy wallet. Or, as has happened, spend a little to jump start the ecosystem, and then comes along not one but multiple better wallets _for free_! None of "your" money was spent on developing these. Seems like a good deal to me, as now "your" money can be spent jump starting other awesome things that no one is paying much attention to yet.

[0] https://ethereum.org/en/wallets/


Just use Metamask!


Thanks, what distinguishes it from the other 23?


Metamask is built by ConsenSys, the largest (and oldest?) company developing on Ethereum, and was founded by Joe Lubin (co-founder of Ethereum).

In my book that's not too far off from an "official" ethereum wallet.

https://consensys.net/about/


It has the highest dapp compatibility


> It has the highest dapp compatibility

Mmh thanks, well security is more relevant to me, but I nevertheless went to their website.

Apparently it's a browser plugin. That's a big security no-no from my side, too much attack surface - sorry.


What you really want is a hardware wallet(trezor) that hooks into metamask. That way you have the usability of the plugin without the risk that it can take all your money


Thanks.

Hardware wallets are extremely insecure IMHO:

The people who sell them - and many people in their supply-chain! - are handed the very dangerous combination of:

A) Being able to hard-code software into the silicon whose source code you will be completely unable to inspect unless you own an electron microscope and a very large amount of knowledge on hardware reverse engineering. What if the hardware forces the PRNG to be predictable so they can remotely know my crypto's private keys without any internet connectivity whatsoever?

B) Knowing 100% for sure that the device they sell will be used to store money. They don't need to first find victims, they know ALL of their customers can be. It's like writing "MONEY INSIDE" on your house IMHO. Better use a general purpose PC whose vendor doesn't know what it'll be used for.


Trezor is open source, and you could generate your recovery seed on a computer and import it onto your hardware wallet. I believe Ethereum and some other cryptocurrencies prefer to use deterministic signatures on transactions, so in theory it's possible to check that all of the signatures generated by the hardware wallet match the expected deterministic signatures so you can know that the wallet isn't secretly leaking information through the signatures it's generating.


LOL.


I remember Satoshi's old posts where he claimed that Bitcoin Core was the only viable full implementation of the Bitcoin protocol since it had too many quirks to be efficiently standardized and reimplemented. I wonder if that's still true.


It would be disingenuous to claim that the Bitcoin protocol is only defined by the consensus layer.

Then, if you require P2P protocol compatibility, I would say this issue shows that nobody really cares about alternate implementations: https://github.com/btcsuite/btcd/issues/1661

When Btcd was first released, it was pretty capable, and had lots of development. But it has fallen behind, which makes sense. Why would anybody take the risk of trusting that an alternate implementation when it doesn't decide what bitcoin is, in the end? You may have to patch bitcoind a bit to get your desired interface, but that is much less work than maintaining a full P2P and consensus layer.

It is also dangerous to use you a non-standard crypto library. Check this vulnerability, which was caused by LND relying on the btcd project's library: https://lists.linuxfoundation.org/pipermail/lightning-dev/20...


> Then, if you require P2P protocol compatibility, I would say this issue shows that nobody really cares about alternate implementations

Does that? What I see here is bitcoind adding a new feature that isn't yet implemented in btcd. The new feature uses a different extension mechanism in the p2p protocol (a new message to signal knowledge of a new feature vs using the existing version message bits in the main p2p handshake). That new version of bitcoind also hasn't yet been released, but I'd imagine that btcd will land a fix sooner to permit unknown message types being sent from its PoV.

> Check this vulnerability, which was caused by LND relying on the btcd project's library

Incorrect. The btcsuite libraries we use weren't related to the bug at all. Instead, the bug was introduced by _new_ code which attempted to convert between the fixed 64-byte signature encoding used in the LN Protocol, and the variable sized encoding used in the base Bitcoin protocol. The resulting signatures _were_ valid ECDSA signatures, but didn't adhere to an additional constraint that the Bitcoin system places on this signatures from a mempool policy standpoint. The signatures themselves were still valid from the PoV of Bitcoin consensus, in that they would be included in blocks.


> Why would anybody take the risk of trusting that an alternate implementation when it doesn't decide what bitcoin is, in the end?

bitcoind doesn't decide what Bitcoin is either: a recent consensus issue introduced for a period of times in _newer_ versions caused it to potentially fork off the "actual" chain. In this instance, btcd was unaffected along with many other implementations and earlier versions of bitcoind.


This is still true (and is just as true of Ethereum, whether the devs on that project think of it as true or not). There is at least one instance in the past where the network has forked based on the (unspecified) behavior of bitcoind, and a couple more close calls where such forking behavior was properly reported and fixed before triggering.

If there is any way in which different implementations of consensus-critical code behave differently for the same inputs, it can be used to split the network. If you are running a node implementation other than the majority hash-rate reference client, you open yourself up to be potentially vulnerable during the fork. This remains just as true, if not more so with staking instead of proof-of-work.

You can do things to protect yourself like run ALL implementations and shut down if a fork is detected, although properly setting that up is nontrivial and in the end what value is gained? It very, very, VERY rarely makes sense to have multiple reference implementations of consensus code.


There are a number of alternative full node implementations, such as btcd.




Congrats to you and everyone else! Really cool stuff here :)


I am incredibly happy about this. It's the first step for a major cryptocurrency towards ledger security that does not damage the environment via mining.

I always hated how wasteful and energy-inefficient mining is. Staking reduces energy costs by many, many orders of magnitude. With lightweight clients in development, it is possible to validate chain using Raspberry Pi.

I hope (but don't expect) that some time in the next 10 years Bitcoin will follow. If not, it's just so much CO2 that could have been avoided.


Eventually Proof of Work WILL kill Bitcoin - but I have to admit this may be decades out in the future.

Right now, most of the mining is financed via inflation. But as this comes to an end, eventually, the cost of mining will be borne by anyone making transactions on the network through tx fees.

Somebody has to pay the electricity bill on all these ASICs.

EDIT: One could try to argue that high transaction costs are not a problem because nobody wants to trade bitcoin, people just hodl it. Cool. But if that's what people will do, then the money raised through transaction fees will not be enough to support a sufficient hash rate to protect the network.

I wrote about all this two years ago already: https://www.konstantinschubert.com/2018/11/28/proof-of-stake...


Define 'kill'. ETC has been 51% attacked multiple times and it still exists. It's very possible some people are going to mine btc on their personal hardware even in 2100. The only caveat is the difficulty adjustment algorithm, as it's potentially possible for btc to become stuck at an extremely high difficulty.

For 'kill' as in 'stops being big and important' I think it's going to happen relatively soon, mostly agreeing with your article. Bitcoin already lost its past domination in users and total fees paid to ethereum, the only missing part is for eth to actually monetize that by fully switching from PoW to PoS. When eth stakers start making even billions annually while btc buyers lose billions annually to mining, btc losing its first place is only a matter of time. After that, PoW is going to be widely discredited and viewed as obsolete.


Everything I know about cryptocurrencies makes me think you and parent are completely right, and PoW cannot work without inflation (or even with very low inflation, that does not justify the cost of running hardware in the absence of transactions). Just relying on transaction fees should lead to downward spiral of use, where fees are way too high to maintain use, or network security is too low to protect value.

I'd like to hear from Bitcoin proponents where we are wrong in our thinking. What assumptions are incorrect? Is there a flaw in economic reasoning? If not, what is being done with Bitcoin to address this existential risk for Bitcoin?


There's actually research out of Princeton, that says blockchains destabilize if the rewards are dominated by fees.

https://www.cs.princeton.edu/~arvindn/publications/mining_CC...


No, it's very short sighted and wrong: their whole analysis from 2016 depend on a high variance of rewards, which completely ignores the reality of 2017 clogged mempool where miners chose the highest tx fee.

Selfish mining is possible, at least for a short period of a time, but sunk costs are eventually sunk costs and you compete for the next block.


Why would mining be anything but selfish? The only reason miners are operating is because they expect a reward that is greater than their expenses.

That means block rewards plus TX fees need to be greater than the cost of running the network. Block rewards are effectively a tax on existing holders through inflation of supply, but that will go to zero in the long run. As the rewards decreases, TX fees will need to increase, which means the average TX will rise. This will increasingly make using BTC prohibitively expensive unless the block size is increased so as to allow more TX per block.

But if the scenario should arise where revenue no longer covers the costs of being a miner, the whole economic model breaks down. This could even get to the point where going rogue, and attempting to exploit the network with the hash power, could become more profitable for a miner.


I think you do not understand "selfish mining": it's a technical term for a miner trying to take the lead over the existing blockchain, but only in some very specific cases outside normal mining. It's predicted by game theory - google for it, it's interesting!

The rest of your analysis is correct: as rewards decrease, TX fees may increase. You can also see that due to competition for the limited tps, as seen in 2017.

But this is also exactly why the scenario discussed in the paper is implausible: miners get to pick the transactions with the highest fees for inclusion in the next block. If your transaction is not urgent, you pay the minimum and wait. Eventually, it will be processed - if the expected delay (given the mempool) is not to your liking, you can update the fee with RBF.

But again, it means there will be little variance - just a smooth adjustment, meaning the required condition this whole paper is based on is dead wrong.

About the economic model breaking down, you make 2 mistakes: 1) you fail to account for difficulty adjustments made just for this situation, but even people who do often forgot 2) when revenue no longer covers costs (as say for a factory), the company doesn't immediately give up and fire everybody.

It's industrial organization 101, and due to the difference between short term and long term.

Of course, there is less friction and fewer rigidities with software, and mining equipment could be deployed differently if it was still CPUs or GPUs.

But the genius of ASICs having no alternative use means it can't happen (except maybe switching to another coin with the same algorithm)

Overall, regardless of the situation and what you throw at it, there's no situation I can see where the economic model break - except maybe if miners are tracked and executed on sight by the army? But even then, all it would do is move the mining to another country - or lead to bribes!


Regarding point (2), it's not "giving up" for a miner to shut down the equipment temporarily. It can even be done automatically.

Mining is competitive. A miner who shuts down while revenue is less than electricity cost, and starts up again when fees rise, will outcompete a miner who just leaves everything running even while taking losses.


These researchers really need to re-evaluate their assumptions:

>Figure 2: Illustration of Mining Gaps. Miners will only mine when the instantaneous expected reward exceeds the instantaneous cost

This makes no sense, rational actors generally consider discounted future cash flows, not just instantaneous reward. Perhaps the quality of the paper is explained by the researchers following this strategy and only working on 15th and 30th of every month (when their salaries are remitted to their bank account representing an instantaneous reward).


Discounted cash flow applies to capital like asics, but energy used for mining is instantaneous cost. When the expected revenue from mining is lower than expected power expenses mining makes zero sense.


Not necessarily, the paper itself shows motivations other than direct revenue for discovering a block (IE ability to withhold a block and selfish mining strategies).

> We also assume that miners always have space to include all available transactions.

This is also a pretty bad assumption. In reality the bitcoin mempool is almost always non-zero as bitcoin has smaller and/or less frequent blocks than many other cryptocurrencies.


PoW can work fine with the inflation rate going to zero, and without relying on transaction fees. All it needs is a constant (or an eventually constant) block reward. An effective zero inflation is already achieved when the new emission merely balances the amount of coins getting lost.


Sorry but this is a ridiculously stupid reasoning. You're relying on coins being lost (unknown amount) to counteract rewards and closing there's no inflation due to that.

This also assumes that miners will be holding enough bitcoin that price increases alone will not only pay for their operations but also cover a reasonable interest in their holdings. It's not logical to think this will happen. And even of it does, you'll be left with only a handful of miners.


I think your second paragraph is wrong, since the parent suggests that a block reward will still be paid through newly minted coins.


So the amount of value getting lost must be equal or greater the electricity bill for mining.

I see your point but doesn’t sound like a great pitch.


Bitcoin might fall into obsolescence, but it won’t be because it is mined. It simply isn’t as useful as ETH. I firmly believe that DeFi, which is based upon ETH’s smart contracts and distributed EVM concept, is the future of the finance and investing universe, even with its many issues today.

Flash loans/minting, for example, have turned the markets into the ultimate meritocracy. Anyone - rich or poor - can access up to hundreds of millions of dollars instantly to execute any profitable transaction, no human review or approval necessary. Liquidity pools, introduced by Uniswap, solved many of the problems and risks associated with holding thinly traded assets. Smart contracts have enabled any new project’s tokens to instantly have real value, because in most cases new tokens can only be released to the market by locking ETH into the contract in exchange for the new tokens.

These innovations, along with those that are coming, enable a shockingly large number of new opportunities in the finance world to a much larger audience than ever before. It might be a few years before security, market manipulation protections, etc. are mature enough for mass adoption. But the opportunities that DeFi enables will drive demand for ETH, in a way that today’s Bitcoin simply cannot.


> Anyone - rich or poor - can access up to hundreds of millions of dollars instantly to execute any profitable transaction, no human review or approval necessary

What does this mean? If I'm poor (or rich), why not borrow hundreds of millions of dollars to make some highly speculative trade? If it goes well, I win big; if it goes tits up, the lender loses big (not me).

I'm certain that's an uncharitable reading of your comment - please take it in the spirit of "this is what I'm asking you to explain to me in simpler terms," not as an argument.


Flash loans let anyone borrow a large amount of crypto with no collateral, provided the loan amount plus a fee is returned in the same transaction it is borrowed in. No collateral is required because there is no risk (assuming no exploits).

This means you can't take the highly speculative trade, you can only go for a sure thing. But if you do have a sure thing, you can borrow as much currency as the lender can provide.


Yes, and gas fees for failed transactions ensure you can’t just take unlimited shots at it either. However, if you are monitoring the markets and your code, connections to the network, etc. are fast enough, you can make a fortune using flash loans. A few days ago I found a trade where someone made $17k on a single trade [1] with the only necessary capital being a ~$170 transaction fee. They took a $250k flash loan that they successfully arbitraged. Smaller amounts are made all day every day.

[1] https://etherscan.io/tx/0xfd35e99cbbefea68874391a14ddb09a289...


So the loan and the return is a single "transaction" (in db terms)?

What sort of situation could this be used in? I'm having a hard time truly imagining use without any risk of transaction rollback.


They are primarily used for arbitrage transactions. Token swaps on decentralized exchanges are instant - there is no order book. So you can compose a single transaction that involves many exchanges, swaps involving different tokens, flash loans, etc. If the transaction ends with a profit after the loan is paid back, at the market prices that exist at the time the transaction is executed, the flash loan occurs, and profits are collected by the person that created the transaction. If it does not end with a profit, then the transaction is reverted as if it never existed.


How would that work, though? It sounds like guaranteed arbitrage? But does arbitrage work as a trading strategy? I thought markets quickly become too efficient for that?


It is guaranteed arbitrage. There is no risk to the lender, and the only risk to the person that initiated the transaction is that slippage will occur that makes the trade unprofitable, which would cause the transaction to revert, which would cause them to lose the transaction fee for having attempted the transaction.

The markets are not currently too efficient for that, and never will be. In fact Uniswap’s entire design depends heavily on arbitrageurs balancing out the markets between itself and other exchanges.


Wow this sent me down a rabbit hole.

How are the transactions composed, with a smart contract/s, in combination with Dex API’s?


Flash loans are composed using a smart contract. So basically you create a smart contract that will call all the DEX/loan platform/other contract functions necessary to obtain the loan, carry out swaps and pay it back. You then deploy that contract.

Then you would have a separate program running on your client machine to scan for market opportunities, and when it spots one, have that program send a transaction to your deployed smart contract to initiate the loan and set into action whatever logic you programmed into the smart contract that will yield a profit.

Yes, it’s quite a rabbit hole indeed. It is hard to believe that something like this is even possible, let alone profitable, but it really can be. I have seen single flash loan transactions yield up to $46k in profits. That profit is irrevocably delivered back to you in a couple of seconds.


Yea it’s really quite wild and an exciting application of the ‘programmable money’ concept. Did some more reading. Thanks for the rundown.


flash loans makes markets more efficient:

https://blog.instadapp.io/six-percent-instant-return/


The false premise you're using is that smart contracts provide more utility than sound economic policy does.


I don’t think that “sound economic policy” would, for example, have major banks offering flash loans. There are many things that can only be achieved through decentralization. Policymakers and banks alike have a serious interest in remaining gatekeepers, and would never enable many of the DeFi functions.


On the other hand, if flash loans are not sound economic policy, doesn't that imply they won't prevail? Evolution will weed them out.


So what happens after Ethereum finishes migrating to proof of stake and has lower inflation than Bitcoin?


The problem is not what the inflation rate is at any given moment, but that it can be changed so easily, like the very switch to ETH 2 is an example of.

The inflation curve in Bitcoin is considered sacred. In Ethereum, it's developer whim and EIP approval.


It was known from the start that the PoW phase is just a temporary development phase, with no parameters set in stone. Eth2 has a deterministic inflation schedule that depends on total amount of stake.

  def calc_annual_reward(total_staked_eth):
     return math.exp(31556926 / 384 * 64 / 31622 / total_staked_eth ** 0.5) - 1
This is the return rate for validators - this should be multiplied by the average online percentage, eg. 0.9 if average participation is 90%. On top of that comes fee burning, which is inherently variable, but likely to lead to deflation at least initially. Extrapolating fees from the last 24 hours and assuming 10M eth is staked, the net result is a deflation of 1.3%.


How does sound economic policy differ from visual economic policy?


Have you checked out rsk? It lives on top of bitcoin and apparently does smart contracts.

https://www.rsk.co


Is anything built on top of rsk up and running at this time?


From what I can understand from their official dashboard, the answer is no: https://stats.rsk.co

RSK MainNet launched about 3 years ago. Currently, most blocks have no transactions, with 0 gas spent.


I think the most interesting development is the increasing amount of Bitcoin being wrapped in Ethereum, somewhat validating the store of value idea, I could see it giving Bitcoin some legs

But... is it like sports memorabilia at that point, the value is all perception rather than utility and could one day just.. collapse


I think the wrapped BTCs, especially the decentralized approaches to it, are clever links that allow for the transfer of BTC value over to the Ethereum ecosystem.

It's a way of selling BTC for other tokens, extracting and removing its value over time, and instead investing it into DeFi and similar.


Interesting! How are they wrapped? Do ppl trade bitcoin on ethereum without actually using the bitcoin blockchain?


They trade a token, sometimes called a stablecoin, that represent BTC as its underlying value.

Primarily two extremes for how this is done: Centralized, like WBTC (https://coinlist.co/help/what-is-wrapped-bitcoin-wbtc), and decentralized, like tBTC (https://defirate.com/tbtc/)


Besides the extremes, there's the pragmatic in the middle - interoperability in general. RenVM supports Bitcoin and many other coins on multiple hosts, not just Ethereum (eg. Polkadot):

https://renproject.io

https://mainnet.renproject.io


I'm not convinced RenVM is really in the middle in its current state. Currently the core team holds all of the keys for the over $300M in Bitcoin stored by their project [0]. I'd take wbtc, which is held by a consortium of well known custodians in the space over that any day.

[0] https://www.theblockcrypto.com/daily/76787/ren-bitcoin-walle...


>Eventually Proof of Work WILL kill Bitcoin - but I have to admit this may be decades out in the future.

I always thought the hardwired reward for mining, namely, X btc every 10 minutes, is the cause of Bitcoin's wasting electricity.

The electricity used is roughly proportional to the hashrate, which in turn is roughly proportional to the price of btc -- until the next halving, which I think is more than one year but less than 2 years from now.

These halvings of the reward every 2 years (which occur on a schedule set before Bitcoin was launched all those years ago) will some time in the next 10 years (which is 5 halving, representing a reduction in the reward by a factor of 2 * 2 * 2 * 2 * 2 == 32) or 12 years bring the Bitcoin network's electricity usage down low enough that a reasonable person will no longer avoid Bitcoin out of worry that it is bad for the global climate.

Note that this mining reward doled out every 10 minutes is not a transaction fee. E.g., neither of the transacting parties (i.e., neither the sender nor the receiver) pays it.

So tell me again what will eventually kill Bitcoin.


If the hash rate goes down as you predict, then the network will become insecure. Double-spending attacks will destroy the trust in the network and people will stop relying on it.


Bitcoin halvings are every four years. The third one happened in May this year.


I accept and appreciate the correction.


> Eventually Proof of Work WILL kill Bitcoin [..]

> Right now, most of the mining is financed via inflation. But as this comes to an end, eventually, the cost of mining will be borne by anyone making transactions on the network through tx fees.

> Somebody has to pay the electricity bill on all these ASICs.

This is just wrong.

If the award available to miners decreases due to lack of inflation they will use less power-consuming hardware.

If that still results in loss due to electricity cost then miners will leave the market until the amount of miners in the market is equal to the amount of tx-fees available.

In other words: This is a market with supply and demand. If one decreases the other also goes down until they're balanced. It won't just make the market disappear!

So even if almost nobody was willing to pay any tx-fees and there was no inflation then Bitcoin would still be running. It may just move back to running in the background on consumer hardware which was bought for other purposes instead of having giant mining data centers.

This also means that mining isn't going to infinitely waste energy:

The demand for energy cannot go higher than the offer of tx fees / block reward.

So there is a finite upper boundary to Bitcoin's power consumption. I think a finite upper boundary is enough to justify its existence, the precise value of such a constant is arbitrary so you might as well not waste your time in arguing if it is too high or too low and instead be happy that there IS a boundary :)


You're just explaining the steps of the parent's scenario. The chain must keep accumulating work faster than any adversary could keep up with or everyone's money is at risk because the state never fully finalizes.


everyone's money is not at risk -- only the people who are transacting. There are also tools to know a estimate a good number of confirmations needed.


Everyone's money is the result of transactions, all transactions are at risk of being reorged, so everyone's money is at risk.

Those tools don't work in this chain death scenario of dwindling hash rate.


> all transactions are at risk of being reorged

Satoshi's coins are always uneffected in case of a reorg. So if everyone else's who have never transacted since the reorg.

Chain reorg's are usually temporary even in chains with low security budget.


Personally I like the approach the Cardano community has taken, working towards interoperability with pow and pos

https://medium.com/@schwartz4live/invitation-for-community-d...

Congrats to the Eth folks though, this really was a big undertaking.


I just don't see it. Bitcoin could be forked to no longer use PoW if it became an existential threat.


Migrating from PoW took about 2-3 years for Ethereum, required massive changes to economic model, and developing all new clients. Ethereum leadership is still somewhat centralized, so this did not lead to multiple competing forks.

Doing the same for Bitcoin would be very hard, and if it simply follows Ethereum's footsteps, then it is unclear why even use Bitcoin.

But -- I hope we see this fork sooner rather than later. Bitcoin miners will have no economic incentive to capture back the CO2 produced.


I disagree that it would be (technologically) hard for Bitcoin to transition to a PoS (disregarding that we don't have yet conclusive proof if any PoS model actually works long time).

Ethereum is built to a spec. That's why the different client developers had to coordinate their work. This is not the case with Bitcoin. There, the official client is the de-facto spec you have to comply with if you develop another client.

The bigger problem is that the current narrative of Bitcoin heavily discourage hard forks.

Transitioning to PoS would be a social task with Bitcoin, not a technical one. Also note that Ethereum was promised from the beginning to transition to PoS, they just didn't expect to take this long.


Its a social task they already failed with the segwit fiasco. PoS would probably be worse


What do you mean "failed"? Segwit was activated. After lots of infighting and after a hard fork for a new chain occurred but it activated on the chain that has the bigger hashrate as of today.

If the Bitcoin developers would push for a POS hard fork I would expect the chain to split into a POS and POW version but which version would become the canonical Bitcoin would be up for debate.


ETH2 has been in discussions and development for more than 3 years.

ETH is still on PoW and will continue to be on PoW for many more years.


Bitcoin will continue to use PoW while the main chain transaction fees are enough to buy adequate security for the network. This could be a very long time, or indefinite if it continues on it’s current trajectory. And if it does, then some governments will almost certainly take an interest in mining as a way to generate revenue from available energy, as Venezuela is already doing.


Except Bitcoin is controlled by developers who have effectively promised to never fork.


What's your take on off chain solutions like lightning as a solution to the high tx fees?


It doesn't solve the fundamental cost problem with Proof of Work:

- If people pay high effective tx fees, it's shit because, well, it's expensive.

- If people pay low effective tx fees (through lightning or block size increase or whatever) then, as soon as inflation ends, the money won't be enough to pay for a sufficient hash rate.


Writing to the block should be expensive. But there won't be a problem because it'll only be used to settle Lightning Network transactions very infrequently, and could be massive amounts... not for small transactions.


Sure, but that’s a scenario where the usage of bitcoin is high and the total amount of money on tax fees is small compared to the market cap of bitcoin.

This means hash rate will be low compared to the market cap, and the necessary capital for a double spend attack may be worth it.

Maybe it’s all less of an issue because bitcoin will develop a network of trust that can replace the block chain.

But then, why not go with something like Stellar right away.


What about BCH, where they're increased the block size so many smaller transaction fees can still build up to a large reward for miners?


PoW doesn't need inflation to end.


That's not what the parent said


Unfortunately, one cannot see the edit history of posts.


Sure that works, but AFAIK it's a far cry from the decentralization we were promised in the white paper.


Lightning Network


We can just use renewable energy sources long term. Really don't understand the obsession some people have with the energy requirements of bitcoin mining - please compare these with the energy requirements of the financial systems it replaces.

Bitcoin solves the need for third parties in the financial system. That's it, it's not meant to be some eco currency - never was.

Where's the validation that the current financial system needs to have its energy needs reduced? Bitcoin cuts out the energy requirements of all the countless third parties, for a start.

POS is a joke.


> please compare these with the energy requirements of the financial systems it replaces.

I don't have numbers (I suspect it's impossible to do a true apples-to-apples comparison), but I feel like Bitcoin still likely fails by this metric. I recall reading a year or so ago that Bitcoin was using the same amount of electricity as a small developer nation. I expect the other financial systems use more than that in total, but consider that these other financial systems handle orders of magnitude more transaction volume, and include a lot more services than Bitcoin does.

> We can just use renewable energy sources long term.

Renewables aren't free. It costs time, effort, and energy to build the infrastructure (solar panels, windmills, etc.), not to mention caustic chemicals for some of these, which do have negative environmental effects. Maintenance has costs, as does eventual replacement. The land required to house these production farms also is not free.

Yes, the energy produced by renewables is obviously much much cleaner than that produced by other means, but they still have costs.


Why is POS a joke?


The SEC has come out to say that BTC and ETH 1.0 are most likely not violating US securities laws. By moving to proof of stake ETH has lost that stamp of approval. In addition some people argue that POS is violating security laws. Large institutions are far less likely to adopt a cryptocurrency that might run into legal trouble down the line.

https://www.invigorlaw.com/sec-says-cryptocurrencies-bitcoin... https://medium.com/blockchain-at-berkeley/does-proof-of-stak...



There is no way Bitcoin will switch to PoS.

The very core of Bitcoin is PoW.


More importantly, there will never be more than 21 Million Bitcoin. That is the primary value it serves (beyond censorship resistance) it is not inflationary...

any scaling solution or consensus change that doesn't retain this important feature wouldn't be bitcoin, just another fork. potentially could go from PoW as long as supply is not inflatable it could still be considered Bitcoin (depending on whether users switched to the new version or not)


That doesn't follow. The very core of Ethereum is also PoW, and they're migrating to PoS.


In case there's ambiguity here, I think GP means "core to the ideals" of Bitcoin, not the core of its implementation.

GP is correct. The Bitcoin community is fiercely conservative, and a proposal to switch from PoW to PoS would be met with about as much scorn as a proposal to increase the total supply.

Ethereum, on the other hand, has never had any strong attachment to PoW -- quite the opposite, really. Switching to PoS has been a major goal since the early days of the project.


Okay, yeah, I agree with that. Thanks.


Not true, many think PoS is coming to BTC in the future, or at least a hybrid. (Note: not the near future)


> It's the first step for a major cryptocurrency towards ledger security that does not damage the environment via mining.

What about Ripple/XRP or Stellar? I mean, I'm not a fan of it but they've been doing a non-proof-of-work chain since 2012.


Solar powered mining operations in the orbit are much more likely.


> It's the first step for a major cryptocurrency towards ledger security that does not damage the environment via mining.

Not true. Cardano has been operational with PoS since early 2020. And it’s staking process is much more straightforward and user friendly.


sorry but this doesn't make any sense to me. POW is providing a service - it is securing billions of dollars in decentralized value.

It doesn't damage the environment if used with solar power or an energy source that isn't damaging to the environment. In other words, it isn't necessary that it damages the environment.

Is it wasteful when you use the elliptical machine or tread mill? It is a tragedy that energy is being wasted in such magnitude in gyms around the world?


Whenever someone mentions smart contracts I'm instantly reminded of that Jean Luc Picard quote:

"I don't know how to communicate this, or even if it is possible to do so... but the question of justice has concerned me greatly of late. And so I say to any creature who may be listening: There can be no justice, so long as laws are absolute. Life itself is an exercise in exceptions."


I have to say that I'm happy that Ethereum does not do on-chain governance for this very reason. It more or less follows the IETF principle of "rough consensus". [0]

As far as smart contracts are concerned; they're hardly "contracts", but you probably already knew that. Even Vitalik Buterin regrets calling them that way [1].

[0]: https://en.wikipedia.org/wiki/Rough_consensus

[1]: https://twitter.com/VitalikButerin/status/105116093269977088...


I think of it this way:

- Every system will be gamed, no exceptions.

- It is impossible for the architects of any system to imagine all the ways it will be gamed.

That's why it's not possible to create fixed laws that are just. Inevitably someone will find a hack that turns the intent of the law around while remaining true to its letter.

This seems to be what dooms both pure libertarian capitalist schemes and pure socialist command economy schemes. In the former case there is not enough structure to contain exploits and no recourse when someone finds a good scam. In the latter case it's impossible for central planners to imagine the results of their plans when they are exposed to opportunistic economic agents. The fatal flaw in both ideologies is their dogmatism. It causes them to fail to adapt when flaws and exploits in the rule system are inevitably found.


Any political or economic system built on the expectation that people won't be assholes to each other (and work with others to be assholes) is a flawed system.


Ethereum is also built on the assumption that:

- people aren't assholes

- all involved parties can audit blockchain transactions

- all involved parties are programmers and can audit a contract written in an esoteric programming language

- all involved parties voluntarily agree to be bound by these contracts despite the fact there's no way they can be enforced


> all involved parties voluntarily agree to be bound by these contracts despite the fact there's no way they can be enforced

Maybe I'm misunderstanding, but I don't think ETH contracts count on humans doing anything.


If you "don't have humans doing anything", then Ethereum is just a very slow and inefficient API and protocol layer.

However, if you want to use services or exchange goods, then people are involved.

A simple example: person A requests goods or services from person B. According to Ethereum website, "Customers have a secure, built-in guarantee that funds will only change hands if you provide what was agreed." Person B provides goods/services. Person A says no goods or services were provided. The assumed guarantees turn out to be fiction.

Here's a real world example. A typical contract between a supplier and a chain store common in many parts of the world goes something like this:

- supplier provides goods on a continuous basis

- the chain store pays for goods once every three months

In the real world this contract is enforceable by, well, centralised laws of the respective countries. If the chain store reneges on payment, it can be taken to court and forced to pay.

In case of "smart" contracts, well, keep sending goods for three months in the hope that you get paid.


As far as I understand it, that's not the sort of thing Ethereum contracts would cover. The contract is just an computer agreement between trustless systems to run code. Vitalik Buterin has said he regrets the term "smart contracts" because of the usual meaning of the word contracts:

https://twitter.com/VitalikButerin/status/105116093269977088...

> To be clear, at this point I quite regret adopting the term "smart contracts". I should have called them something more boring and technical, perhaps something like "persistent scripts".

> I do think that persistent scripts controlling assets compete with the legal system on some margins, but so do locks on doors. So IMO it's wrong to equate them with a specific philosophy of law privatization.


> The contract is just an computer agreement between trustless systems to run code.

Then, as I said, it's just a very slow and ineffecient API and protocol.

However, to quote ethereum's marketing material [1]

--- start quote ---

Ethereum allows you to move money, or make agreements, directly with someone else. You don't need to go through intermediary companies.

Commerce guarantees

Customers have a secure, built-in guarantee that funds will only change hands if you provide what was agreed.

--- end quote ---

This directly involves people. With all the issues described above.

On their dapps page [2] currently:

- Foundation. Buy, trade, and sell unique digital artwork and fashion from some incredible artists, musicians, and brands.

- PoolTogether. Buy a ticket for the no-loss lottery.

- Augur. Bet on outcomes of sports, economics, and more world events.

etc. etc.

All this involves people and the belief that they will honor their end of the deal.

[1] https://ethereum.org/en/what-is-ethereum/

[2] https://ethereum.org/en/dapps/


All useful contracts in real world are dependent on humans, unless the machines can make and deliver a pizza, with extra cheese and no pineapples.


No, there are completely mechanical contracts being executed every day.


This is why human resolution layers such as Kleros exist. You can rely on human juries to resolve certain conflicts that automation could not possibly handle. The system relies on game theory to disincentivize dishonest jurors. Whether it will hold in practice remains to be seen, but a few (~100 for Kleros I think, there are also other solutions such as Aragon but I'm less familiar with them) cases have been dealt with succesfully so far.


True, but on the other hand if you have options or futures contracts, you expect them to execute as specified. That's the sort of thing mainly running on Ethereum.


I think the big reason this happens is because smart contracts are immutable at the lowlevel. Once it's declared, it's done. I think this is very good for auditability and security. But yeah, that quote is dead on. It's not quite as hot at a higher level, because things go wrong (bugs, malfeasance, mistakes, etc).

I think the current lowlevel framework is fine, because it's allowing different projects to explore how to introduce flexibility back into the system at a higher level -- but because it's being done at the level of a project within the Ethereum ecosystem, each approach can live & die on it's own, without risking the entire ecosystem on one approach.

The main set of coding patterns I've seen all center around deploying contracts which act as an "upgradable proxy" -- an immutable frontend contract, which can be redirected to point to another contract that does the actual work.

This "redirect" usually can only be done via txn signed by an "admin" account, which may be a single anon -- or it may be something more complex, like MakerDAO or Aave.com, where any updates are proposed by the dev team, but have to be approved by on-chain governance votes. Said votes in turn literally have $$$ staked on-chain to properly motivate them to make things work. There are also time-locks on many of these updates, giving users a last chance to run for the hills if governance does something malicious / stupid.

The nice thing about that structure is that it also allows governance to let in updates which compensate users for mistakes or exploits at a meta-level, all without violating the underlying immutability of the smart contract bytecode.

---

It's a pretty rapidly evolving space, and I'm sure what I described won't resemble the final form in even a few years.

I think it's really great to see that there is a way to introduce justice and flexibility on top of an immutable system, rather than making the system itself become mutable. This allows the immutability of the lowlevel system to act as a source of trust between anonymous groups, that they have to act within some immutable set of ground rules, while then re-introducing the flexbility on top, so humans can act like humans when mistakes occur.


All things considered, is this truly less complicated than a hand written handshake contract? The real solution is risk mitigation through deposits and payment plans.

Put another way: how good is a smart contract if it’s easy to create a deceptive one?


From a technical perspective, yeah, I'd say it's a bit more complicated.

But establishing agreement with another human means I have to establish a common language with them, then work out what we're agreeing to, then establish some set of mutual trust between us (usually involving some form of identity verification, even if it's a "who are you on twitter?" level of thing). And then we perpetually have to track that the other person's incentives haven't changed outside of the contract in such a way that violating it would be more profitable. The effort involved in all of that scales very poorly, especially from the service provider's perspective.

On the other hand, if someone wishes to operate in good faith, their incentive is to make the smart contract as simple as possible, and as amenable to independent verification from outside parties (as well as theorem provers).

And no one has to worry about establishing mutual trust with the other person, or that they'll just change their mind in the future. Even if a contract is upgradable, if you only choose to work with ones that are either immutable, or require a timelock / voting period before changes take effect, you (collectively all the consumers of the contract) know your margin of safety.

And that margin of safety is provided because you can trust the base layer is itself immutable and secured. Whereas with risk mitigation through bonds etc, who is the trusted third party we mutually agree to hold our deposits? how do each of us trust that third party isn't in league with one of us? (I trust the "Certified Bank of Nigeria In England", but do you?).

That's the core bit that a smart contract platform like Ethereum provides -- a base layer for establishing mutual trust in objective terms. You can build whatever manner of agreements on top of such a base layer, but if the base layer isn't there, each separate agreement (expensively) requires the two parties find some common ground.


followup - shout out to https://defisafety.com/, which is attempting to curate lists of projects with publically performed audits, to make it easier to assess quality of their code (and how closely code adheres to human statements). it's nascent, but IMO a good step forward.


That's one reason why any reasonable smart contract includes an unconstrained everybody-signs spend path.

At least for any contract in which "everybody" is reasonably defined, known upfront, and finite.


Having worked with Ethereum, especially the low level bytecode, one of the changes I'm most excited for that I don't see mentioned a lot is the addition of eWASM support for nodes. There's many problems with the two dominant smart contract languages Solidity and Vyper, for instance bloated codegen that had to be patched otherwise complex contracts size could not be deployed[0], or more theoretical concerns such as soundness, semantics and correctness. Part of the problem is because of no coherent shared intermediate representation and developers writing backends from scratch, and lots of reinventing of the wheel[1]. There's an ongoing project[2] to create an LLVM backend for EVM but the stack based nature is at odds with LLVM IR's bias towards register-based architectures. (EVM doesn't even have a separate stack for return addresses to implement subroutines cleanly!)

The switch to eWASM would greatly improve security, efficiency and perhaps allow a diversity of languages to be used on Ethereum. It should be a matter of exposing the appropriate primitives to call other contracts, generate log events, write to the store and so on.

[0] For instance, see a PR that reduces codegen from 55K to 1.6K bytes on an innocuous contract https://github.com/vyperlang/vyper/pull/1488

[1] I'm guilty of it too; https://github.com/ActorForth/evm-assembler/blob/master/docs...

[2] https://github.com/etclabscore/evm_llvm


Fwiw there is a proposal to add a return stack to the EVM:

https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2315.m...

Your evm-assembler looks pretty interesting. It's crossed my mind before to write an evm Forth, just for fun, and the lack of a return stack so far has dissuaded me.


It's more than a proposal at this point, it's been accepted into the next network upgrade, Berlin, and has been implemented in all major clients for a while now.


That's fantastic, thanks!


Looking close enough at Solidity was what turned me off the Ethereum ecosystem back in the day: https://news.ycombinator.com/item?id=14810008

eWASM does look interesting, though!


I've done a small bit of dabbling on solidity. Is there a place to get started on this new proposal? Or still too raw for the less experienced? I'll check your links but in case they don't cover that question.


I guess it's not mentioned a lot as it's still ~2 years away in Phase 2, AFAIK.


What's the current status of eWASM?

Seems like there's discussion of scrapping the whole phase 2 "execution environments" and just allowing heterogenous execution on rollups.


Can anyone give a TLDR of what is significant about Ethereum 2.0 for those of us who don't follow this stuff much?

As blockchain tech goes, Ethereum always seemed the most interesting.


Multiple aspects. PoS offers much, much stronger security than PoW while being about 4000x cheaper to run and sustainably decentralized. Sharding (along with rollups) allows for a truly global scale platform - over 100k TPS, potentially 1M, while still running on normal computers in people's homes. PoS is a requirement for sharding, as dividing security under PoW would make each shard too easy to attack.

Last but not least, full eth2 turns eth into a positive yield asset, a share in ethereum (real income depends on fees paid by users - ethereum already dominates).

https://cryptofees.info/

To not overhype, the current launch is really an incentivized testnet only for PoS itself - real ethereum still runs on PoW as it was. It's important because it shows that after long delays eth2 is finally starting to happen, and because consensus itself is like a car that can drive without transporting anything or anyone - not very useful at the moment, but changes required to make it useful are relatively small compared to building the car from the ground up.


> PoS offers much, much stronger security than PoW

Uh, why do you say that?

The security of PoS in fact ought to be much LOWER than the security of PoW:

The goal of requiring proof of work is that you cannot just send multiple versions of the same transaction into different areas of the network to double-spend your money - because you need to commit work for producing a block, and due to consuming energy you can't fake that.

Well, you can compute two (or more) blocks in parallel, but then you'll spend half of your available CPU (or ASIC nowadays) cycles on each block, thus cutting your speed in half. So the non-malicious competitors on the network will produce more blocks meanwhile because they're not splitting their computation power, and thus your fake blocks will get invalidated because they're on the shorter chain.

With PoS on the other hand you can create as many fake blocks as you want and spam them to the network. The only security is the hope that the random network topology arbitrarily results in the double-spending blocks arriving at the targets under attack after the other blocks arrive.

But if you run thousands of nodes on the cloud and thus have better network connectivity than the victims you can make your double-spend blocks arrive first at the victims.

So:

- PoW: Relies on physical limits, you need to have physical hardware and physical energy to conduct an attack.

- PoS: Relies on the network connectivity of the attacker being hopefully worse than the connectivity of the non-malicious network. Who can guarantee that? Nobody.


Security deposits of attackers in ethereum are slashed, up to 100%, in case of an attack. The value at stake can potentially grow into hundreds of billions, much more than any PoW chain can hope to accumulate in mining revenues in its entire existence.

Last but not least, there's no way to delete PoW attacker's gpus, but hostile stake is always going to be slashed. Asic pow chain can be forked - once - to a gpu pow, but that's it, and after that there's no recourse to sustained attacks. This property virtually guarantees that no attack against PoS with slashing is ever going to happen.

https://vitalik.ca/general/2020/11/06/pos2020.html


> Security deposits of attackers in ethereum are slashed, up to 100%, in case of an attack.

What defends against the attacker configuring his nodes to just not relay the blocks which slash his deposits, by having a majority in the network connectivity, and thereby convincing victim nodes that he in fact is the victim of false slashing because the victims will only discover the slash-claims much after the attackers "valid" blocks?

Or in other words:

Isn't the slashing mechanism also reliant upon mere hope that the network topology randomly happens to be in favor of non-malicious peers?


Not OP... but one big difference between PoW and PoS is that:

when a PoW block is mined, there's no way to know how much hidden equipment is out there mining a parallel chain, which could suddenly appear and take over with more accumulated work. You hope the malicious actor doesn't have 51%, but there's no way to actually prove that they aren't out there.

with PoS on the other hand, the set of validators who are voting on a block is known many blocks in advance. so say a malicious validator has X% of the voting power on a given block: he can't refuse to relay the other votes, because it will be obvious to all other nodes that he only speaks for X%, and what he's broadcasting lacks quorum, because the other (100-X)% votes are missing.

Whereas the other (100-X)% group will be actively broadcasting that they're slashing his stake; and if (100-X) has quorum, those votes will be accepted as valid by all the nodes on the network, regardless of what the malicious actor decides to broadcast.

TLDR: under PoW, silence is assumed to be absence of dissent, since number of miners out there is unknown. Whereas under PoS, silence still allows proving lack of quorum (since the voters are known well in advance), so censorship doesn't let a malicious validator legitimize their vote.


If the attacker has 2/3 of the entire stake then the only option is to manually coordinate a fork to a chain without his censorship, allowing protocol penalties to run its course. A direct analogue of an asic PoW fork in case of a sustained attack.

>and thereby convincing victim nodes that he in fact is the victim of false slashing because the victims will only discover the slash-claims much after the attackers "valid" blocks?

It's not possible for 'false slashing' to occur, because slashing requires presenting conflicting votes.

>Isn't the slashing mechanism also reliant upon mere hope that the network topology randomly happens to be in favor of non-malicious peers?

topology doesn't matter in this case, 2/3+ consensus is asynchronous. 2/3 of stake is required to finalize blocks, so the attacker would finalize his own chain without slashing.

There are some ideas about 99+% proof consensus which rely on topology and nodes being online (which means they can observe that censorship is happening) but it's not currently implemented. Eventually I expect it to happen, making attacks a practical impossibility, by coupling asynchronous 2/3+ consensus guarantee with synchronous 99+% guarantee, effectively automatically coordinating anti-censorship forks.

https://vitalik.ca/general/2018/08/07/99_fault_tolerant.html


You seem to assume that the attacker has control over the entire internet.


Ethereum has 11 000 nodes currently: https://www.ethernodes.org/

There are probably many botnets of IoT devices with 10x that many nodes, aren't there?

So a single botnet could probably ensure that a target victim has the majority of peer connections to the attacker.


If a validator signs two blocks at the same height, they will be slashed, lose their tokens, and not be able to participate in consensus. They get slashed when anyone submits evidence of them doing this. This trivially solves the "nothing at stake" problem from 2014 that you wrote your long original comment about.

If I understand it correctly, you are now saying that someone would DDOS the entire gossip network, completely halting any more production of blocks so that their slashing doesn't go through?

We're not even talking about "nothing at stake", or anything having to do with PoS anymore. We're just talking about a massive DDOS of an entire network. Node operators in PoS networks, as well as Bitcoin, have ways of dealing with DDOS which are the same as how anyone deals with it, and I don't need to get into them here.

If someone was able to overcome these DDOS mitigations and completely prevent a PoS network from receiving any legitimate transactions, they could do this to Bitcoin as well.


> They get slashed when anyone submits evidence of them doing this.

Who will record this "evidence" to the blockchain? Anyway there will be two versions of the blockchain. In one of them attacker's stake was not slashed and there is no any "evidence" of his malicious actions.


The "evidence" is two blocks, with the same block height, both signed by the attacker.

Not sure what these two versions of the blockchain you're talking about are. Signing two blocks at the same height with the same chain id is the slashable offense. It doesn't matter what's in them.

If the attacker wants to have his own blockchain off in the corner where he has all the money, nobody cares.


> Not sure what these two versions of the blockchain you're talking about are.

Really?! One version is "Vitalik's fork" and another one is "non-Vitalik's fork". Which one of them is a valid chain? Any idea?

Assume the attacker is Vitalik and there an "evidence" of his attack. Who will dare to slash him? Vitalik won't include this evidence into "Vitalik's fork". If Vitalik wants to have his own blockchain, nobody cares, isn't it?


This is completely untrue and has been since 2014. The solution is that validators are "slashed" and lose their tokens if they have been found to sign two blocks at the same height.


What has happened in 2014? Is that a time when brain-washing campaign in crypto-media has been started? "Slashing" is not a solution to this problem.


Vitalik Buterin came up with a solution for the nothing-at-stake problem: https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proo...

Also, I'm not sure why you and the other commenter are so argumentative about this. There are several PoS networks out there such as Cosmos, Tezos, etc, holding more than a billion dollars. If there was an issue, someone would have hacked them by now.


> Vitalik Buterin came up with a solution for the nothing-at-stake problem

Is that a link to an article from a peer reviewed academic journal?

> There are several PoS networks out there such as Cosmos, Tezos, etc, holding more than a billion dollars. If there was an issue, someone would have hacked them by now.

I'll give you a hint: "slashing" is not a thing that sustains security of these networks.


Where did he claim it was a peer reviewed journal?


Don't you think this claim should be supported by some reputable secondary source?


Thanks for answering questions I’ve had for a long time about POS. Do you have any links to share on the subject?


Google "nothing at stake problem".


Why did you not add "Who can guarantee that? Nobody." to the PoW description as well?


Exactly. As they say, first step is always the hardest. The switch from PoW to PoS was monumental and I'm glad they took the time to execute so well. This is a great step forward for Ethereum


It's not the first proof of stake blockchain, but it's the first that allows hundreds of thousands of nodes to fully participate, while also having high security and rapid finality. This is only possible because of math that was developed three years ago.

https://twitter.com/technocrypto/status/1330150362427387910

In proof of stake, mining equipment and electricity consumption is replaced by the cryptocurrency itself. You put up your currency as a bond, get rewarded more for running the network, and lose your bond if you misbehave.

The other big advance for ETH2 will be sharding, so each node doesn't have to process every transaction. But that's not the part that launched today.


So will this be a new currency or will existing ETH switch to it?


Existing ETH will switch to it.


It is powered by proof of stake, which means no asic miners, and possibly quicker blocks.

A new virtual machine for smart contracts (EWASM instead of EVM) giving better contract analysis options, and possibly higher sync speeds due to optimisations.

Also, sharding - so multiple jndependent blockchains, that should fix the scalability.

If I’m not mistaken, this release is not yet a full blown new chain, but just a partially functional one, designed to test stabiloty and safety.

Disclaimer - I’m a bit out of loop, so I meay be slightly wrong somewhere.


The VM for smart contract is not set.

The roadmap has changed for the phases after this launch so that Eth1 contracts and the Eth1 chain can run on Eth2 so that the past years of Eth1 development are not thrown away.

Reading on the roadmap: https://ethereum-magicians.org/t/a-rollup-centric-ethereum-r...

Disclaimer, this roadmap is valid as of today Dec 1st 2020 but it might have change a couple of months from now.


Ah, good to know, thanks. I was a bit out of the loop for the past year.

I wouldn't mind staying with EVM, since EWASM doesn't seem to offer much significant improvement (static jumps only, really).


I think ewasm is a bit up in the air, may come along at some point but i think the developer tools built up on the evm (and dev knowledge of evm) isnt going to be quickly replaced.


Is EWASM basically just webassembly running on Ethereum?


Basically the deterministic subset of web assembly.


Beginning of switch from Proof of Work to Proof of Stake consensus, which will end the mining process for Ethereum and switch to securing the network by locking up funds, drastically reducing the amount of energy used to secure the network. As a side effect of the consensus change, the amount of transactions per second will scale massively. There is not universal agreement among blockchain enthusiasts that Proof of Stake is as secure as Proof of Work, but many currencies such as Cosmos and Polkadot have already implemented Proof of Stake without security issues.


any idea on the increase in transactions per second/month/some time period? The things that have stopped me from getting into btc/eth are:

- scaling issues (it can't be used as a currency if this isn't fixed) - power issues (would be nice if we didn't create a huge pointless energy sink if we could avoid it) - the amount of footguns in ethereum (I think the language is too permissive)

It looks like this solves at least 2 of the three!


There are basically two big things in Ethereum's scaling roadmap. One is sharding, so each node only has to process a fraction of all transactions. Initially there will be 64 shards, but it's designed to allow up to 1024. As individual nodes get more powerful, both the number of shards and the amount processed by each shard increases, for quadratic scaling.

The other part, which is on Ethereum mainnet already, is a layer-2 idea called rollups, which store transactions on chain in a very compressed format without losing security guarantees. There are several rollup systems, capable on today's Ethereum of doing 1000 to 9000 simple tx/sec.

Once both systems are live, total capacity will be 20K to 100K tx/sec, not counting the quadratic improvements.

On the research side, there's also work to make data validation more efficient by replacing merkle trees with something more compact, like polynomial commitments. That would add another 10X factor to rollup scaling.

Regarding footguns, people are working on more rigorous languages than Solidity that still compile to the EVM. So far their compilers aren't as solid so they don't get much production use yet.


Thanks for the summary of the current state of the art -- last I looked at this sharding/federated-chain stuff was still only research grade for bitcoin as a whole. If Ethereum is ready to productize that's amazing news.

Anything more than ~3000 tx/sec will be a game changer and maybe ethereum will finally deliver on the promise of usability as currency.


At least 1000 transactions per second if not more. In terms of language security, it is possible to use a verified subset of the language in order to avoid bugs, as you can with any Turing-complete language. Few currently do, however.


Thanks -- yeah the language thing I guess is much harder to change, but I can protect from that by just sticking to relatively simple transactions, or maybe if some sort of professional review/audit agency would spring up...


You can check out the current roadmap here

https://ethereum.org/en/eth2/#roadmap


Not tldr, but explanation https://m.youtube.com/watch?v=3x1b_S6Qp2Q


Congrats to the dev team and ethereum community. This is a monumental step for the future of crypto.


Can someone explain how block timing works in proof-of-stake systems? As I understand it, with proof-of-work the mining difficulty increases or decreases to maintain that each block is found in roughly the same amount of time. In proof-of-stake is there also a mechanism to regulate the time for each block to be added to the blockchain?


No, as far as I understood the time between blocks in a PoS chain is basically just a timer (e.g. 10 seconds). There is no need to adjust that dynamically because there is no "race" to solve a problem. I guess it is even more predictable if it is not dynamically adjusted.


But that does have to be enforced via incentives/cryptography, and with reference to a clock.


Well it is enforced by the protocol on which all node agree and there needs to be a mechanism for syncing clocks across nodes (also defined by the protocol) but they exist, e.g. https://ieeexplore.ieee.org/document/8946264

Not 100% sure what ETH is using here but there is a mechanism.

If someone would want to fake timestamps, they would need to deviate from the protocol and would thus not be on chain.


You are simply raising the fundamental difficulty with blockchains. How do you know what is the true chain in an adversary environment (the internet)? You gave us the question and no answer


Validation of the longest chain, agreed upon by the protocol which the nodes are running. This is the absolute fundamental of this technology. This is not new and it has been working for more than a decade.


* which the majority of nodes are running


That's not how the technology networks. That naive implementation would leave you wide open for sybil attack


This is incorrect. The difficulty is PoS adjusts to meet the target block time just like it does in PoW.


I have to suspect that you are wrong. Can you provide a source? There is no mentioning of difficulty in the spec, instead there are predefined slot times:

https://github.com/ethereum/eth2.0-specs/blob/dev/specs/phas...

Here is how they sync: https://ieeexplore.ieee.org/document/8946264

Assuming they describe the BeaconBlocks mentioned here: https://github.com/ethereum/eth2.0-specs/blob/dev/specs/phas...

Also, which effect would an increased difficulty have?


This might be as good a place as any to ask, since I'm completely out of the loop on the scene: Are there any successful crypto schemes that use human effort (labour) instead of capital/computing effort? Something like Captcha or Mechanical Turk, hopefully something generally useful to society at large. Solving problems that computers can't (yet).

It would seem to be a way to avoid the rich-get-richer aspect because hiring people wouldn't make sense - they'd get more value going it alone, so existing capital has reduced influence.


But then you're basically describing normal currency backed by the nation state. The state can basically print its own money because it backs up its currency with state power - whether it be enforcing laws and governmental institutions, enforcing taxation to force citizens to use its currency, funding military defensive/offensive operations, provide various welfare services to citizens to create a safety net for the economy, and using monetary policies to modulate its growth. And every one of the activities I've listed above is achieved through human labor.

Obviously there is no nation that backs its currency value for an objectively "good" common cause - every nation probably only thinks within her interest for most of the time. If you want to create such an institution which can print money backed by the values you like - then the answer is much more political than technical, and the crypto algorithms alone wouldn't help you in achieving that.


I don't see the direct connection sorry. With currency, gold, etc, it can be stolen or controlled in ways a blockchain currency cannot.

I was merely talking about replacing proof of work with a human step rather than something computed. Intellectual labour (such as to plug our gaps in AI) moreso than physical. Answer a quiz when you buy a coffee or sit there for a few hours to mine coins while analysing a corpus. Something like that.

I saw that some exist, I don't know how relevant they are.


Why would anyone use such a system? For poor people the motivation is clear. However, who's going to contribute the resources required to make it run, if the whole point of the system is to disadvantage those with the resources?


> hopefully something generally useful to society at large

If it is useful then it won't be secure because it would be free to "hash". The mechanism has to be costly. Proof-of-work is in many ways proof-of-waste. If tomorrow we find out that hashing is profitable then everyone can start hashing and be able to attack the chain for free (subsidized by the usefulness). Only the hash power above the useful level can add security.


Gold?


Whoa, according to AllNodes, Expected ROI for Eth2 stakeholders is 16.6%, which easily beats out almost any other DeFi interest bearing account (typically ~10%)!


APR depends on total staked amount, and decreases as staked Eth increases. You can see the chart here: https://launchpad.ethereum.org

Now that the launch has succeeded, I will stake some of my Eth. As more people do that, APR will fall.


Edit: this complaint is null now!

Poo, minimum 32 ETH or at current prices $19k. This reinforces my dislike of staking. Only making the already rich richer. Keeping lesser ETH holders out of the profit.

But who am I kidding; if I magically had 32 ETH to stake I'd probably feel differently.


You can use staking pools as well to stake less than 32 Eth. It's the same concept as PoW. If you have a lot of money, you can buy ASICS and stake for yourself (making you richer). If you don't, you'll join a mining pool and earn money relative to your hash power. PoW makes the rich richer as well, that's life. With PoS, you have at least skin in the game (your stake).


:facepalm: thanks you totally negated my complaint. Awesome, I appreciate it!


What staking pools are available? I found Rocketpool but have no visibility of other options.


In crypto there's this concept of delegation and also pooling. This allows folks with smaller holdings to be exposed to the benefits of staking.


Can this be done non-custodially?

i.e. can an ETH holder somehow delegate a pool to be able to stake with that ETH but not spend it?


Yes, take a look at Rocket Pool:

https://www.rocketpool.net/

The trick is that as the pool leader, you have to put up a 16 ETH stake and other participants pool together to make up the other 16 ETH.

If you misbehave as the pool leader, your 16 ETH is the first to get slashed.

They published a blog post this week talking about how they are pushing back their roadmap until the Eth1/Eth2 merge, though.

Their proof of concept was working great on testnets.


No or people could use that to bypass slashing.


Oooh, gonna be some fun trust scams in PoS world :-D


So probably somewhere between 5~6%, maybe i should convert some of my Tezos to eth in the future.


In the longer term, yes. Plus you can use eth2 in defi (e.g., for lending) to generate additional yield.


No you can't.

You can't do anything with Eth2 that is locked. Some pool staking services offer a token for each ETH staked, but you can not use the staked ETH.


I was referring to longer term developments, in case this is unclear.

Using staked ether in the defi ecosystem will be possible once withdrawal and smart contract functionality is enabled. Until then, there are liquid staking services that offer eth2 derivatives that can be used in defi, as you point out.


You can always take out a loan against your stakes eth2


yEarn is offering ~17% APR on stablecoins, but of course the risk profile is vastly different.


One question - why didn't Bitcoin drop to zero? I know, VHS survive and Betamax didn't, but unlike Betamax, Ethereum is pretty popular for everything, not just for low-class commodity speculation.


Less is more.

What distinguishes Bitcoin from most cryptocurrencies is that a) It has a (relatively) simple goal -- sound money -- and thus less attack surface; and b) Its community is fiercely conservative, to the point that major changes to Bitcoin (e.g. increasing the total supply) are completely off the table. These properties inspire confidence, making Bitcoin a much safer bet than any other cryptocurrency.


This ecosystem is rapidly developing and changing; I think there's still plenty of time for BTC/ETH/LTC/XRP/etc to all exist anywhere from [0,∞).

The narrative that is often pushed forward is that they have different use cases. Bitcoin is a limited-supply store of value (analogous to precious metals). BTC blockchain isn't well suited for quick transactions, but it is the blockchain that is the most robust and secure. Ethereum, being Turing complete, provides an ecosystem on which other applications can be built.


Bitcoin isn't valuable because of its technical properties, just like gold isn't valuable because of its physical properties.

Both are valuable because of their universally recognized scarcity and value. If you want to put your wealth in a SoV cryptocurrency, Bitcoin is the clear schelling point.

Ether will remain competitive with BTC, it may even flip it in market cap, but I doubt Bitcoin will ever go away.


Bitcoin is valuable because of its value?


Just like USD :)


You must pay taxes in USD. BTC and USD are really not comparable.


You must pay for Bitcoin transaction fees with BTC, same idea different scale, I guess.

I don't think taxes justify the value of a state currency, otherwise the value would fluctuate wildly when close to tax season.


Bitcoin is the gateway into crypto. Check the marketcap, and all the pairs are tied to BTC on most major exchanges. It's also the most secure and has the largest community. It's use case is different than Ethereum's.


>>It's also the most secure and has the largest community.

Ethereum's mining fees exceed Bitcoin's:

https://cryptofees.info/

That would mean it has better long-term security prospects than Bitcoin, as security is proportional the revenue earned by validators.


That's misleading. If you factor in mining rewards, Bitcoin has much higher fees per transaction. A total of $18,000,000 more per day spent on validating Bitcoin transactions than what that website claims.


In the case of Bitcoin, mining rewards decline geometrically, at a rate of 50% every 4 years. Mining fees are what any cryptocurrency with an inflation rate that rapidly declines to zero/close-to-zero depends on for security on any appreciable time scale.

That's why I said that Ethereum's long-term security prospects are better. Its mining fees have exceeded Bitcoin's and with the multi-pronged efforts to further scale Ethereum - that are vastly more promising than Bitcoin's - there is a high likelihood of these fees further increasing their gap with Bitcoin's.


There still isn't a lot of real-world use of crypto. Even all the DeFi stuff on Ethereum, while innovative, is derivatives on speculative crypto assets.

As long as speculation is the main thing going on in crypto, BTC is king, since it is purely speculative, has the best name recognition, and doesn't try to hide that fact.


This is a big deal to me. I'm watching keenly to see when the crypto market makes the turn out of niche market space and into the mainstream. Perhaps Eth2 is one of the starting blocks that is needed...


Agree on all point. Especially with Ethereums great innovations in marketing. Sadly their technical innovations are lacking beyond smoke and mirrors


how about getting a higher interest on your savings account using defi on your usdc? Isn't this a real world use case?


That's as much of a use case as "get rich from dogecoin". Both of them are based on speculation. The "high interest" is just a derivative that shapes the speculation a certain way. Underlying it is still people speculating on cryptocurrency.

It's different from a conventional bank account, because there the returns are (theoretically) coming from the bank loaning it to entrepreneurs to buy factory and farming equipment and create value.


The difference from "get rich from dogecoin" is that there is no downside(aside from smart contract risk).

You could however be morally against earning interest through others speculating. In that case you could still earn better interest by just by being USDC-sUSD LP on curve.fi.


One thing I haven't been able to figure out about proof of stake is this:

if one entity somehow manages to control over half to the total ETH tokens, does this enable an attack analogous to bitcoin's 51% problem (which happens when one miner controls over half of the network's raw cpu power)?


No. The required amount is greater than 2/3 (67%) not greater than 1/2 (51%) on PoS for Ethereum.

Also, see this tweet from Vitalik: https://twitter.com/VitalikButerin/status/130129808602782105...

So even if there was a successful first attack from some organised body that's all the time they get.


> The required amount is greater than 2/3 (67%)

I'm not sure that's correct (the tweet doesn't get into any details so I went to ethereum's website https://ethereum.org/en/developers/docs/consensus-mechanisms...)

> The threat of a 51% attack still exists in proof-of-stake but it's even more risky for the attackers. To do so, you'd need to control 51% of the staked ETH. Not only is this a lot of money but it would probably cause ETH's value to drop. There's very little incentive to destroy the value of a currency you have a majority stake in. There are stronger incentives to keep the network secure and healthy.

The keypoint seems to be that if your attack fails your stake gets destroyed so besides the positive incentives (a good stable network working for all) this system also relies on punishing failed attacks.


Correct me if I'm wrong, but you would only need greater than 2/3 of the amount of Ether currently staked, not 2/3 of the total amount of Ether. The amount of staked Ether probably would be less than 10% of the total issued Ether, maybe much less as staking rewards go down.


Correct it is of the staked Ether not total supply. It's an important detail of course and easily missed, a good way for future people stumbling across here to think about it is that any attack only involves those participating in consensus. For Bitcoin consensus is mining. For the beacon Ethereum chain consensus is staking, therefore only staking Ether is relevant.


Great explanation. One interesting aspect of PoS is that attackers really only have 1 shot, and will get slashed or lose their assets. In PoW, you in theory can keep attacking again and again.


So the endgame is that someone owns 99% of all ETH and everyone just accepts it because it's not a threat? Why have a blockchain at all?


A 51% staker who attempted to reverse transactions on ETH2 would be automatically penalized by the destruction of their stake. The network would keep running and the end result would be a large sudden deflation of ETH. On PoW this would be like an attacker's mining rig burning down.

A 51% staker who just censored transactions could hold out longer. If the problem were severe, the community would have to decide whether they want to manually fork off the attacker. The equivalent for PoW would be changing the hash function.

Gaining 51% can be more expensive to do on PoS than on PoW. If 10% of the tokens are staked, you need to accrue another 10% of the total market cap. On PoW, if the annual inflation rate is 2%, the hardware is good for two years, and half the mining cost is electricity, then the total value of mining equipment is only 2% of the market cap, and that's how much you'll have to spend to get 51%. (If miners are rentable, then much less for a brief attack.)


Yes. But thats the point of PoS. Why would someone who owns >50% of something want to destroy it? Literally hurting yourself more just to hurt others a lesser amount.


Correct me if I'm wrong, but if you own > 50% and get the ability to reverse transactions, it can still go undetected. So it's possible to hurt others without hurting yourself.


How would it go undetected? The people whose transactions are being reversed would definitely notice, as would anyone else paying close attention to said transactions.


In theory yes, but in practice the people most involved (holding large stakes) would pull out of the system en masse, crashing the value and (probably) the whole network with it. Same with BTC. In theory anyway.


What if those people had more to lose by pulling out than pretending nothing happened as long as the 51% attacker does not abuse it "too much"?


It definitely doesn't go undetected, as the conflicting transactions would have to be in blocks both forking from a common block, both signed by the attacker, which is a slashing condition that would burn their staked ether.


Also, it would be kind of visible and hard to hide. With sufficient high profile stake holders, this would be very unlikely to happen and even harder to hide.


Ok, but suppose someone owns 50% of the tokens. Doesn't this mean the system is de facto centralized. Even if the majority holder behave well, how is it better than a centralized solution?


Unrealistic surely but, "Some just wants to watch the world burn"


Another aspect of PoS: it makes these attacks incredibly expensive. Currently staked value is over half a billion USD.


Someone (very rich) could bet even more money on that thing falling..?


If a large government decides it's a problem, would they hold it or destroy it?


Vitaliks recent blog post is probably the best place for a quick overview of Pos/PoW attack costs and why PoS looks to be a more secure approach https://vitalik.ca/general/2020/11/06/pos2020.html


I think PoS is much more likely to get wider adoption than PoW with the rest of the Ethereum ecosystem, FWIW. Glad Ethereum is making the switch.


Imagine somehow a single party gets 66% of all ETH, enough for them to execute the equivalent of a "51% attack".

The community will notice and can decide to do a hard fork of the network where they "delete" the attackers coins.

So the network would have experience a hickup, but the hacker has lost billions of dollars worth of ETH and can't attack anymore.

This is different from Proof of Work & Bitcoin. If an attacker gets 51% of the "mining power" (physical hardware), there's nothing the community can do to "delete" their hardware.


Yes


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: