@railgun_project says This is a well known drawback of proof-of-work systems that was talked about even before Ethereum was launched.
It is inaccurate to say that this is a recent "disclosure"
@mesquka says Not as big of a discovery as it's made to seem IMO. Essentially just intentionally caused temporary chain forks to gain a competitive mining advantage. Known as an issue in PoW since Bitcoin launch (see any discussion about 'Longest Chain Rule' and things like 'Selfish Mining')
> @railgun_project says This is a well known drawback of proof-of-work systems that was talked about even before Ethereum was launched. It is inaccurate to say that this is a recent "disclosure"
this isn't an inherent weakness of proof-of-work systems, it's a weakness of proof-of-work systems that allow difficulty back-off if a block is not found quickly enough.
It's always been kinda hilarious watching the various crypto factions slapfight and strawman each other to hell and back... ladies, please, you're all awful, each in your own way.
(coming from a person who backs neither and merely follows crypto-tech in order to refute the arguments more accurately)
All the tweets about it being a well known drawback are missing the point: yes, we knew that there's a general class of attacks affecting PoW this way, but it's the first time AFAIK that there's been public evidence of this attack actually occurring.
Finally, even @foldfinance and @mesquka are toning down their comments.
@foldfinance: "F2pool is doing additional exploitive behavior besides the one described here, sorry if that was not clear in our tweet."
@mesquka: "Yes, the specific execution of this particular attack is unique to ethereum due to it's dynamic difficulty adjustment, but block withholding and timestamp manipulation as a class of attacks are well known."
> Whenever F2Pool's block timestamps reach the point where mining difficulty is supposed to decrease, they artificially set them to be one second earlier. F2Pool has been executing this attack over the past two years, and the evidence has been hiding in plain sight! ...
This has the effect of making it harder for the rest of the network to compete against F2Pool's blocks. In this way, F2Pool can, or so it appears, give itself an advantage while taking zero risk. It would be irrational not to adopt this strategy. The thread doesn't say what happens if the entire network adopts this strategy - maybe it's in the paper...
The attack is called "Uncle Maker", as it allows attackers to displace main-chain blocks with their own blocks, thus making these displaced blocks become uncles.
By analyzing the timestamps of the last 3 million blocks, it becomes apparent that F2Pool has performed the attack in the wild.
Probably that if you weren't mining on f2pool for the last few years you were severely disadvantaged, and that if every other pool doesn't start executing this "attack", they are not playing the ETH game correctly.
exaggeration does not lend clarity .. an advantage is short-lived, like so many opportunistic moves in real life? the math says that the "severity" of the disadvantage is related to the change in difficulty at that juncture
The issue with fusion has been the same for the last 50 years.
Harvesting the gamma’s full electron volt right out of the reaction.
We’re still 50+ years away. Nothing in modern technology suggests otherwise.
Science media has to explain why billions are dumped into these programs each year (as though edge science isn’t enough.)
In the meantime, everyone will be happy if we can harvest just enough to make the cost of the exchange worth while. most optimistically through harvesting the heat from a sustained reaction (which is 1000 x less potential).
> Although most mining pools produce relatively inconspicuous-looking blocks, F2Pool blatantly disregards the rules and uses false timestamps for its blocks. Specifically, whenever a block should have a timestamp difference from its parent which is divisible by 9 (precisely the time at which mining difficulty decreases), F2Pool hangs at the preceding second a while longer, thereby increasing mining difficulty and profits. Thus, in the past two years, F2Pool didn’t have even a single block with a timestamp which is divisible by 9.
It matters according to equation (48) on page 7 in the Ethereum design specification [1].
This section specifies how to adjust the difficulty target for each new block. The optimization (I hesitate to call it an attack) identified in the paper could have been rendered ineffective if rounding down (for division by 2048 and by 9) was delayed until after the multiplication in equation (45), resulting in a much smoother adjustment.
The so-called "yellow paper" sadly lacks a motivation of all the seemingly arbitrary numbers involved.
As the 2nd tweet explains, the difficulty of Ethereum changes dynamically amd can decrease the longer that a block hasnt been mined, this is not the case in Bitcoin.
Bitcoin also adjust difficulty - but does that every two weeks or so. would it make sense to mine for a sibling for the last block before the difficulty increase while everyone else mines for a child block with increased difficulty? thus having twice the relative hashrate for 10 min every time difficulty increases.
No, this attack wouldn't work on bitcoin. Bitcoin chooses the chain with the most total work (which is blocks x difficulty), not the most blocks. Else someone could fork the chain from a block sometime in 2009 when difficulty was very low and outpace the rest of the network.
Yeah I had to read that a few times due to to a triple negative and a comparison, I think it's trying to say that the strategy has no parts that have any chance of earning you less money then normal.
It seems to me that there's a delicate, probably impossible balance: the difficulty decreases at the critical times, but not fast enough to compensate for the tiebreak.
Suppose the difficulty decreased by a lot: at 0:59 it is effectively impossible to mine a block but at 1:00 it is so easy that a speak-and-spell could do it. In that case, it seems like the optimum strategy for a selfish miner would be to try to post-date the timestamp and mine an "easy" block. It would still lose to a legitimately-mined "hard" block, but it would profit in expectation by being the first "easy" block to reach the network.
On the other hand, setting a difficulty schedule such that there is no single optimum timestamp might impose a too-fast decay on difficulty.
> We introduce a novel attack vector on proof-of-work (PoW) cryptocurrencies which relieson timestamp manipulations, instead of traditional ones such as block withholding
This news is not as bad as known advantages which can be exploited in PoW for several years now, namely selfish mining, which only benefits the largest or most coordinated miners. This attack is open for all, which effectively cancels out the advantage it offers (assuming everyone does it); the externalization is consistent, minor inaccuracies of time stamps on blocks.
This does not work on bitcoin. Bitcoin’s difficulty targeting algorithm only retargets every 2016 blocks. This attack is only possible for diff target algos that retarget within a single block slot.
Didn’t read the article? They say at the end if this is how Eth manages a known consensus system, it reflects poorly on how they will implement a far more complicated and unexplored one.
@foldfinance says We have known this to be the case with F2Pool for awhile but flashbots refuses to do anything
See https://nitter.42l.fr/foldfinance/status/1555477252736897024...
@railgun_project says This is a well known drawback of proof-of-work systems that was talked about even before Ethereum was launched. It is inaccurate to say that this is a recent "disclosure"
See https://nitter.42l.fr/railgun_project/status/155556027729019...
@mesquka says Not as big of a discovery as it's made to seem IMO. Essentially just intentionally caused temporary chain forks to gain a competitive mining advantage. Known as an issue in PoW since Bitcoin launch (see any discussion about 'Longest Chain Rule' and things like 'Selfish Mining')
See https://nitter.42l.fr/mesquka/status/1555562671575023618#m