You are viewing a single comment's thread from:

RE: Fact: Steemit Sybil Attacked the Steem Blockchain

in #steem5 years ago

Steem is designed for an easy 1/3 + 1 attack. What is more, it's designed through the multivote rule to be 100% controlled by a very small number of top SP holders.

I've asked in comments several witnesses about opinion. If I'm not mistaken, none did.

@lukestokes Are you OK with the 30 for 1 centralization rule? https://steempeak.com/palnet/@hotbit/steem-blockchain-multivote-security-vulnerability

Why no community witness had the courage to express his support or the lack of thereof for the centralization multivote rule?

Sort:  

The nature of the issue of with imbalance caused by the witness voting setup has been discussed publicly ad nauseum in the past by me (a witness) and numerous other people. It is true that I personally have never heard some of the top witnesses comment on it, but then I haven't heard some of them comment on much at all.

Solutions to prevent this will be explored. I'm not yet convinced 1t1v (one token, one vote) is the best approach, but it may be an improvement.

As shown in my article, current voting rules cause centralization and recently allowed exchanges to set up all 20 top witnesses.

Interesting, that community witnesses talk a lot about decentralization but avoid any discussion about the power centralizing voting rule.
Another similar post didn't get much traction among the big guys either or didn't get upvotes from the big guys either.

When I brought it up years ago, crickets.

I have been involved in conversations on the EOS side of things about this also and though 1t1v may be better, what high value DPoS chains are using that approach now? Making changes can introduce risks.

I agree, this needs to be talked about more, especially now.

You are the (almost) only one from the people somewhere on the witnesses list who addressed this issue at all.
Thumbs up for this. Thanks.

From my perspective of small fry, it's a delicate political issue the majority of people (witnesses) do not want to talk about in public.

A hard cap limit on mvests witness influence per account in combination with limited number of votes or 1t1v is an improvement.

Steem is designed for an easy 1/3 + 1 attack.

That is very innacurate...1/3 +1 only gives the "attacker" the ability to block a hardfork but you cannot takeover consensus...for that you need 2/3 +1.

What is more, it's designed through the multivote rule to be 100% controlled by a very small number of top SP holders.

It designed for the majority stake to dictate consensus. The number of accounts holding the SP is irrelevant to the consensus logic. This favors centralization.

The real threat is voter apathy. Before this whole incident started only about 28% of the stake was voting (it might have been less so I might be wrong on the exact number). With that level of participation and combined with the 30 vote rule you only need 29% of the stake to take over the witness positions.

Mix in some colusion with exchanges and you have exposed the DPOS vulnerabilities.

The solution seems obvious...limit the number of seats that an account can vote on and incentivize voting (maybe direct a portion of the inflation for that). Although limiting the amount of positions introduces other risks (such as the blockchain forking if no one can control consensus).

"...for that you need 2/3 +1..."

No. All you need is 51% of stake voting. That is what determines how many witnesses control consensus.

Worse, the weight of stake is currently subject to vast multiplication via the 30 votes availed stakeholders. To wit:

User A has 1M Steem. Casting 30 witness votes worth 1M Steem each gives them 30M Steem influence on governance. User B has 100 Steem. Casting 30 witness votes gives them 3000 Steem influence on governance.

The difference between the stake held by these users is 999,900 Steem. The difference between their influence on governance is 29,997,000 Steem. This multiplication of stake weight dramatically centralizes influence on governance, which consensus witnesses have failed to previously resolve.

Clearly, this is a problem, and strongly lends support to accusations of corruption of Steem governance. It's long past time for this deception and centralization of Steem governance to end - possibly too late to save the Steem community from the Sybil attack it has promoted. Other limitations on stake influence on governance is necessary, but accurate weighting of stake influencing governance is absolutely a necessary component of securing Steem from Sybil attacks.

I am provided estimates of Tron's present stake of ~100M Steem. This theoretically enables Tron to deploy 3B Steem influence on governance. That is utterly untenable now, or ever.

That is correct with the current voting rules.

That is very innacurate...1/3 +1 only gives the "attacker" ...

https://steempeak.com/steemtron/@lauch3d/there-is-no-51-attack-in-steem

Good thing we can agree on reducing the number of witness candidates a vote can be cast on. Most importantly, should be 1SP = 1 vote. One can vote on 5 candidates, but each would get only 0.2SP worth of votes.
30 is too many, no average person can make an educated decision about so many candidates. See my post for the details.

The workaround against both options is to simply split the stake to different accounts. Both make it more difficult to overtake the chain with a minority stake but it's better than the alternative.

The current setup allows for a 51% attack instead of the theoretical 2/3 +1 that is needed today...that is very clear.

Limiting the number of blockproducers that a stakeholder can determine has other tradeoffs so it's a complex problem.

The workaround against both options is to simply split the stake to different accounts.

No, it's not. See A splitting stake to A1 and A2 in my article. He can maximize usage of his stake, but still unable to take all the seats.

Limiting the number of blockproducers that a stakeholder can determine has other tradeoffs so it's a complex problem.

If you can point out these tradeoffs. I can't see any. 1 SP = 1 vote simply allows for better decentralisation. JS made an educated decision about 20 candidates, but the average person would not :)

I can imagine a situation where 2 or 3 different versions of the code are running side by side that create different forks that do not agree on the last irreversible block. Each version being supported by different cartels with no clear way of breaking the tie.

this.

Maybe witness will finally understand this after the shitshow is over and finally securing the chain as intended.

Maybe not...

Are there other high value DPoS chains doing 1t1v?

I'm open to pushing for changes, for sure, but please also recognize exchanges voting with customer stake to Sybil attack a chain is unprecedented. It was always a theoretical risk, but was previously considered low probability.

I can't offer a solution at the moment because i haven't spent enought time to research. But there a good start to solve is the fact that 1 stake can vote 30 times. The bigger stakes are the ones defining who are the witnessess. It would be like whoever got the most money decided who the country congressman are.

There is consensus, but no discussion if all congressman have the same agenda.

But using exchanges stakes to help the attack is no different than buying a shitton of tokens and doing the same thing.

Even if it was a theoretical risk with low probability it was a risk with high damage effect.

In risk management you don't only consider the probability, but how big is the damage if that event happen.

Is that design more aligned to a republic or democracy type system?