Concerns over staking pools


#1

I know the idea behind the staking pools is to decentralize the block minting, while maintaining a wide distribution across several nodes. Lately there has been talk that the pools would be incentivized to cap themselves at a certain threshold in order to prevent the top few pools from holding a vast majority of the staking power.

My fear is this…

If an actor in this situation wanted to be adversarial, I think the game could be swayed in his/her favor quite easily with a stake in ADA amounting to much much less than 51%. For ease of numbers, if we expected to have 25B coins be staked, and IOHK setup staking pools’ incentives to encourage 1B coins/pool, the resulting expectation over a given period of time would be to have ~25 pools. (Obviously some people will stake themselves, some pools will exist that aren’t at the threshold, and some may even be over… but for simplicity, I think these estimates are accurate enough.) I think it is safe to make the assumption that, much like we see in BTC mining pools, people will join the larger pools in hopes of receiving more consistent returns. Now, given these assumptions, I think it would be very feasible for an adversary that owns anywhere close to 1B ADA (possibly much less) to take advantage of this. The method would be to stake your own pool with ~900M ADA. Most likely, you will have one of the largest stake pools that hasn’t been capped at the 1B. Many people will likely flock to your pool and drive it up to 1B. Once it reaches that soft cap, you move 100M of your own coins out of that pool and back into your wallet. You wait for another 100M ADA to flow in, and then it’s just wash, rinse, repeat until you no longer have any of your own coins staked in your pool. At this point, you now have one entire pool worth of sway on the network. Then, it is just a matter of setting up another pool, moving your ADA into it and starting the process all over. It may take a while, but over time, it seems that one individual could game the network to control more than 51% of the block creation.

It’s possible that I am missing something here, or that there is a way to punish/discourage this type of behavior… curious what others’ thoughts are on a possibility like this.


Staking Pool Attack Vector?
#2

Interesting thoughts. This is a bit like control system design in electronics. You want your hot/cold tap to balance to the desired temperature as fast as possible, but given the lag in the system you don’t want it to overshoot. You also want to hold it at that temperature desipite fluctuations in the environment.

An incentive system modelled on a controller like this would protect against the case you’ve described. Every pool you started would be most profitable right at the start.

This might be interesting reading https://en.wikipedia.org/wiki/PID_controller


#3

This is why other POS coins require you to deposit and lock a number of your own coins to operate a fullnode.


#4

Already we see another use case for the “read only wallet”

If this were possible the pool operator would publish their read-only wallet, we could all see they were delegating their own funds to the pool and how much.