“Deathpool” attack on any PoS

Rather trivial binary option contract can be created:

Alice submits deposit X
Bob submits deposit Y

If time < t0 + N*block_time:
Alice can withdraw X+Y
Otherwise (timeout):
Bob can withdraw X+Y

While, on first sight, it seems pointless and harmless, something a kid would write on Marlowe, and we can probably find multitude of examples and variations of this contract on-chain, the danger comes from the intended use.

The semantic of the contract above is actually betting against block production, so Y/(X+Y) is estimated probability of N blocks being spammed (or any other type of DoS, bribing SPOs for instance), thus preventing Alice from submitting her transaction.

Parties can adjust probability based on “network conditions”, as well as more alarmingly the state of “death pool derivatives market”. N should start with 1 block, increase N after successful attack. Y should start with something comparable to transaction fees.

The attack itself (whatever it is) does not have to be tied to a contract since timeout is an attestation of a general disruption on its own.

Condition for successful attack (per block):

expenseOfAnyTypeOfAttack < sum(X_i)

For spam attack expenses would depend on fees and penalties. More importantly sum X_i (all bets attacker/s made) is highly dependent on popularity of such “death pool” contracts

Practical conditions:
“Treat every gun as loaded, broken clock is right twice a day”.

Every network based on PoS or even simply on voting blocks with coins, every network that has no other value rather than smart-contract functionality would eventually reach a point where, for whatever reason, not necessarily related to common sense (hi DOGE!) derivatives market would start rewarding spam-attacks. It is unimaginably much higher budget than any group of hackers (Chinese students?) can raise. And all comes from the power of leverage, which derivatives conveniently provide.

Good historical example from traditional markets would be CreditDefaultSwap bubble during Great Recession. And whatever is about to happen with global economy in foreseeable future.

Estimated impact:

PoW-based consensus: <LOW

• While such contracts are possible even on Bitcoin, it is simply too expensive for attacker to produce desirable block.
• Attacker would additionally risk acquired hardware, since it would be rendered useless if network shuts down irrecoverably + we can slash miners by changing hashing algorithm.
• Btc has a limited scripting language, so building variations and improvements of “death pool” attack would be quite challanging.
• Miners have more common sense than stake-pool operators, they have more at stake than stakes. Btc users have more common sense on the average. Hard to start a speculative market.

PoS: MEDIUM-to-HIGH

• It simply depends on popularity of “death-pool” contracts combined with market sentiment (e.g. levels of ADHD), so depends purely on how expensive propaganda against such contracts is, since…
• censoring such contracts is practically impossible: Alice and Bob can always make a regular binary option with timeout (where fake oracle will always output “true”). Same semantic as deathpool, but indistinguishable from regular bet.
• Selfishness: successful bet against block production doesn’t imply that attack would drop the price of the coin. But, from attacker’s perspective it “raises stakes” for next bet, since previous one was successful. Like a rat pressing on opium pedal.
• Worst of all, some variations of deathpool (either oracle or cryptography based) can be done on other chains, and bet can be done with a different coin than the one under attack.
• Investing funds into promotion of “death-pool” markets is cheaper than attacking directly. The amount of damage it can cause can be severe, especially since it could show PoS-networks (and consequently enforcement of contracts running there) as highly dependent on the budgets of “centralized” and quite inter-dependent companies behind them rather than “community of tech-aware users”, or at least independent wallet vendors (and mining pools) in free market competition as is the case with btc etc.

Mitigations:

• bad one: watch out for rise of “death pool” markets and manually raise fees (through “guided” democracy) and penalties depending on conditions. A) It is impossible to automate such fee bump, since managing is equivalent to a bet for healthy block production, so it’s trading (risk mitigation is not automatable by definition - you cannot foresee future conditions automatically) . B) Fee/penalty would reduce blockchain use, moreover attackers can start betting on fees then.
• good one: prepare to switch to PoW, at least as a back-up. Find justifiable use for your coin (e.g. actual payment method for actual goods and services).
• so so one: disable block-height based timeouts and rely on time oracles exclusively. It is more of a smoke-screen solution, since one can bet on block production health from other chains, or even bet on time oracle’s SLA complience in addition to betting against your blockchain.

P.S. If someone already came-up with attack, I really think there is no better name for it than “deathpool”/“deadpool”, since PoW chains have cryptographic “deathpool” equivalent of it (of negligible severity unlike this social one).

Interesting.

You can’t really spam blocks on Cardano because each node checks the VRF (verified random function based upon pool private key) to see if the pool was allowed to make a block for the particular slot. So this attack involves bribing SPOs to not produce blocks for a specific period of time? What if there are some stake pool operators that are not motivated by short term profit but more by long term success of Cardano? Such SPOs might be difficult to bribe?

If it became apparent that some SPOs were taking bribes then it would seem likely that Cardano user stake might shift against these SPOs such that they will be allocated less blocks in the future. This would make these bribe’able SPOs less valuable to bribe in the future so that now you need to bribe more of the SPOs primarily focused on Cardano’s long term success.

The point is derivative market can raise much more serious funds than any existing group of hackers.

I don’t really tie it to any particular type of attack, but since you nit-picking :).

You forgot an assumption behind your reasoning: “hackers would not spend money, since they would not profit from it”.

One can spam blocks by spamming mempools even on Bitcoin, paying higher fees to SPOs/miners. Expensive? Of course.

But what if you made a bet? Like that South Park “Damien” episode. Most people would bet on healthy block production, since “sciences/stats/academics/Charles say so”. That some leverage, huh?

Even last years attack on Cardano, could’ve been profitable if the right bet was done “is some SPO gonna attempt to spam its own block kamikaze style”. “Will IOHK spend money on diverting users from SPO”. 100000:1 bet, right?

In case of bribing SPO. People can move away from SPO, but the damage is already done. It depends on whether bribe compensates the future profits of SPO as well as SPOs estimates of it.

You’re implicitly thinking in terms of “attackers won’t have enough money”, “we’ll get more SPOs”. Attackers can have more money, that’s something that doesn’t require proving (can only show severity) in this context, it’s our reference point, arguing against it is arguing against tautology. “We’ll get more SPOs” however does. SPOs don’t grow on trees. In a severe case, same malicious actors can advertise themselves as new SPOs under different brand, “rebranding” happens all the time in business, new pledges and funds for ads can be raised from derivatives, since first 1-block attack was successful. Ouroboros is basically proven under assumptions “rebranding” won’t happen, malicious actor is assumed out after losing stakers.

Stakers behind SPO can be bribed as well. They won’t lose much. Especially since disrupting blocks doesn’t mean price of ada would go down, as it turns out. ADHD economy.

A bit of “insight info” as a bonus: IOHK had to consult SPOs on setting up SPOs security, Charles was even mentioning it publicly since it was one of his concerns. So SPOs have limited technology proficiency, means that they themselves could be under attack (both technologically and socially), so again bribing them is not the only option.

Governments are known to be fallible particularly due to “public servants” being such.
Traditional derivatives market is one of the key driving forces behind current socio-political situation. Those CreditDfaultSwaps (bets against counterparty credibility) were widely sold by DeutscheBank against its own common sense during Great Recession. The same bank behind Trump (and revolut, btw). FED saved it, regulators backed off, and the bank continued its self-destructive activities nevertheless. I was personally witness to it in NYC in 2014, guess what happened next, what happened in 2014. You can also guess where in Eurasia DB outsourced CDS instruments IT, guess what language those people were speaking, since Cardano is still maintaining it on this website despite any common sense. Guess why DB chose least technologically developed outsourcers, the ones who would not question a thing, just do their job badly since it’s all they can do. Why they were so crucial for CDS and later for DoddFrank reporting pipelines, for storing DB’s ledgers and such. (all open info, most of it on Wikipedia).

Such drama, a Haskell dev would project it infinitely into the future, why use timeouts if halting problem is undecidable.

What can we learn? Nothing stopping IOHK from sponsoring its first “deathpool” derivative marketplace where users can bet against Cardano.

P.S. personal comment: as an engineer and Scala/Haskell dev (literally spent some time in IOHK, not on ouroboros/plutus though) I understand how hard it is to imagine people acting against common sense, and how hard it to see that company sponsoring Rust in Linux kernel or whatever being actually for-profit, that your salary doesn’t grow on trees, that you delusioning yourself thinking that your only “lie to yourself” is that your “nix-based infrastructure is getting better” or that “100% coverage test is not equivalent to mathematical proof”, or “infinities exist…lazily” or that “category theory actually has some justified applications” or that “identity is equivalent to equivalence is equivalent to everything being identical to everything” (what psycho-analysis called desensitization) and funds were not wasted on mathematical pseudo-science (Hott, category), there are some applications to it.

But reality is that derivative market can raise more money than IOHK’s 3d party security budget or Charles wealth for that matter. It is more influencing than any influencer. Traditional option markets leverage more money than ever printed. Not fully collaterized obviously, but imagine the influencing power of numbers! The horror of numeric instability, or worse: what happens when your food implicitly becomes collateral.

And even if attackers lose money, next ones will see that something is achieved already (block is spammed/prevented/whatever), so they will raise more. Making new bets!

And even tech-aware users like me would bet against Cardano, since Bitcoin is simply better (wouldn’t bet against Bitcoin much), no one really has any serious working alternatives (yet!) and speculative alternatives (funded through ADHD) are starting to be simply too expensive to keep.

You are not banned. Your post was falsely flagged for spam and i had to approve your message. I would like to ask you do delete your new account and use your original account again.

Okay. I’ll stay 14 :).

I guess Trump triggered it :).