Quick Links
The Ethereum network is renowned for its robust security and decentralized consensus. With validators finalizing blocks and the support of the Ethereum community, the system is designed to withstand bugs and attacks. However, there have been several ways to extend the use of Ethereum validators and social consensus for other purposes, prompting a warning from Vitalik Buterin. This blog post highlights the associated risks and advocates a cautious approach.
The Distinction: Re-using Validators vs. Overloading Social Consensus
To understand the risks, it’s crucial to distinguish between re-using Ethereum validators and overloading the Ethereum social consensus. Re-using validators in other protocols or applications can be considered low-risk if certain boundaries are respected. However, attempts to leverage Ethereum’s social consensus for an application’s purposes can pose significant risks to the ecosystem.
Vitalik provides several examples to illustrate this distinction:
- Alice creates a web3 social network where Ethereum validators can earn “verified” status by proving control over an active validator key. This example poses a low risk.
- Bob demonstrates control over ten active Ethereum validators to fulfill a legal requirement. This example also poses a low risk.
- Charlie changes his staking withdrawal address to a smart contract where others can submit a claimed counterexample to his claims. If valid, Charlie’s deposit is slashed. This example remains low-risk.
- Dogecoin allows Ethereum stakers to “dual-stake” and join its validator set. If Ethereum stakers violate Dogecoin’s rules, their validators are forcibly exited. This example is also low-risk.
- eCash announces that Ethereum will undergo a fork to delete malicious validators if they conspire to censor eCash transactions. This example represents a high-risk situation.
Vitalik emphasizes that while re-using validators is generally acceptable, leveraging Ethereum’s social consensus for an application’s specific needs can have serious consequences.
Risks of Stretching Ethereum Consensus
Incorporating real-world information or decisions into Ethereum’s consensus introduces vulnerabilities and external conflicts. Vitalik presents a fictional scenario to illustrate these risks.
In this story, an ETH/USD price oracle relies on validators voting on the price every hour. Lazy participants connect to centralized APIs, leading to false reporting and vulnerabilities. Over time, more indices are introduced, and incentives are added.
In 2034, a political crisis in Brazil causes a dispute over the legitimate election winner, splitting the country. Ethereum stakers predominantly provide rates for the southern party’s currency (BRL-S), leading to division within the community. Major community leaders propose a chain fork to exclude the “bad stakers” and drain their balances. However, this decision leads to a 50-50 community split, further dividing Ethereum.
This fictional story highlights the potential risks of incorporating real-world information into Ethereum’s consensus. Even seemingly benign applications like currency oracles can create deep divisions within the community, undermining Ethereum’s original goal of being a neutral and technical platform.
Risks Beyond Price Indices
Vitalik explains that expanding Ethereum’s consensus duties increases the complexity and risks for validators. They become burdened with additional responsibilities, necessitating constant attention and software updates. Externalizing dispute resolution to the Ethereum community creates decision-making challenges and potential community divisions. Moreover, larger projects may gain an advantage in community support, potentially creating a moat against smaller projects.
Finding Solutions
While acknowledging the need for better oracles and bug fixes, Vitalik advocates for case-by-case solutions. Here are a few possibilities:
- Price Oracles: Price oracles play a crucial role in decentralized finance (DeFi) applications but can be vulnerable to attacks. Vitalik suggests two potential solutions:
- Not-quite-crypto-economic decentralized oracles: These oracles could rely on trust assumptions, such as participants getting corrupted slowly. By providing early warning signs, users can exit systems that depend on the oracle in case of an attack. Delaying the reward distribution could also discourage malicious behavior.
- Validator-voting-based oracles: These oracles explicitly commit to emergency recovery strategies that do not rely solely on Layer 1 (L1) consensus for recovery. They could combine decentralized voting and validation elements to provide a robust and resilient price oracle system.
- More Complex Truth Oracles: While price oracles focus on objective data, truth oracles deal with subjective facts. Vitalik proposes developing a decentralized court system based on a not-quite-crypto-economic DAO. This system would involve multiple parties’ oracles, where decisions are made based on collective voting or consensus algorithms.
- Layer 2 Protocols: Layer 2 solutions are essential for scaling Ethereum and improving its performance. Vitalik suggests a phased approach:
- Short-term: Implement partial training wheels (stage 1) to improve immediate scalability. These could include techniques like optimistic rollups or state channels.
- Medium-term: Rely on multiple proving systems to enhance security. This could involve incorporating trusted hardware like SGX, though Vitalik advises against relying solely on such systems. Instead, they could be part of a 2-of-3 system to increase overall security.
- Longer-term: Enshrine complex functionalities, such as “EVM validation,” into the Ethereum protocol itself. By incorporating these functionalities natively, Ethereum can achieve enhanced scalability, security, and functionality.
- Cross-Chain Bridges: Interoperability between blockchains are crucial to the evolving decentralized ecosystem. To minimize reliance on bridges, Vitalik suggests the following approach:
- Hold assets on the chain where they originate: This reduces the need for frequent transfers across chains.
- Use atomic swap protocols: When value transfer between different chains is required, atomic swap protocols can be employed to ensure secure and trustless transactions.
- Using the Ethereum Validator Set: Ethereum’s validator set can be leveraged to secure other chains. While the Dogecoin approach protects against 51% finality-reversion attacks, it is ineffective against 51% censorship attacks. Vitalik proposes an alternative direction:
- Transition to a validium model: Chains that already rely on Ethereum validators can become a validium by anchoring their proofs into the Ethereum network. This approach provides robust security against finality-reversion and censorship attacks, strengthening the ecosystem.
Conclusion
Vitalik Buterin’s warning and insights shed light on the risks associated with re-staking on Ethereum and overloading its social consensus. While re-using validators in other protocols can be relatively low-risk, leveraging Ethereum’s consensus for specific applications can have serious consequences, leading to community divisions and external conflicts. Incorporating real-world information into Ethereum’s consensus introduces vulnerabilities and complexities that validators must navigate.
To address these challenges, Vitalik emphasizes the importance of case-by-case solutions. For price oracles, he suggests not-quite-crypto economic decentralized oracles and validator-voting-based oracles with robust recovery strategies. When it comes to truth oracles, Vitalik proposes a decentralized court system built on a not-quite-crypto economic DAO. For scaling Ethereum, a phased approach involving partial training wheels, multiple proving systems, and the integration of complex functionalities into the protocol is recommended.
Furthermore, Vitalik emphasizes the need to minimize reliance on cross-chain bridges by holding assets on their native chains and using atomic swap protocols for value transfer. Leveraging the Ethereum validator set to secure other chains can be achieved by transitioning to a validium model, which provides enhanced security against attacks.
By carefully considering these solutions and tailoring them to specific challenges, Ethereum can navigate the risks associated with re-staking, maintain its security, and continue to evolve as a decentralized platform for innovation and growth.