If an attacker simulated an Ethereum network, with 1 million validators in it. He has keys to all validators, because the entire thing is his simulation. He simulates several decades, which in real time is probably several hours.

Then he broadcasts his simulated network to the real Ethereum network, and claim his is the real one. All his 1 million validators start communicate with the real validators. Since his network history has more “total attestations”, his network should be the real one according to the chain selection rule.

This is impossible in PoW, because he would need more hash power than all the other miners combined to simulate a “heavier” history. But that is not the case in PoS. I am curious, how does PoS solve this?

  • Ok-Two3581@alien.topBEnglish
    1·
    1 year ago

    This is a good question. You are a little confused about the validators ability to play things in fast forward to simulate decades though, they must all agree with each other and a random longer chain cannot appear out of nowhere like it can in PoW.

    How finality is achieved is actually a lot more complex on ethereum 2s beacon chain. An epoch is considered final is 66% of the stake had attested to it. Now you are asking what if a large portion of those validators are compromised?

    How it would play out would depend on how much stake the attacked gained.

    Scenario 1: attacker gains <33% of the stake

    if an attacker tries to create an alternate chain history with less than 33% of the stake agreeing on it, the network will reject this as invalid and all the validators will be ejected and have their stake slashed as punishment. Once the compromised validators are removed then things will progress normally

    Scenario 2: attacker gains > 33% but <66% of the stake

    if an attacker gained between 33% and 66% of the stake then the attacker can disrupt the network. As the network needs 66% of the stake to agree to finalise a block the chain will continue in a non finalised state. The nodes that attack the network will all get slashed and removed from the network, and the remaining honest validators can reach consensus. At the same time: the attackers nodes will slash everyone who remains on the legitimate chain, as they will see this as malicious. This will end up with a chain split with the attackers stuck on their own dead chain.

    Scenario 3: attacker gains control of >66% of the stake

    If an attacker can gain over 66% of the stake, then they can cause the network to stall for a very long period of time. By simply refusing to vote, they can cause the network to be unable to finalise blocks. Any node that attacks the network will be slashed and their stake removed from the active stake, and any validator that remains offline would slowly be charged a penalty for being offline, called the “inactivity leak”. This means, over time, the offline nodes portion of the stake will reduce until the network can finalise with 66% of the stake coming to consensus.

    The amounts charged for inactivity leak and slashing amount due to double signing scales quadratically so the more people involved in the attack the higher the punishment to restore order faster.

    In all cases, no matter how large the attack is, the honest validators will still be able to reach consensus amongst themselves given enough time, while removing the malicious validators.