How Secure is Ethereum Really?
At the heart of any distributed network lies the consensus algorithm. This is the “magic” that coordinates between all the nodes in a network and tells each node to process certain messages. One common task for distributed systems is something called “state replication”. State replication is simply the task of making sure each node on your network sees the same state. For example, if the node’s state says the variable ‘x’ has value ‘5’, then the state of all nodes should (eventually*) have state saying the variable ‘x’ has value ‘5’.
This idea of state replication can be used to build a “distributed ledger”, or a “golden record” of some state. In fact, algorithms for state replication have existed for many years, even before Blockchain. Some common state replication algorithms’s are Paxos, PBFT, and, more recently, Raft.
You may be asking yourself, “Well, if state replication existed for a long time, what makes Blockchain so special?”
The key difference is that existing state replication algorithms do not work in a decentralized, trustless setting. It wasn’t until 2009 when Satoshi showed us that a state replication system could actually work in a decentralized, trustless setting. What was his secret sauce? Proof of Work.
Though one can write many pages describing Proof of Work, there is one point I want to focus on in this article. Mainly, the tie between Proof of Work and the state that it actually replicates and secures. The key idea is as follows:
As the value of the underlying system increases, the security of the system increases.
What do I mean by this? As the value of Bitcoin increases, more miners will begin to participate since the increase in value will make mining more profitable. This has the effect of further securing the chain (assuming the miners are honest, which they’re incentivized to be).
Miners get rewarded in the very coin they are helping secure. Since the state that is replicated in the Bitcoin blockchain is the UTXO set (unspent transaction outputs), the “value” of the system is tied directly to the value of the coin.
By keeping the security directly correlated with the state being replicated, a system is achieved where it costs more to attack the network than what an attacker may gain by executing the attack.
In fact, Satoshi mentioned this concept himself back in 2009 through his emails with Mike Hearn. Here is the relevant excerpt from the link:
A key aspect of Bitcoin is that the security of the network grows as the size of the network and the amount of value that needs to be protected grows. The down side is that it’s vulnerable at the beginning when it’s small, although the value that could be stolen should always be smaller than the amount of effort required to steal it. If someone has other motives to prove a point, they’ll just be proving a point I already concede.
— Satoshi Nakamoto
Does this same idea hold in Ethereum? I don’t think so.
The “state” that Ethereum secures is the state of all accounts. An account can be either a contract (has code) or an external account (a user owned account). But there’s a problem…
Smart contracts are too general and Ethereum treats all smart contracts the same. A Ethereum client cannot differentiate between a contract that has little value vs. a contract that has a large amount of value (ex: a simple contract that holds an integer vs. the DAO). To secure such a system, miners must be incentivized enough to want to participate.
But the incentive to mine is tied directly to the value of Ether, since that is the reward miners get for securing the Ethereum chain. However, the value of Ether does not necessarily reflect the value of the underlying system, which presents a security flaw.
Consider the following (exaggerated) example: 1 Ether is equivalent to $500 and there is a token, FakeToken, on the chain that somehow is worth $1,000,000 a token. Now, the Ethereum network is responsible for securing this million dollar token, but does it’s PoW scale to secure such a state when Ether is only $500? No, because miners will only spend up $500 to secure the chain! Ethereum will only have a PoW difficulty level capable of securing a $500 coin but needs to be able to secure a chain with a $1,000,000 token. This discrepancy between the security of the chain and the underlying state can incentivize a malicious actor to attack the system. The attacker could potentially profit from a double spend attack, where in this case the attacker’s intention is to double spend FakeToken instead of Ether. To summarize, PoW incentives do not directly extend to securing a decentralized smart contract execution platform.
Think of it this way: A $10 safe can be enough to secure something worth less than $10, but would you store $1,000,000 in a $10 safe? Probably not. You would increase your security to account for what you are storing.
One may argue that the value of Ether will surely increase if smart contracts that hold large amounts of value are used on Ethereum. But this is not necessarily true because smart contracts can pretty much represent anything. This means the “value” of the smart contract can extend to outside the blockchain. For example, consider a smart contract that handles managing the ownership of an expensive house. The value of the house is determined in the “real world”. The house could be sold in the real world (using fiat currency) and now the smart contract needs to be updated. But the seller could be malicious and attempt a double spend to keep the ownership of the house. To Ethereum this contract wouldn’t be anything special; it just tracks ownership of a house between 2 parties. Why would the value of Ether increase because of such a contract? But the real world reward of double spending such a contract could be worth it, which violates the above property I mentioned: it should cost more to attack the network than the gain from executing the attack.
This leads me to question if PoW can be used as a generic consensus algorithm for something other than “decentralized money”. When you think about it, PoW suspiciously works too well in the context of money. The block reward functions as a way to scale the security of the system with the value of the system, and fixes the problem of minting new coins in a decentralized manner. A lot of people say “Blockchain is the innovation and Bitcoin is just an application”. I don’t agree with this statement because it seems PoW was specifically designed with a decentralized money in mind.
Since PoW relies heavily on incentives, it is very important to consider if PoW is actually the correct consensus algorithm for what you are building.
Image source: FlyerDiaries.com
Originally published on medium.com