Potential Witness Exploit
Let me start off by saying I've made no effort to test this, so it more than likely wouldn't work. Based on the various mining guides I've seen, it is made very clear that you should only be running a witness for your account on one computer. The same witness setup is used for mining as for the delegated proof of stake (DPoS). Now, it is often repeated that "you should not mine to your witness". Thus: if you want to mine, then start your account as a witness (using your "active" key) and set up a miner in config.ini. If you instead would like to witness for DPoS, stop mining to that account, and vote for it as a witness.
The claim is that if you run a witness on two computers, or through some other means, you could end up witnessing two blocks simultaneously, if noticed, you are perceived as attacking the network, and forfeit your full account balance. The problem I see here, though, is what if a miner is also voted as a DPoS witness without his knowledge by someone with a lot of vests? Wouldn't that make it possible for him or her to witness and mine a block simultaneously, thereby forfeiting his balance to the attacker? This doesn't have to even be malicious, someone could just vote for someone as a witness not realizing they are actively mining. Alternatively, if you look at the queue on http://steemd.com/witnesses you might fine a miner you have a personal grudge against, and desire to attack them.
I haven't looked through the code myself, so I have no idea if this attack would actually work. I just wanted to make sure the right people were aware of this potential attack vector.
Hi! This post has a Flesch-Kincaid grade level of 9.1 and reading ease of 72%. This puts the writing level on par with Michael Crichton and Mitt Romney.
That would also mean that he would not have updated his witness with the command:
so he would not be on the dpos witness list...
bad even if he is in the list (because in past he was an active dpos witness) but now he is not active anymore, this would prevent him to get included in a queue to produce witness blocks I assume...
https://github.com/steemit/steem/issues/278
Fair point, and that git commit will definitely help prevent this. I was told double signing penalization was deactivated, so it's a non-issue for now anyway.
Having said that, there's a user who is currently undergoing the scenario I laid out! @proctologic set himself up as a witness, obtained a substantial amount of votes, and decided he'd rather mine instead. He unvoted himself as a witness, and began to mint PoW. But he's still high up on the witness rankings due to others' votes. An interesting predicament.