You are viewing a single comment's thread from:
RE: HF Idea / Proposal: Witness Disapproval Feature
I am on the fence for this one.
There are merits to the idea, as it would allow more impact of witness votes if one disagrees with one specific witness for example.
But this can be used as an attack vector on the chain, when a bad actor can vote out witnesses, they might have it easier to aquire a supermajority of consensus witnesses.
I think this will be a great feature in hard fork times where voters can downvote witnesses adopting/not adopting a fork.
But my thoughts on the matter are not that well fleshed out, so I don't want to say too much about it :)
Still very interesting to learn about the possible attack vector you mentioned! Thanks for sharing!
And as I do understand and respect you stating your thoughts currently not being too well fleshed-out (neither are mine, just an idea of mine to see what other aspects would be concerned), what could be an effective counter-measure to circumvent the attack vector? Any ideas?
Has that been computed to be possible even with the current SP distribution? Wouldn't that require a 51% (more than 50%) SP-owned by (a group of) individuals, where that group is "small"? And if it is, then why doesn't it happen already right now? Even without witness disapproval being implemented, wouldn't it now already be possible to form SP alliances and acquire a super-majority?
If I recall correctly the idea was that a government could seize some witnesses and downvote all others to gain control over the network.
But on the other hand this would allows stakeholders to do the same in case they get to know one witness was seized.
Another question: suppose indeed some witness node(s) would be seized by another entity. Then that's still not the same thing as taking control over the controlling account. In other words, in case a node would be seized, the controlling account can still communicate / post about it, to let others know to unvote / disapprove for that specific witness. Or in other words: adding the ability to disapprove a witness, would conversely combat the exploitation of seized nodes.
True?
The idea would be to seize the node and add something to the witness software that changes consensus in one way or another. This might not be noticed by the witness at first. In this case we expect the attacker to be competent enough to hinder said witness from noticing/disclosing the situation. Say putting them in jail.
Ahhh! But that is not my idea!
My idea is to keep the current "limited witness slots" but add to it a feature to either approve or disapprove a witness. Ergo "downvoting all others" would be impossible, or do I misinterpret your explanation?
We are talking about an attack on the top 20/30 witnesses, the rest does not matter much for this attack. So basically if they seize 10 and downvote the other 20 they can control more.
hmm... but downvoting 20 others with enough power would then allow another group of 20 to rise to the top? Or am I completely misunderstanding?
Like I said, not yet fleshed out :) Maybe others can chime in to explore if this can be used as an attack
100!
In reality, such an attack would not be likely to be carried out by a government or other large group because they already have enough money to just buy their way into the top 20 anyway ;)
However, the idea of downvoting accounts while also being able to upvote accounts would certainly be a less noticeable way to takeover the system, since the downvoting and witness account running could be spread over numerous accounts, making it hard to track and co-relate the actions to one another.
I do think there is some merit to reducing the number of witness votes though, maybe 9 is a good idea, so that the same SP cannot be used to affect more than 50% of the witnesses.