“You gotta slash the hell outta them”
Do you like crypto-philosophy? Do you enjoy battling with ethical conundrums and challenging yourself to find the right answer, when all choices are hard?
If so, then you’re in luck.
The ethical dilemma of social slashing in Proof-of-Stake presents one of the most interesting conundrums in crypto-philosophy that currently exists. In this piece, I’m going to try to convince you that social slashing is the only correct choice if you care about Ethereum, and why this conundrum is not a sufficient reason to want to walk away from Proof-of-Stake altogether.
Background hella quick
On Aug 8, 2022, the US Treasury added Tornado Cash addresses on Ethereum to the OFAC SDN list. A few days later, Tornado Cash developer Alexey Pertsev was jailed in the Netherlands.
Some brilliant person decided to “dust” the wallets of industry leaders and influencers with sanctioned funds to make sure that the real implications of the steps these teams were taking weren’t lost on the community.
This havoc was of course a huge source of entertainment for the Bitcoin community who never believed that Ethereum’s “DeFi” was decentralized or censorship-resistant in any real sense of the word.
But! A censoring front-end is not really a fatal issue per se. The great thing about DeFi is that anyone anywhere can host a website that interfaces with the underlying smart contract systems on Ethereum. You can even do it yourself locally.
That’s the sad thing about the sanctions, in reality they will do very little to stop the North Korean hacker groups the US were supposedly trying to stop with this. They’ll just make life harder for average people.
As long as censorship is just happening on some front-ends, it’s expected that the industry will eventually find frictionless ways for people to circumvent these blockades for the unlucky folks that have ended up on a sanction’s list.
Things only get really bad if censorship starts happening inside the Ethereum system itself. Say, in the block construction process for instance.
At the end of the pipeline, after Ethereum moves to Proof-of-Stake next month, the final arbiters of what goes into the blockchain and what stays out are the stakers (validators). Until PBS arrives, it is ultimately their responsibility to decide which block construction method to use.
That’s why these comments by Coinbase’s CEO Brian Armstrong sent a chilling reminder that many validators are controlled by regulated entities that must comply with US regulation.
So, what’s the issue here?
Well, one of the absolute core purposes for blockchains such as Ethereum is to provide neutrality and censorship resistance. That’s why we tolerate that the system is slow and expensive to use at times—because of these unique qualities. A threat to censorship resistance is a threat to the system’s raison d’être.
Now, an individual miner in a blockchain deciding to not include certain transactions is not anything new on its own. In fact, Bitcoin mining pool Marathon used to mine “OFAC-compliant blocks” in the past. And indeed, the Ethermine mining pool has responded to the recent OFAC additions and is now censoring Tornado Cash transactions in Ethereum.
While trends like these are worrying, we don’t consider it an “attack” on the system unless the miners or validators actively work to exclude valid, OFAC-non-compliant blocks from the blockchain via reorgs. Marathon did not have nearly enough hashrate to engage in a such a censorship attack (51% is required) so until now, true censorship hasn’t really been a real worry.
Summoning The Evil Cocktail
A number of items have lined up to make the current situation in Ethereum extra pernicious, which has elevated the tone and the demand for answers:
- The US government putting a smart contract address on the OFAC list is a first. It used to be individuals that were sanctioned, not contracts. This, in addition to Tornado Cash developer Alexey Pertsev being arrested in the Netherlands, gives the general impression that governments are aggressively moving their pieces forward on the chessboard.
- Many teams developing DeFi applications (along with the Ethermine mining pool) quickly complied with these sanctions, and according to some even with an “overcompliant” tendency.
- With the Merge, Ethereum is replacing all its miners with validators one month from now and these validators’ makeup and stance on OFAC compliance is not well-known.
- The Proof-of-Stake mechanism itself has an inherent weakness in the sense that regulated custodial entities such as Coinbase, Kraken and Binance will play an outsized role in its dynamic.
- As per Ethereum’s design choice to preserve the safety of Proof-of-Stake, there is no easy way to unstake large amounts of ETH quickly. Exiting the stake from the validator set can take 1–2 months for a large staker like Coinbase (this is a separate issue from withdrawals being disabled until the next Shanghai hardfork which many incorrectly believe to be the first bottleneck).
- There are fears that “putting signatures on OFAC-non-compliant blocks proposed by other actors” in PoS is a more easy thing to regulate than “hashing on a chaintip” in PoW. Illogical or not, regulated entities may be more unwilling to put their signature on OFAC-non-compliant blocks in the Proof-of-Stake attestation process than miners are to mine on the latest chaintip in Proof-of-Work.
It is important to emphasize that point 6 here is mere speculation. As of now, there has thus far been no signal whatsoever from regulators that OFAC compliance should involve changing the behavior of one’s validator to go as far as manipulating the block order in the blockchain.
But there is uncertainty, and there are not completely unfounded grounds to worry about the implications of overreach. If Ethereum is caught off-guard just because more aggressive OFAC regulations hit right during the Merge transition and the network was effectively censored for 1-2 months as a result amidst the confusion, it’d be a blemish on the network’s history and a terrible start in the transition into Proof-of-Stake.
Also, if censorship stops occuring simply because Coinbase “chooses” to exit their stake to respect the values of the Ethereum community, it would seem that Ethereum’s censorship resistance is not credible, just merely something that exists as long as regulated corporate entities *allow* it to exist, which is not what censorship resistance means.
The Defense Mechanism is Known and Obvious… Why Is No One Talking About Our Special Weapon?
When Andreas Antonopoulos got the question, what do we do in Bitcoin if a state actor controls 51% of the hashrate and uses it to destroy Bitcoin, this was his famous response. It is one of the best articulated replies to an audience question I’ve ever heard. I felt like running through a wall after hearing it the first time.
The threat of nuking the Proof-of-Work mechanism and starting over from square one with the entire Bitcoin ASIC industry for everybody sounds extreme, perhaps even farfetched, but the fact that it can be articulated as a logical plan is a strong deterrent for anyone from ever trying to attack Bitcoin. It is a form of mutual assured destruction and forms a Nash equilibrium between the attacker and the defender.
Personally, I see this as a prerequisite for security and censorship resistance in a blockchain.
There is an equally good video of Vitalik making the case for PoS (which I annoyingly can’t find right now) and what he describes is essentially this:
As long as I’ve been interested in Ethereum, this asymmetric advantage for the defender, even when compared vs. PoW, has been one of the key motivations that I think that Proof-of-Stake deserves to get seriously explored, and that it’s a good thing if our second-largest cryptocurrency uses it (the other motivation being this one).
Vitalik’s description of the advantage of PoS is in my opinion certainly true, but it misses two important things, especially if it’s supposed to be brought into the full context of Ethereum, not just PoS in isolation:
- Ethereum has DeFi which has many more external dependencies (oracles, multisig sidechains, L2 sequencers, stablecoins) than non-DeFi chains. Many of these may struggle legally to go along with the OFAC-non-compliant “rebel”-fork of Ethereum, even if the community wants to. The Ethereum UASF “won’t work”.
- Principal-agent problem: When the “attacker” in this case is an entity like Coinbase, it’s not their money that gets burned, but instead billions of dollars staked by institutional clients and retail users through Coinbase’s custodial staking service. The Ethereum UASF is “unfair”.
Solving the Crypto Philosophical Dilemma
If you’ve made it this far in the article, congratulations. This is where you’re going to need to exercise those ethical-dilemma-cracking muscles. You now have sufficient background information to understand the dilemma, and we’ll now spend the rest of the article counter-arguing the above two points.
We’ll start with the second point first.
The Ethereum UASF is “unfair”
It’s definitely true that the Ethereum UASF would probably end up hurting a bunch of clients staking at Coinbase if this action is taken. I argue that this is actually not unfair or unusual in any way, and not even different from PoW:
- After the Merge, the supply inflation in Ethereum is expected to be ~0% or negative. You get less diluted as a non-staking ETH holder than you would as a bitcoin holder. There is no “pressure” to become a staker. People who stake at a staking service are not innocent. They’ve given away a powerful resource to a potential attacker to receive a yield. All stakers, solo-stakers and pooled stakers, have a responsibility to understand the risks involved with staking, and it is important that this is communicated clearly now so we don’t need to clarify this later.
- Most people understand that if Coinbase uses their stake to double-spend, Coinbase will get slashed. This is in the protocol rules. There’s no ambiguity here—if you are a staker at Coinbase and they do this, either by mistake or because they got hacked or because they acted maliciously, they unequivocally will get slashed, their clients included. Why should it be any different if the attack they engage in is censorship? Slashing those who conspire to censor the chain would be automated if it was possible to automate it, it is only for practical and technical reasons it needs to be coordinated off-chain. But why should a mere practicality change what’s right or wrong from an ethical point of view?
- The principal-agent problem exists in Proof-of-Work as well. Ignoring mining pools for a moment since they’re notoriously easy to reconfigure yourself from, Blockstream’s colocation mining creates the similar dynamic for miners. That is also a more “convenient” form of mining that is cheaper and leads to a principal-agent problem with dire consequences if Blockstream was forced to do anything unsavory on behalf of the governement or some other attacker. Blockstream is also not the only company offering these services, these services are spreading. The full extent is just opaque and you likely won’t even know it’s happening.
- If the system was instead Proof-of-Work and miners were engaging in this censorship (as we’ve already seen tendencies to with Ethermine), the defense mechanism there would be to abandon the Proof-of-Work function. This is also a nuclear option that hurts everybody. Everyone’s hashing equipment would turn useless overnight. If this was Bitcoin, that’s many billions of dollars in losses to actually innocent people. Coinbase stakers atleast played a role in the conspiracy by greedily capitalizing a player that wasn’t likely to uphold the network’s virtues!
If, somehow these arguments aren’t enough for you to start thinking about this differently, then entertain the following idea. Proof-of-Work and Proof-of-Stake are different mechanisms to combat state control. Proof-of-Stake is interesting because it gives the state at least one less reason to try to quench it—they can’t pull the “environment” card against it. This, in combination with the theoretically asymmetric advantage described in the previous section gives Proof-of-Stake a different “defense profile” than Proof-of-Work, and it is in our interest to try both these mechanisms against the state instead of betting just on one.
The Ethereum UASF “won’t work”
It’s definitely true that the UASF is harder to pull off in Ethereum because of all its DeFi dependencies (oracles, multisig sidechains, L2 sequencers, stablecoins), and although this has nothing to do with PoS, it still needs to be addressed.
I don’t agree that a UASF will fail because of these dependencies. Just because a sufficient threshold of validators are censoring the baselayer, that doesn’t mean that every single oracle or stablecoin issuer will need to drop everything and go along with OFAC-chain. The dependencies on Ethereum are vast and diverse. Yes, maybe USDC will support OFAC. But will USDT? I haven’t really seen the US government be successful at forcing Tether’s hand on anything.
In either of these cases, for practical reasons you’ll see in the final argument, there will be need to be a coordinated delay until the OFAC-chain takes off. During this time you have time to unwind any DeFi positions involving USDC and any other stablecoins that have flagged support for the OFAC-chain, and to redeem all the USDC (or just dump them for USDT). You can withdraw from oracle systems that don’t support your chain after the fork, etc.
There will indeed be a mess, especially for those who don’t have time to tend to their positions for whatever reason, but perhaps not quite as dramatic as you perhaps previously thought.
Ultimately, chainsplits such as these are settled by the market. Not saying that Bitcoin’s UASF is comparable, but an interesting historical anecdote is that when Bitcoin’s corporate Segwit2x fork was priced vs. the rebel Bitcoin UASF fork on Bitfinex’s futures market, the rebel UASF fork retained 85% of the value and the corporate Segwit2x fork only received 15%. In my view, this ultimately collapsed the Segwit2x movement, and it happened on the futures market before the fork moment even occurred.
My final argument and the argument I’m expecting to take this conversation home, is that it’s actually more likely that the OFAC-chain is the one that isn’t going to work.
First of all, consider that all validators on the OFAC-chain are inherently somewhat vulnerable to a DDoS attack. If you submit a long, complex transaction that at the end of it makes an unpredictable call to a sanctioned address, then the transaction will need to be rejected but validators won’t be able to charge any gas for it. This allows any user to abuse the computational resources of the validators.
To fix this, validators can implement filters (e.g. a 24h timeout to any sending address that made a sanctioned call) to protect themselves and make the spam more costly for the attacker, but the cleanest solution would probably be to change the code so that they can simply charge fees for all invalid sanctioned transactions.
Such a change would imply a hardfork, and sounds like a lot of work. But it might be worthwhile for the OFAC validators to coordinate their censorship-fork as a hardfork anyway, since there will be a need for replay protection between this chain and the neutral chain. The OFAC validators are probably going to want to launch their censorship attack as a concentrated effort regardless, otherwise they risk getting punished for inactivity leak if individual validators starts censoring at their own volition.
And again, who’s going to help maintain this OFAC-client? I strongly recommend you listen to the All Core Devs call from last week where Geth developer Marius Van Der Wijden expressed the following sentiment:
If we allow censorship of user transactions on the network, then we basically failed. This is *the* hill that I’m willing to die on.
If we start allowing users to be censored on Ethereum then this whole thing doesn’t make sense and I will be leaving the ecosystem and maybe start something different that provides these guarantees, and I think there are a lot of people that think the same thing.
I think censorship resistance is the highest goal of Ethereum and of the blockchain space in general, so if we compromise on that, there’s not much else to do in my opinion.
I’m skeptical they could even get a client off the ground. Maybe a particularly nice Geth developer will stay on the OFAC-team and leave some “accidental” bugs in it?
Also, who wants to go to the OFAC-conference? Will you?
Look, it doesn’t take a brilliant mind to figure out why the OFAC-chain is basically dead on arrival. How do you think an OFAC-chain is even supposed to work? Are all the validators supposed to agree on a single list of addresses to censor? And will that list include all the sanctions list from all the countries? The US OFAC ones yes, but what about the Russian ones? The Chinese ones? The North Korean ones? How do you reach consensus if everyone wants to sanction each other?
You can have a US-OFAC-chain and a China-CCP-chain perhaps if you want, maybe that’s an idea? But all of these fragmented oxymoronic chains will have to compete against the universal Ethereum, with the fun conferences and the smart developers.
By the way, if you’re an US-OFAC-chain, why would you even bother with slow decentralization? Can’t you just run a US Proof-of-Authority network, and forget about staking altogether? Trying to have the network validator set decentralized when you want to centrally control which transactions go in and out will only cause problems. But then again, how much will the currency in this system be worth vs. universal ETH? You’d probably have to drop the monetary aspirations on this chain
We may only have one shot to get Ethereum right. That direction is not OFAC-chain. By signaling your support for the UASF fork, which is the only viable option, you will likely help deter actors such as Coinbase from staking if they think they have to engage in baselayer-censorship.
The risk of losing all their clients’ money in a UASF fork is simply not worth it. If you’re a big staker it is way smarter to back down and exit the funds through the exit queue as fast as you can (1–2 months).
This response from Brian came one day after the poll to slash Coinbase’s funds ended, with a resounding yes result including votes from people such as Vitalik, Bankless hosts Ryan & David, Anthony Sassano, Larry Cermak and Polychain Olaf.
We can get these entities that threaten the neutrality of our platform to back down. We have a real shot at securing Ethereum’s future. That involves preparing code for UASF-ready consensus clients, and preparing ourselves as a community. You should be talking about this with your fellow etherean to make sure where you stand.
Are you on the side of neutrality or on the side of OFAC?
Are you on the side of Alexey Pertsev or the people who jailed him?
X 🏴 .
Who decides these things? Who decides what an attack is, and what's acceptable behavior? Who says that it's one of the design goals of Ethereum to include OFAC-non-compliant transactions? Is there a constitution somewhere?No, there is no constitution. No one "decides" this per se. The words "censorship resistance", "neutral" or "permissionless" don't even exist in the whitepaper, although there is some language that involves "allowing anyone to write smart contrats" when describing the system's intent.Freely speaking, it has just always been informally understood to be one the design goals of Ethereum by its creators and the early members of its community. The above words are nowhere to be found in the Bitcoin whitepaper either, but it did not prevent the Bitcoin community from understanding it as one of its primary objectives and planning to great detail how the community should act if the miners at any point were to censor the chain from certain transactions, including changing the Proof-of-Work function to make all current mining equipment obsolete.To consider censorship unacceptable and something that must be fought at any cost is an idea that has emerged organically within the Bitcoin community, and the Ethereum community has inherited many of these values as well.But what if the community wants to censor some type of transactions? What if censorship has consensus?Technically, it is true that the community can always come together and decide that some form of censorship is desirable for whatever reason. It can have to do with preserving the health of the system, or perhaps, as in Bitcoin's UASF case, wanting some upgrade to be introduced into the system (in the Bitcoin UASF which occurred in 2017, BIP91 and BIP148 allowed users as well as miners to reject, i.e. censor, any blocks that did not signal for SegWit activation, in order to ensure its deployment on the network).However, these are not types of censorship that are generally understood as attacks. Censorship is really only understood as an attack if it prevents a specific set of users from transacting in some way especially if it has external political ties.What's the required % of stake one must control in order to censor the Ethereum blockchain?There are multiple penalties and rewards in Ethereum's Proof-of-Stake system, so this question isn't as simple as one would think. It depends on exactly how censorship is enforced and also on how the subjects respond. Vitalik estimated the required threshold to be between 20-50%.