Author: Ethan Heilman 2019-04-19 01:13:07
Published on: 2019-04-19T01:13:07+00:00
In this email conversation, Ethan Heilman proposes a rule for SPV clients to download and validate the "longest chain" up to more than one block greater than the height of the losing chain. This is an improvement over the current SPV security assumption that the chain with the most Proof-of-Work (PoW) is valid. However, ZmnSCPxj points out that every rule can be potentially a loophole by which new attacks are possible. ZmnSCPxj then presents a scenario in which a supermajority of miners control 90% of the mining power and decide to increase inflation of the currency by creating a hardfork. The malicious miners can spend +11% of their mining power ensuring that the honest chain never reaches consensus by continuously forking it and then extend their favored chain using the other 79% of the mining power. This produces a scenario in which users are forced to choose between a stable chain that violates a consensus rule and an unstable honest chain that is completely unusable and which never pays out mining rewards. Furthermore, at around height S+9, the minority miners generate an alternate block at height S+1, causing SPV nodes to download blocks S+9 and S+8 on the longer chain, and see nothing wrong with those blocks. This process can go on for a good amount of time, with rare enough inflation events allowing miners to economically lock in the post-hardfork inflation by spending some coinbases on SPV nodes. This highlights the need for fraud proofs and better SPV security measures.
Updated on: 2023-06-13T18:16:38.060122+00:00