Waivio

Theory: How to side-step soft-consensus

27 comments

inertia493.564 years agoPeakD3 min read

I believe both 0.22.2 could, and 0.22.888(8) can, be side-stepped given the right shuffle round formation. Let's assume we have two subsequence rounds, first A, then B:

Shuffle Round AShuffle Round B
1jayplay.witnesscryptoking777
2matreshkasteemhunt
3bukiohoasen
4rlawlstn123zzan.witnesses
5triple.aaafuture.witness
6justyymaiyude
7steemhuntbukio
8parserlawlstn123
9ocd-witnesssegye.witness
10menacamelsteem-dragon
11segye.witnessmatreshka
12dev.supportersklye
13skuld2000.witparse
14zzan.witnessesdev.supporters
15maiyudetriple.aaa
16future.witnessjustyy
17hoasenindo.witness
18indo.witnessskuld2000.wit
19hinomaru-jpmenacamel
20steem-dragonjayplay.witness
21cryptoking777hinomaru-jp

Let's also assume that the block signed by witness A-21 (cryptoking777) and B-1 (cryptoking777), is not applying the softfork logic.

They need not be the same witness, but in this example they are. This means that a transaction containing a censored operation would be accepted by two distinct rounds, and thus irreversible.

This means, in order to find this kind of shuffle formation, someone who wants to side-step the majority softfork logic only needs to broadcast the desired operation roughly every 126 seconds (two 63 second rounds).

If A-21 accepts the transaction, they return a trx_id. The broadcaster keeps track of this trx_id and checks after the next round if it becomes irreversible. And it would become irreversible if B-1 produces a block that agrees with A-21.

In a nutshell: Do one broadcast in one round then check if the transaction persists the next round. Repeat. Eventually, you might find the correct pair of sequential shuffle rounds.

Questions:

Was this possible in 0.22.2?

Yes. I believe this was possible in both softforks. There's no fundamental difference between them, other than the list of accounts.

Does this mean the exchanges weren't needed to overpower 0.22.2?

I believe so.

Why didn't you post about this back in 0.22.2?

In that scenario, only Steemit, Inc. was affected by this, so it wasn't potentially a widespread issue that warranted a post. I was already in hot water for my opinions. I wasn't about to "take their side" on this over a theory.

I also did talk about this openly, off-chain, if it came up. It never came up between me and anyone at remaining at Steemit, inc.

Is it possible to verify the code against the version being signaled?

No. A witness can report a version that they do not run depending on their skill or access to someone with the required skill.

Comments

Sort byBest