A low-profit Tezos attack could have long-term implications for Proof-of-Stake blockchains

Will Foxley from CoinDesk breaks down how a recently discovered low-profit "selfish-mining" attack on Tezos could have more significant implications on Proof-of-Stake (PoS) networks. A then-Harvard researcher discovered Tezos' vulnerability to selfish-mining like attacks, as chronicled in the academic article Selfish Behavior in the Tezos Proof-of-Stake Protocol, following the Babylon 2.0 upgrade in Oct. 2019. At a high level, current Tezos bakers can create their own invalid blocks to earn both the associated block and endorsement rewards, an attack that can continue if undetected.

What's stopping validators from taking advantage of this loophole? The net payout is insignificant, and bakers risk losing their staked funds if caught. Further, the Tezos network can address the issue through its on-chain governance model. But even though the short-term threat is minimal, the Tezos team acknowledges these findings could pose a more serious long-term danger if overlooked.

Why it matters:

• The finding highlights how research on PoS design and attack vectors is still in its early stages, especially with so few examples in a live, adversarial environment. Despite a limited number of working models, a healthy handful of PoS projects plan to launch within the next 12-18 months, which heightens the impact of seemingly innocuous design choices. Fortunately, groups like the Tezos Foundation and the Ethereum Foundation continue to fund new and ongoing research efforts into PoS mechanisms.
  

• Projects know even less about the challenges surrounding token-weighted, on-chain governance systems like Tezos, particularly concerning patching bugs similar to selfish-validating. Theoretically, it would be in a validator's interest to keep selfish behavior like this intact - though systems like Tezos disincentivize bakers from ignoring the requests of other stakeholders. But voting power continues to concentrate as crypto exchanges launch in-house staking services. As Nic Carter notes, "whether this impairs the censor resistance of the protocol – that's an interesting question we will grapple with soon."
  

Let us know what you loved about the report, what may be missing, or share any other feedback by filling out this short form. All responses are subject to our Privacy Policy and Terms of Service.