Suppose I stake enough ETH to create a fork that passes muster (which may include quite a bit of inactivity penalties for the honest folks, etc). Then I validate honestly, withdraw my stake, and launder those ETH for different ETH.
Now I make my anachronistic fork. I use those same private keys, invent inactivity penalties for everyone else, etc.
This fork is of dubious value. If I publicize it, anyone can prove that cheating happened, although I can’t actually be slashed because, on the real chain, I’ve already withdrawn and, on my chain, I won’t slash myself. Anyone who looks at (centralized!) websites will know my chain is fake. Anyone who sees both chains will clearly know that funny business happened.
But perhaps I can fool a node that was simply offline during the attack. As far as a regular node is concerned, both chains are a bit funny — slashable votes occurred. But I can probably fudge my chain so it wins over the real chain, and I can potentially attack my victim node.
The best part of this attack is that it cost essentially nothing. The computing resources I used are negligible. I spent 0 ETH, although I needed access to some private keys that required having money at some point to obtain.
At least with PoW, I need a lot of hashing to do this.
Sure, the L0 consensus means I’m unlikely to be able to double-withdraw $10bn from a pair of exchanges, but that’s a pretty weak argument for using Ethereum over a centralized system.
Suppose I stake enough ETH to create a fork that passes muster (which may include quite a bit of inactivity penalties for the honest folks, etc). Then I validate honestly, withdraw my stake, and launder those ETH for different ETH.
Now I make my anachronistic fork. I use those same private keys, invent inactivity penalties for everyone else, etc.
This fork is of dubious value. If I publicize it, anyone can prove that cheating happened, although I can’t actually be slashed because, on the real chain, I’ve already withdrawn and, on my chain, I won’t slash myself. Anyone who looks at (centralized!) websites will know my chain is fake. Anyone who sees both chains will clearly know that funny business happened.
But perhaps I can fool a node that was simply offline during the attack. As far as a regular node is concerned, both chains are a bit funny — slashable votes occurred. But I can probably fudge my chain so it wins over the real chain, and I can potentially attack my victim node.
The best part of this attack is that it cost essentially nothing. The computing resources I used are negligible. I spent 0 ETH, although I needed access to some private keys that required having money at some point to obtain.
At least with PoW, I need a lot of hashing to do this.
Sure, the L0 consensus means I’m unlikely to be able to double-withdraw $10bn from a pair of exchanges, but that’s a pretty weak argument for using Ethereum over a centralized system.