Golden
Nothing-at-stake problem

Nothing-at-stake problem

Nothing-at-stake is a theoretical security issue in proof-of-stake consensus systems in which validators have a financial incentive to mine on every fork of the blockchain that takes place, which is disruptive to consensus and potentially makes the system more vulnerable to attacks.

Proof-of-stake (PoS) is a distributed consensus algorithm that's based on validators (i.e. miners) in a network having an ownership stake in it that gives them an economic incentive to behave honestly so as not to devalue the network and their stake in it. Unlike in proof-of-work based systems, it is not computationally costly for validators to add new blocks to the end of a PoS blockchain.



The nothing-at-stake problem is a theoretical security hole in proof-of-stake systems. The problem can occur anytime there is a fork in the blockchain, either because of a malicious action or accidentally when two honest validators propose blocks simultaneously. 



Whenever a fork occurs, it's in the best self-interest of all of the miners to continue mining both chains. There are two reasons for this:

  • There is no cost to mining, so mining both chains doesn't impact a miner's bottom line.
  • If miners continue mining only one fork and one of the other forks becomes longer, the miners will not profit from any of the time they spent mining the shorter chain. In other words, mining all of the forks ensures that the miner will get their reward no matter which fork wins.



This could potentially make double-spend attacks more feasible. An attacker who wants to attempt a double-spend could do so by creating a fork in the blockchain one block before they spent some coins. If the attacker only mines their fork while all of the other miners act in their best self-interest and mine both forks, then the attacker's fork would eventually become the longest chain even if the attacker only has a small stake in the network. 



There are a few ways that an exploit of a nothing-at-stake security issue might fail:

  • Some miners might recognize that a fork is malicious and chose not to mine on it to preserve the integrity of the network
  • Some miners might act altruistically and only mine 1 chain at a time even if doing so is less profitable
  • Standard mining software will not come with the ability to mine all forks, so miners would need to modify their validation software in order to do so.



However, it is a best practice to assume that miners will always seek profit and act in their own economic interest, so these possibilities are not considered adequate from a network security standpoint.

Addressing the nothing-at-stake problem

Although the nothing-at-stake problem hasn't yet occurred in the real world, it is still an issue that Ethereum developers are addressing in their PoS protocol, Casper.



Rather than having a rudimentary PoS system where people can participate as validators simply by possessing some amount of the network token in a wallet, Casper is what's known as a security-deposit based economic consensus protocol.



This means that nodes who wish to validate transactions must place a security deposit in order to do so. If a validator then produces anything invalid, a portion or all of their deposit is forfeited along with their ability to continue participating in consensus. The security-deposit therefor attaches a cost to being dishonest and makes it in the best economic interest of all of the miners to behave honestly.

Timeline

People

Name
Role
LinkedIn







Further reading

Title
Author
Link
Type
Date

Introducing Casper "the Friendly Ghost"

Vlad Zamfir

Web



Understanding Proof of Stake: The Nothing at Stake Theory

Julian Martinez

Web



Documentaries, videos and podcasts

Title
Date
Link

Nothing At Stake Explained In 4 Minutes

August 12, 2015

Companies

Company
CEO
Location
Products/Services









References