Original title:Don’t overload Ethereum’s consensus

Original Author: Vitalik Buterin

Original title:Original Author: Vitalik ButerinThe consensus of the Ethereum network is one of the most secure cryptoeconomic systems currently available. value18 million ETH(about $34 billion) validators complete a block every 6.4 minutes, running many

different protocol implementations

• Over the years, there have been many ideas, often at the thought experiment stage, that the Ethereum validator set and even Ethereum social consensus could be used for other purposes:proposalThe ultimate oracle: just one itemSchellingCoinproposal

• In terms of , users can vote on which things are true by sending ETH, which will useEigenLayerMechanism: Everyone who sends ETH to vote for a majority answer gets a proportional share of all ETH that sent a vote for a minority answer. According to its description: "So in principle this is a symmetrical game. What breaks this symmetry is that a) the truth is a natural point that needs to be reconciled, and more importantly b) people who bet on the truth can create a Credible Ethereum fork route."

• Re-pledge: includingA set of techniques used by many protocols including Ethereum, Ethereum stakers can simultaneously use their stake as a deposit in another protocol. In some cases, their deposits can also be forfeited if they do not comply with other agreements. In other cases, there are no in-protocol incentives and stakes are simply used for voting.。

L2 project recovery driven by L1: In many cases, if L2 has a bug, L1 can recover it by forking. A recent example is

A design that uses L1 soft forks to recover from L2 failuresThese suggestions are usually well-intentioned, so the goal is not to focus on individuals or projects; instead, our goal is to focus on technology. The general rule of thumb that this post will attempt to defend is the following:

Dual validator-staked ETH is fundamentally viable, although it has some risks, but trying to "recruit" Ethereum social consensus for the purposes of your application itself is not.

secondary titleExample of the difference between reusing validators (low risk) and overloading social consensus (high risk)

- Alice created a Web3 social network, and if you cryptographically prove that you control the keys of an active Ethereum validator, you automatically get "verified" status.This is low risk.

- Bob cryptographically proves that he controls the keys of ten active Ethereum validators, thereby proving that he is wealthy enough to satisfy certain legal requirements.This is low risk.- Charlie claims to have overturnedtwin primes conjecture

(twin primes conjecture), and claim to know the largest p such that both p and p+2 are prime numbers. He changes his pledge withdrawal address to a smart contract where anyone can submit a purported counterexample q > p, and a SNARK proving that both q and q+2 are prime. If someone makes a valid claim, then Bob's validator will be forced to quit, and the submitter will get Bob's remaining ETH.This is low risk.

- Dogecoin decided to switch to proof-of-stake and increase the size of its security pool, which allows Ethereum stakers to "double-stake" and join its validator set at the same time. To do this, ethereum stakers had to change their staking withdrawal addresses to a smart contract so anyone could submit proof that they violated Dogecoin staking rules. If someone submits such a proof, the staker's validator will be forced to quit, and their remaining ETH will be used to buy and burn DOGE.This is low risk.

- eCash is doing the same thing as Dogecoin, but the project leaders further announced that if the majority of participating ETH validators collude to censor eCash transactions, they expect the Ethereum community to hard fork to remove these validators. They argue that it is in Ethereum’s interest to do so, as these validators have proven to be malicious and unreliable.This is high risk.

- Fred created an ETH/USD price oracle whose function is to allow Ethereum validators to participate and vote. There is no incentive mechanism.This is low risk.

- George created an ETH/USD price oracle that functions to allow ETH holders to participate and vote. To prevent laziness and bribery, they added an incentive where participants who gave answers within 1% of the median get 1% of ETH for any participant who gave answers above 1% of the median. When asked "If someone credibly offered to bribe all participants, and everyone started submitting wrong answers, would the honest people get 10 million ETH?" Do not fork to exclude funds from bad actors.

• This is high risk.The other two situations are as follows:George obviously didn't answer.

• This is medium to high risk(Because projects may create incentives to try such a fork, and thus there will be an expectation to try, even if there is no formal encouragement).George replied: "Then the attacker wins, and we give up using this oracle."

This is low to medium risk(Not "low", just because the mechanism does create a large pool of actors who, in a 51% attack, might be incentivized to independently advocate a fork to protect their deposits).。

- Hermione created a successful Layer 2 and believes that because her Layer 2 is the largest, it is inherently the most secure, because if there is a bug that causes funds to be stolen, the loss will be so great that the community There is no choice but to restore users' funds through a fork.

this is high riskIf you are designing a protocol where even if everything breaks completely, the loss will be contained in the validators and users who choose to participate and use your protocol, which is low risk. On the other hand, if you intend to seek a fork or reorganization to solve your problems within the broader Ethereum ecosystem social consensus, this is high stakes, and I think we should strongly resist all attempts to create that expectation.Technologies of the SchellingCoin class

, especially the severe penalty mechanism for deviation from the majority, is a prime example.

secondary title

So what exactly is wrong with scaling Ethereum consensus?

Let's say it's 2025. Frustrated with the status quo, a group decided to develop a new ETH/USD price oracle, which works by allowing validators to vote on the price every hour. If validators vote, they will unconditionally receive a portion of the fee rewards from the system. But soon actors get lazy: they connect to centralized APIs, and when those APIs come under cyber attack, they either quit or start reporting wrong values. To solve this problem, they introduced an incentive mechanism: the oracle also votes retrospectively on the price from a week ago, and if your vote (real-time or retroactive) differs by more than 1% from the median of the retrospective votes, you will Heavily punished, the proceeds of the punishment will go to those who voted "correctly".

Within a year, over 90% of validators participated. Someone asked: What if Lido, along with several other large stakers, ganged up and 51% attacked the vote, forcing a fake ETH/USD price through, and imposing heavy fines on everyone who didn't participate in the attack? At this point, proponents of oracles, who have invested heavily in the scheme, replied that if this happened, Ethereum would definitely fork to drive out bad actors.

At first, the scheme was limited to ETH/USD and appeared to be resilient and stable. But over time, other indices have followed suit: ETH/EUR, ETH/CNY, and eventually interest rates across all G20 countries.

At that time Brazil had a CBDC with two forked versions: (Northern) BRL-N and (Southern) BRL-S. 60% of Ethereum stakers offer the ETH/BRL-S rate when voting in the oracle. Major community leaders and businesses condemned stakers’ cowardly capitulation to fascism and suggested forking the blockchain to only include “good stakers” who offered the ETH/BRL-N rate and drain the balances of other stakers to close to zero. In the seemingly glamorous public opinion bubble, they believed that they would definitely win. However, once the fork opened, the BRL-S side proved surprisingly strong. They had expected a landslide victory, but it turned out to be almost a 50-50 community split.

At this point, the parties are on two chains in two separate universes, with no practical way to get back together. Ethereum, a global permissionless platform created in part to hide from states and geopolitics, ended up being split in half by a G20 member state with unexpectedly serious internal problems .

secondary title

This sci-fi story is so good it could be made into a movie, but what can we learn from it?

• The "purity" of the blockchain is a huge advantage, as it is a purely mathematical construct that attempts to achieve consensus on purely mathematical problems. Once the blockchain tries to "peg" with the outside world, conflicts in the outside world also start to affect the blockchain. Considering a political event that is extreme enough - and actually not that extreme, as the above story is basically a parody of what actually happened in every major country (population over 25 million) over the last decade - even something like a monetary prophecy Even something as benign as a machine can tear a community apart.

• Here are some more possible scenarios:

• One of the currencies tracked by the oracle (maybe even the US dollar) is just hyperinflation where the market collapses to the point where there is no clear specific market price at some point in time.

Which price to report as the legitimate market price between the two currencies becomes a political question if strict capital controls come into effect.

But more importantly, I think there is a Schelling fence at play: once a blockchain starts incorporating real-world price indices as a Layer 1 protocol function, it can easily succumb to interpreting more and more real-world information. The introduction of a Layer 1 price index also expands blockchain’s legal attack surface: it ceases to be just a neutral technology platform and more explicitly becomes a financial instrument.

secondary title

Any expansion of the Ethereum consensus "responsibilities" increases the cost, complexity and risk of running validators. Validators are required to take on the manual work of watching and running and updating other software to ensure they function correctly according to any other protocols introduced. Other communities gain the ability to place their dispute resolution needs outside the Ethereum community. Validators and the Ethereum community as a whole are forced to make more decisions, and each decision risks causing the community to split. Even without a split, the desire to avoid this pressure creates an additional incentive to externalize decisions to centralized entities through staking pools.

The possibility of a split would also greatly reinforce the anomalous "too-big-to-fail" regime. There are so many layer 2 and application layer projects on Ethereum that it is impractical for the Ethereum social consensus to be willing to fork to solve all the problems. Therefore, larger projects are necessarily more likely to be bailed out than smaller projects. This in turn leads to moats for larger projects: would you rather put your coins on Arbitrum or Optimism (if something goes wrong, Ethereum will fork to save everything), or on the smaller Taiko ( non-western project, less socially connected to core dev circles, much less likely to get L1 support rescue)?

secondary title

In my opinion, the best solutions to these problems are case-by-case, since the various problems are inherently different from each other. Some solutions include:Decentralized Oracles for Incomplete Encryption Economy- Price oracle: either

Decentralized Oracles for Incomplete Encryption Economy- more complex truth oracles, reporting more subjective facts than prices: something built onA decentralized court system on the Internet.

Incomplete encryption economy DAO

• A decentralized court system on the Internet.

• - Layer 2 protocols:In the short term, rely on some training wheels (this article calls it Phase 1)In the middle, rely on

• Multiple Proof System

. Trusted hardware (eg: SGX) can be included here; I strongly discourage SGX-like systems as the only security, but they can be valuable as members of a 2-of-3 system.

In the long run, hopefully, complex features like "EVM verification" will eventually be incorporated into the protocol.- Cross-chain bridge: Similar to oracle logic, but also minimizes reliance on cross-chain bridges: keep assets on their native chains, and use atomic swap protocols to move value between different chains.- Use the Ethereum validator set to secure other chains: abovevalidium. If a chain does this, its protection against finality reversal attacks becomes as strong as Ethereum's, and it's safe against 99% (instead of 49%) censorship attacks.

Summarize

secondary title

SummarizeThe social consensus of the blockchain community is fragile. This is necessary — because upgrades will happen, bugs will happen, and 51% attacks are always a possibility — but because it has a high risk of causing chain splits, it should be used with caution in mature communities. There is often a natural urge in the community to try to extend the core of the Ethereum blockchain with more and more functionality, since that core has the greatest economic weight and the most community attention, but each such extension makes the core itself more complex. Fragile.We should be wary of application layer projects taking actions like this -

These actions may increase the blockchain consensus "scope" rather than validating Ethereum's core protocol rules.