Steem blockchain multivote security vulnerability
Steem blockchain has been purposefully designed with 30for1 or multivote security vulnerability.
In essence, multivote vulnerability centralizes blockchain and poses security risks, blockchain disruptions and loss of funds.
Description
Each steem power (SP) owner can cast 30 votes on witnesses, i.e. choose up to 30 representatives. Simplifying, 1 SP allows casting 30 Sp worth of votes. At first, it looks as it allows to cast votes on more representatives (witnesses) and helps to decentralize blockchain, but in fact, it allows for an individual or a small coalition to govern the blockchain with a minority stake.
Exploitation
The most distinctive use of the exploit was steem blockchain hijack carried out on the first week of February 2020, when apparently customers funds were used by Poloniex, Binance & Huobi exchanges to change all 20 top Steem witnesses; new witnesses run a new 0.22.5v software, freed ninja mined tokens purchased by the Tron owner, destabilized blockchain and disrupted hundreds of services. New witnesses also provided not up to date price feeds. We can assume multivote vulnerability was previously used by some established witnesses to their advantage, either willingly or unconsciously.
Mechanics
Let's assume A ownes stake worth 10, B stake 4, C stake 4, D stake 4, E stake 3, and F stake 1.
We choose 3 primary representatives {W1, W2, W3}, who hold the true power and a number of reserve ones. Each vote can be used 3 times, i.e. 3 representatives (witnesses) can be voted). The rule allowing to vote 3 times with each voting unit leads to centralization of the power:
Either dictator A or a coalition {B, C, D} takes all 3 primary witnesses. If B, C, D... cannot form a coalition, A takes all spots, despite B, C, D... having the majority of votes. If B, C, D... can find an agreement and form a coalition, A, despite having almost 40% of votes, will have no representatives. This holds true whether we choose 3 or 20 primary witnesses, as long as we have more vote uses than number of primary witnesses, i.e at least 3 (as in the above example) or 20 uses (as in steem blockchain, where we have 30 uses) for each vote.
Solution
A simple solution is to allow only one use for each vote (SP, voting power). This allows more parties to have representatives and promotes decentralization.
Now A can divide his stake into two parts, but, even if B, C, D... are in disagreement, he cannot take full control of the blockchain. (top table). If B, C, D... can form coalitions, they can choose a majority of representatives (witnesses), in line with the majority of stake they own. Still, A cannot be easily pushed out and can still have his representative.
Conclusion
Steem blockchain multivote security vulnerability allowed for serious disruptions of blockchain governance & functionality in February 2020. Removal of voting redundancy will prevent oligarchy or dictatorship ruling of the blockchain and will allow further decentralization. One account must be allowed to vote only one witness.
Leave Steem blockchain multivote security vulnerability to:
Read more #palnet posts
Best Posts From hotbit
We have not curated any of hotbit's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From hotbit
- OpenAI, write a funny poem about gridcoin and why it's awesome
- Why Gridcoin community is awesome?
- Nothing
- Nothing
- Multi Leagues - Divisions & Rewards
- An open letter to Pope Francis
- Solution for preventing bots playing level 1 cards from farming rewards and diluting DEC & cards value
- Multi league format proposal for Splinterlands battles - feasibility
- Steem blockchain multivote security vulnerability
- Are blockchains decentralized? Do exchanges rule the stake governed blockchains?
- New league format proposal for Splinterlands battles
- JustinSun AMA - first impression and conclusions
- Reminder - RUDEX.GRC delisted
- Common account for DEC generation @knightsunited guild
- Market Making vs HODL. Short Profitability Review. Part 2.
- Attack or defense?
- No 42 as a sum of three cubes - problem solved using the power of grid computing
- Market Making vs HODL. Short Profitability Review.
- Market Making for Buildteam Token
- Market Making Profit Estimations on bitshares and Steem-Engine Markets - (Staggered Orders)