-
Notifications
You must be signed in to change notification settings - Fork 210
Uptime incentives in GoS #196
Comments
My expectation is that accumulating stake will be used in censorship attacks. Accumulating stake is phase 1 of winning GoS, phase 2 is executing censorship. We will look at both uptime and stake and strategies used to make recommendations to the ICF on winners. |
3% of un-consequtive missing block(can happen to a decent 3-level sentry architecture validator in remote location like asia with +150 validators around the world) will cost a validator almost 1 day of downtime in 4 weeks. It definiteley encourages remote validators to move in to US territory. Do we really need to move it?? |
When more validators are in the validator set, it will be easier to miss blocks for validators having sentries and relays. If large amount of validators have small value of commit timeout, this is even worse. I have been seeing a lot of blocks time less than 3 seconds. I even see some blocks on |
Actually, occasional missing block does not penalisize the validator in mainnet.(no slashing, no missing rewards) Only GoS does, because of uptime emphasis by Zaki. Security is less important in GoS than in mainnet also. The whole circumstances of GoS incentivize validators to gather around US area with less security architecture. |
@dlguddus I think that Security is also very important in GoS. Someone got DDOS a few days ago on the |
Yes I agree, but it is less important than mainnet. I express it with relativity |
It does feel like uptime and accumulation are being prioritized over security in GoS, particularly related to the downtime hit a sentry architecture will likely take over time. It does seem like short-term decisions made in GoS won't necessarily be the best longer-term decisions for Cosmos longevity. |
@chris-remus Agreed! |
Hi all, sorry, let me clarify what we mean by uptime. By uptime, we're referring to the amount of blocks for which a validator is a bonded validator. Additionally, we will be adjusting the recommended timeout parameters to be sufficiently long so that honest validators will be able to propose blocks with most of the votes, as it should.
Timeout updates for config:
Then, it will be up to the community to figure out who is performing censorship attacks, and to adjust timeouts to be honest, or to participate in censorship attacks. Since the % of precommit votes that get into the blockchain is low (5% within a window of 5000 blocks), it is OK for some censorship to happen. In order for a cartel to successfully censor a validator enough to become unbonded (e.g. "down"), it will require significant round delays, and it should become possible for the community to figure out who is performing this censorship attack. So, this "uptime" requirement is actually the opposite of this thread is worried about...
According to our definition of "uptime", even 94% of evenly spread out missing precommits in the blockchain will result in 0 days of downtime. Sentry away! |
This is super clear ! Thanks Jae ! |
Thanks for clearing this up! |
crystal clear! 🤗 |
The new ruleset states that the GoS incentive will be uptime, not stake:
This creates a strong incentive outside of the Cosmos economics and fundamentally changes the socio-economics of the GoS. By effectively removing the proposer bonus incentive, cartels can censor with (almost) impunity.
We suggest to remove the uptime incentive. Doing so will make the GoS much more useful in validating the Cosmos consensus and economics in an adversarial real-world scenario. Otherwise, the GoS results will not be applicable to mainnet economics.
Let's discuss!
CC @SLAMPER
The text was updated successfully, but these errors were encountered: