RFC-001: Mining threat model: botnets, pools, cloud CPUs, GPU/ASIC risk

[timothytlewis]

Summary

Define the public threat model for BrowserCoin mining centralization risks before proposing protocol changes.

Problem

CPU-accessible browser mining is inclusive, but the same openness can be scaled by botnets, hosted CPU fleets, coordinated pools, headless browsers, and specialized hardware research.

Current behavior

BrowserCoin mining runs in-browser with Web Workers and Argon2id proof of work. Local nodes validate blocks and select heaviest cumulative work. Current design should be evaluated as CPU-democratic, not botnet-proof or pool-proof.

Threats covered

• botnet mining
• large mining pools
• cloud CPU farms
• GPU/ASIC/FPGA acceleration
• headless-browser mining automation
• 51% reorgs and censorship
• selfish mining and pool withholding at a high level

Non-goals

• do not add KYC, CAPTCHA, proof-of-IP, ASN filters, or trusted miner allowlists as consensus rules
• do not attempt to distinguish morally honest CPUs from compromised CPUs at consensus level
• do not publish concrete attack recipes in this discussion

Options

• document risk and monitor concentration first
• benchmark current PoW before changing parameters
• research decentralized-pool compatibility instead of trying to ban pools
• defer consensus changes until data exists

Tradeoffs

Aggressive anti-bot or anti-pool rules can centralize the protocol faster than the attacks they aim to prevent. Measurement and transparency are safer first moves than hard-forking PoW based on intuition.

Proposed next step

Agree on threat model language and what risks belong in public docs versus private disclosure.

Open questions

• What mining device baseline should remain viable?
• Is mobile mining a launch goal?
• What concentration signals should the UI expose?
• What level of pool compatibility is acceptable?

Promotion criteria

• maintainer agrees on threat model scope
• non-goals are accepted
• follow-up issues are split into benchmark, telemetry, docs, and simulation tasks

Security Disclosure Reminder

Please do not post active exploit details, key-theft paths, denial-of-service recipes, bypass instructions, or live attack procedures in this public thread. Keep discussion at the architecture, threat-model, design-tradeoff, and roadmap level. If you believe you found a concrete vulnerability, use GitHub Private Vulnerability Reporting if enabled, a maintainer-provided SECURITY.md contact path, or a minimal public request for private contact without technical details.