Analysis of recent events on the Ethereum Classic network

Source: ETC Core

On July 31, 2020 and August 5, 2020, the Ethereum Classic network experienced two large chain reorganizations. In both cases, individual miners privately generated chain segments of approximately 3,000 and 4,000 blocks, respectively, and then broadcast them to the network. These blockchain segments were valid according to all consensus rules, and are larger than the existing chains they are replacing. Represents the final and decisive arbitration value in the blockchain construction, so under normal circumstances, nodes select these blocks.

Unfortunately, while these blocks were being generated and broadcast, the miner was being fraudulent in external circumstances related to the chain, particularly in its interactions with some cryptocurrency exchange markets.

The miner took advantage of this rare but intended behavior of the blockchain to deceive vendors in the market who were unfamiliar and unprepared for how proof of work worked. He was able to trick them into withdrawing their funds and then use his privately generated chain to invalidate those transactions.

Only markets with inadequate risk management policies are susceptible to fraud.

Miners on the competing chain (the one that was eventually abandoned) lost their previously earned rewards within the reorganized chain segment. Although this forced re-bookkeeping is rare, the same logic on a smaller scale has been executing normally on the blockchain with a regular 5-minute interval.

Just as the Ethereum Foundation endorsed the DAO incident and the subsequent subjective and non-compliant state changes (i.e. protocol-level refunds for usage errors), the current situation was not anticipated by the Ethereum Classic blockchain or network, which had been operating exactly as designed. The unfortunate outcome of the ETC network is entirely due to unprepared blockchain users who were left vulnerable due to a lack of risk management policies.

At the time of writing, the Ethereum Classic (ETC) asset supply is 116,313,299 ETC with a fiat market cap of $835,568,983. The impacted market loss is estimated to be approximately 807,000 ETC, equivalent to approximately $5,600,000, or about 0.7% of the supply.

In comparison, the DAO hacker moved 3.6 million ether (ETH) from the faulty contract, which is 3.2% of the current circulating supply, which is 112,081,212 ETH at the time of writing (the total circulating supply of ETH in 2106 was much lower than it is now). The corresponding loss was worth about $150,000,000 at the time, which would be at least 10 times the loss today.

Finality

This section will briefly explore failed market policies that leave themselves vulnerable to chain reorganization attacks by malicious miners.

For proof-of-work blockchains, the term finality describes the probability of permanence of a given transaction made on the chain. Finality for a PoW chain is shown in the following diagram:

Just as the complexity of ordinary portfolio management is governed by the risk tolerance of investors, the N value represents the risk tolerance of blockchain users regarding the durability (“finality”) of their on-chain transactions.

Like portfolio management, risk represents a measure of potential losses relative to potential gains.

In the context of the cryptocurrency trading markets, let’s quickly explore what this risk means in some specific (albeit general) terms.

First, exchanges are service providers. They connect buyers and sellers and facilitate transactions between them. Doing so requires exchanges to interoperate with custom resources themselves, i.e. process deposits and withdrawals of various currencies. For this service, they typically charge fees to buyers and sellers. In the context of these businesses, exchanges must assume the expected risk profile between buyers and sellers, between each other and between the resources involved.

As can be seen in the above figure, for proof-of-work cryptocurrencies, exchanges must use a value of N that reflects their desired risk profile. Smaller values ​​(shorter confirmation times) provide a faster user experience, potentially attracting more users and making them happy. Larger values ​​of N, i.e. longer confirmation times, cause users to wait longer for deposit and withdrawal approvals, but reduce the risk of exchanges being deceived by the fragile assumption of transaction permanence.

Coinbase, the second largest exchange by volume, reportedly has an ETC confirmation value of 40,000. However, the N values ​​used by the victim exchanges in the above cases must have been smaller than the size of the reorganized chain segment — likely around 3,000 or less [2], which unfortunately demonstrates their vulnerability.

Reports state that the total cryptocurrency market value was $237.1 billion in 2019. In January 2020, some social media reports stated that the annual cryptocurrency spot trading volume was $13.8 trillion. Assuming a spot trading fee rate of 0.5%, this would generate $69 billion in revenue per year.

Immutability FAQ

• Do large reorganizations violate blockchain’s promise of immutability?

No. If blockchain reorganizations violated the immutability promises, they would have been broken since day one of Ethereum, and have been broken every 5 or 10 minutes since then. Reorganizations are simply a practical way for network nodes to update their state databases following the rules of proof-of-work consensus. Large reorganizations are indeed less common than small reorganizations, but follow exactly the same rules.

• Does the latest ETC “Phoenix” hard fork break immutability?

No. The fork introduced new opcodes and repriced some gas costs for EVM operations, modifying the behavior of some existing contracts that relied on hard-coded cost assumptions. The new opcodes were first introduced in the “Homestead” hard fork at block 1,150,000 in March 2016. ETC was created in response to the rejection of the “DAO” hard fork, which introduced subjective state changes, at block 1,920,000 in July 2016. If the introduction of new opcodes and the repricing of EVM operations would break the immutability guarantees, then those guarantees have been invalid since before Ethereum Classic was created. [1]

• What is immutability?

Ethereum Classic’s promise of immutability and its raison d’être means that if the database and network function as designed (without bugs), then the chain state can be expected to be a complete product of the protocol design. This is why the concept of “code is law” is often mentioned frequently, where “code” first refers to the protocol specification (i.e. the yellow paper) and concretizes it into software by association and dual representation.

Therefore, a 51% attack is not inconsistent with the chain or network design, nor does it infringe the promise of immutability. In addition, the concept and meaning of "attack" has nothing to do with the database and network fields, and will only have negative consequences for the failure of risk management policies and usage strategies of blockchain network users.

[1]: Since the Homestead fork (and likely before), contracts that rely on hard-coded gas prices or non-existent opcodes have been vulnerable to these types of intended protocol changes.

[2]: Anecdotal reports indicate that some of the exchanges implicated only use 30 confirmations.