Ethereums claims of decentralization are ringing ever more hollow due to the networks lack of client software diversity, an overreliance that could pose an existential threat to ETH stakers.
Last weekend, around 8% of Ethereumproof-of-stake(PoS) transaction validators suddenly beganproducing invalid blocksdue to a critical flaw in the Nethermind client software. The issue followed the release ofNetherlands v1.23.0 update, requiring a frantic patch to get these network nodes back in business.
While the order was eventually restored, a similar scenariobefell the Besu client earlier this month. Besus share of the Ethereum execution client market was around 5% at the time and has since fallen to 4%.
Ethereum watchers soon warned that the fallout could be catastrophic if/when a similar situation impacted the Geth (Go Ethereum) client. Geth accounted for around 84% of network execution clients at the time of the Nethermind bug, but a concerted effort to sound the eggs in one basket alarm has sincepushed this down to a mere 79%.
Geth is client software developed by the Ethereum Foundation that supports network functions like transaction validation and smart contract execution. Geth is generally considered a more robust option than its rivals, which, along with the Foundations stamp of approval, is why it accounts for such an outsized market share.
Regardless, such a high concentration level would be problematic in any sector. But in an industry so prone to probing by malicious actorsparticularly those adept atsoftware supply chain attacksits a recipe for disaster.
A Geth failure would bring Ethereum finalization to a screeching halt, but as Labrys developerLachlan Feeneyrecentlysuggested, this vulnerability could also result in the loss of the majority of the roughly 29 million ETH currently staked by validators.
Because validators are penalized for being offline, an inactivity leak could rob validators of two months worth of staking rewards in just two days. Should the downtime extend for five days, a years worth of rewards would be lost. A weeklong outage could cost validators 10% of their staked ETH, while 90% of that stake could be lost if the outage extends to six weeks. While such a prolonged outage may be unlikely, its also not impossible.
Geth-based validators would likely stampede for the exits rather than watch their stake bleed away to nothing. But theyd get caught in a logjam of similarly minded validators, all of whom would continue bleeding ETH as they wait their turn to disembarkthis sinking ship. Given the sheer number of Geth-based validators, this bottleneck could mean that only one in 12 could exit with more than 50% of their stake.
Fork me
The potential repercussions of a serious Geth bug dont stop there. Should a Geth-based validator produce an invalid block, Geths domination of the network could result in this invalid block being added to the chain, resulting in a fork that would quickly become the dominant chain. Geth validators would be blocked from the valid chain until the smaller chain is finalized.
As Feeney put it, Because the Geth validators are stuck on the invalid chain, they are considered inactive on the non-Geth chain and will suffer the inactivity leak. No software update or bug patch to Geth will save these validators. They will be bled out until their stake represents < of the network, allowing the non-Geth chain to finalize.
Feeney estimates that this bleeding could result in an 18% reduction in the total supply of ETH. (Thats definitely one method of creating artificial scarcity and thus losing the tokens fiat value.)
Feeney offered this warning: Staked ETH is not risk-free yield. Would you invest a minimum of $75,000 USD [the rough value of the 32 ETH required for serving as a validator] into an instrument where the maximum potential gain is 3.5% p.a. but the potential for loss is 100% (even if that loss is unlikely)? Probably not, but this is what 84% of the Ethereum stakers are doing today.
Lido shuffle
Retail users lacking the 32 ETH necessary to stake on their own have several options for pooling their resources, but staking via a service wont necessarily protect them from the potential carnage described above.
Lido Finance, the largest staking service with around 9.4 million ETH staked, relies on Geth for most of its operations. On January 23, Lidostated that its preliminary Q4/23 data put Geth usage across Lido protocol validators at 67%, down from 76% in Q3/23 and 93% in Q3/22. Lido said client diversity is fundamental to its mission to decentralize Ethereum.
Lido added that its Lido DAO (decentralized autonomous organization) node operators are afforded high degrees of autonomy, but they have already begun to signal their commitments to reduce majority client usage, or explain how their setups avoid the possibility of being affected by supermajority bugs.
Coinbase has a plan to make a plan
TheCoinbase(NASDAQ: COIN)exchangehas faced similar queries this week about its reliance on Geth. On January 22, CEOBrian Armstrongpersonally responded to a Coinbase customer whotweeted that they had unstaked all of the ETH I had staked with you since you offered it as a service. The user added that this single client staking setup made it not worth the risk of losing a large percentage of my deposit. Armstrong replied: Taking a look.
Later that day, the Coinbase Cloud accounttweeted that when it launched its ETH staking service, Geth was the only client that met our technical requirements. Coinbase claimed that execution client diversity is a critical concern, and thus, it was conducting an updated technical assessment with the goal of adding another execution client to our infrastructure. Coinbase promised to provide an update on its progress by the end of February.
Not everyone found this reassuring, with at least one customersuggesting that the situation wasnt a review and plan kind of phase. This is take serious and urgent action, with informed customers phase. Coinbase was urged to set up an insurance fund or allow us to opt in to other clients because the risk of supermajority failure is a *bigger* risk to your customers than minority client failure.
This probably wasnt the best week for Coinbase to runa sponsored post on Decrypt promoting the claim that its staking service aims to be a one-stop shop for crypto staking. One stop, one point of failure Synergy!
Coinbase rival exchangesBinance,Kraken, andBitfinex (among others) also rely solely on Geth to power their staking services. However, they have kept quiet regarding any plans they may have to inject a little diversity into their operations.
All in one
Decentralization theater has been Ethereums stock-in-trade from its inception, starting with the Ethereum Foundations oversight-bereft crowd sale that delivered the majority of ETH into the hands of a few whales. This concentration of wealth and power continues to this day via the PoS consensus mechanism thatfurther enriches the whales who can afford to run multiple validators.
This centralization was recently cited by the U.S. Securities and Exchange Commission (SEC) as part of the reason it was delaying decisions on applications to offer Ethereum spot-basedexchange-traded funds(ETF). BlackRock, Grayscale Investments, and Fidelity are among those chomping at the bit to offer Ethereum ETFs to the public following the launch of multipleBTC spot-based ETFs earlier this month.
In approving those BTC ETFs, SEC chairman Gary Gensler stressed that the decision was limited to one non-security commodity (BTC) and should in no way signal the Commissions willingness to approve listing standards for crypto asset securities. Gensler, who has previously stated his belief thatETH is an unregistered security, reiterated his dont expect ETH ETF approvals anytime soon message earlier this week.
On Thursday, the SEC posteda list of ETH-related questions for public comment before making any ETF decision. For instance, the SEC wonders if there are particular features related to ETH and its ecosystem, including its proof of stake consensus mechanism and concentration of control or influence by a few individuals or entities, that raise unique concerns about ETHs susceptibility to fraud and manipulation?
Interested parties are instructed to submit their comments within three weeks. Just remember Ethereum Foundation members, you have to at leasttry to make it look like theyre not all coming from the same address.
FollowCoinGeeks Crypto Crime Cartelseries, which delves into the stream of groupsfromBitMEXtoBinance,Bitcoin.com,Blockstream,ShapeShift,Coinbase,Ripple, Ethereum,FTXandTetherwho have co-opted the digital asset revolution and turned the industry into a minefield for nave (and even experienced) players in the market.
New to blockchain? Check out CoinGeeks Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
Visit link:
Ethereum's decentralized mantra in tatters after execution of client bug - CoinGeek
Read More..