Why delegated-type proof-of-stake is unsustainable

This was adapted from this thread which was removed because of technically breaking some rules. It’s reproduced here to be easier to read and share without javascript, among other reasons.

Originally written by /u/Liberosist on reddit. But fuck 2021 reddit.

Essentially, a delegated-type proof-of-stake consensus mechanism is one where the chain is validated by a smaller cabal of entities on the behalf of many others. In this setup, you run a validator, and need to canvass for delegations from other stakeholders, and your validation duties are decided by how much stake votes for you. As you might have guessed, this includes pretty much all smart contract chains, including Cosmos, Cardano, Solana, Tron, EOS etc. albeit with significant variations. Here, I’ll explain why all of these chains might be ticking time bombs. I try to keep my posts as simple as possible, but this topic is very important to me and very few seem to be talking about it, so I’ll go into more details. It’s very hard to be succinct here because there’s just so much so wrong with delegated-type proof-of-stake consensus mechanisms. Please note that this is still a personal rant, rather than a research piece. I don’t expect anyone to read this or do anything about it, and delegated-type proof-of-stake chains will continue to be the norm, but I must get this off my chest.

But first, a bit of personal context. I debated about including this bit, but I thought it’d be interesting. One of my interests in this space was I always believed proof-of-work to be unsustainable long term. This is why I first got interested in BitShares (the first dPoS chain), and later was heavily involved in the Steem community (the second dPoS chain). I always knew this consensus mechanism was highly centralized, but it was a straight up trade-off. They used a fraction of energy, silicon and other resources, enabled 3 second block times and 1,000 TPS in 2015, all of which is something most chains still can’t do today. Some may recall Steem was the #3 project in mid-2016 and in the top 10 for most of the year.

In 2016 I co-founded a DAO (shout out to Curie folks, still going strong!) that went on to run a consensus witness (top 20) on Steem. While no one knows about it, I’d claim Curie was one of blockchain space’s first successful DAOs (ironically, it was formed right after TheDAO melted down), and had built up seven figure holdings within a year or so (a lot of which evaporated in the bear market…). In 2017, I walked away from Curie and Steem when I realized that, actually, delegated proof-of-stake was not the solution. The trade-offs were not worth it. Indeed, the eagle-eyed might find hundreds of comments from me in 2016-17 heavily criticizing Steem and its consensus mechanism, on Steem itself. I wasn’t the only one, of course, but our criticisms went largely ignored, to devastating consequences.

In March 2020, Justin Sun acquired Steemit Inc - chief developers of Steem - and his first action was to get CEXs to collude and take control over Steem. He succeeded, and to this day, as far as I’m aware, Steem remains under attack. There has never been a greater failure of consensus mechanisms in blockchain history. I’ll note that the original Steem community forked away to Hive, but this is not a solution. What was once the #3 project behind only Bitcoin and Ethereum is ostensibly split up into two (and actually, multiple other smaller forks) at #220 and #260. Anyway, my point is that I’m probably the only person in the world that ran a consensus validator on a delegated-type chain and voluntarily walked away from it, so I do think I offer a unique perspective here. I know Vitalik has commented on the Steem attack multiple times, but he wasn’t an integral part of the Steem community, and missed some of the nuances that I observed.

EOS and Tron were the last chains to share the Graphene-lineage from BitShares and Steem. Starting with chains like Cosmos and Tezos, they significantly improved on the dPoS concept. Of course, due to the stigma associated with dPoS, they started calling them just “proof-of-stake”. Call it whatever you will, the fact is these remain delegated-type proof-of-stake chains. I’d rather just call them delegated instead of delegated-type, but I’d rather avoid the ire of shills of those chains. As an aside, correct me if I’m wrong: Binance can take over the Tron blockchain and its $30B in USDT at any time they want.

Anyway, here are the improvements made by modern delegated-type chains, and why I contend it’s still a terrible idea:

Plutocracies and cabals - not trustless or permissionless

The first thing was to increase the consensus validator count from 20-30 to a few hundred or perhaps removing limits entirely. This is definitely a big step forward, but it doesn’t really address the issue that delegations are nothing but popularity contests or plutocratic elections. Whether you have 20 consensus validators or 1,000: the most popular few dozen to a hundred validators will always garner the most votes. And these validators can absolutely collude to form cabals. In most (but not all) delegated-type chains, They have nothing (or relatively very little) at stake and nothing (or very little) to lose - they are just abusing stake delegated to them from others. As such, this is not actually PoS, but more like Poos - proof-of-others’-stake.

The average validator has no chance, few if any would vote for them. If you run a CEX, are a popular influencer, or know a bunch of whales, you win, everyone else loses. It’s absolutely not a trustless and permissionless system: you’re trusting the whales to elect the right validators, require their permission to validate the network on an even playing field, and the whales are then trusting the validators. Granted, as the token distribution decentralizes, the first bit becomes less problematic, but at this point most delegated-type chains also have very centralized token distributions where a supermajority of validation is undertaken by a small cabal of validators and whales. Given that many of these chains have very centralized token distributions, all you need is a few validators to convince a few whales, and the chain is yours.

This gets worse and more centralized over time, as the top validators and their delegators grow their relative holdings. Cardano has a bizarrely naïve mitigation for this with the saturation limit, but this has proven to be utterly useless. You can’t prevent sybil attacks. Case in point: Binance runs over 70 fully saturated validators. If anything, this just makes things more centralized as regular stakeholders have more cognitive overhead to figure out which validator of many held by a single entity to vote for; while centralized entities like Binance can easily automate this process, spinning up as many validators as they want, self-voting for themselves. Fortunately, other chains have avoided this trap, but my above point holds: plutocratic elections where the winners are paid to consolidate their dominance is plain abysmal.

Bribery markets

One of the biggest issues with earlier dPoS chains were that validators could just bribe delegators to vote for them, creating a market of bribery. The second innovation these newer chains made was to “pre-bribe” delegators. It’s been marketed nicely as “staking rewards”, but make no mistake: it’s merely just a bribe to keep you in check, so you’d not accept bribes directly from validators. Of course, validators are free to create a secondary bribery market over and above this, from their own rewards, but it does help. The other problem was that there was limited incentive to delegate your stake. With incentivizing delegations, much more of the stake is now delegated. This makes newer delegated-type chains significantly more secure.

Harsh recovery from attacks

It’s definitely much more difficult to attack a modern delegated-type chain for the reasons stated above, but it’s still possible. Now, different delegated-type chains have different methods and I’ll acknowledge some which do things better than others later, but let’s consider the typical delegated-type chain like Cardano. If you do manage to attack a typical delegated-type chain like this, it’s lost forever. The only recourse then becomes a massive social coordination effort.

High inflation, economically unsustainable

For a delegated-type chain to operate sustainably, you have to both keep your stakeholders bribed, and your validators incentivized. This means very high inflation rates, typically above 10%. Talk about crypto being an inflation hedge to fiat - these delegated-type chains are even worse. They’ll claim that the plan is to reduce inflation rates over time, but actually, that’s not how it works. Delegators will stop accepting the pre-bribes if the inflation rate falls below a certain level. Worse still, if the high-TPS delegated-type chains actually gain the activity they claim, it’ll be very expensive to run validators over time, as state bloat bites hard. Validators would need serious incentives over a long term. Of course, the token’s price will also appreciate, but it’s not clear where an equilibrium can be found.

No culture of verification

Another drawback to high-TPS delegated-type chains are they are not actually trustless. The high system requirements means the average user or developer will never be able to run a full node or verify the chain - so you’re trusting the validators, over and above the fact mentioned above that they are elected by plutocracy. Consider this perfect quote by Hasu: “You defend against malicious protocol changes by having a culture of users validating the blockchain / Not by having PoW or PoS”. Of course, not all delegated-type chains are high-TPS. You have low-TPS chains like Cardano and sharded chains like Polkadot that this particular critical issue doesn’t apply to as much. However, even these chains require validators to be online 24x7x365 and could have high system requirements anyway.

Potential solutions

Frankly, there are many more related issues that come with the territory of plutocratic cabals, but I’ll stop here.

Am I being paranoid? Yes, absolutely. The probability of a modern delegated-type chain being attacked is low, but it’s possible, and when they stop being ghost chains and have substantial value, there might even be an incentive to do so. Only the paranoid survive, as Grove said, but even beyond that, we should strive for better solutions. There’s no reason not to.

So, what are the solutions? Clearly, proof-of-work has its own issues. Potentially, “true” proof-of-stake without delegations might be it.

Chains like Polkadot include hybrid solutions, where they take the requirement for validators posting a significant bond with slashing mechanisms from “true” proof-of-stake, while continuing to be a delegated-type consensus mechanism. The advantage here is that unlike most delegated type chains, if its attacked, the validator and delegators will be slashed, so the chain will be able to recover. Another interesting solution is Algorand, which randomizes its delegations, so that mitigates the bribery attack vector from validators to delegators.

But the best solution, so far, is to simply remove delegations entirely. This is easier said than done, as we needed new tech like weak subjectivity and signature aggregations to make it happen, which didn’t exist before 2020 or so. Currently, there’s only one chain that does this, and that is Ethereum beacon chain. (Yes, I know there are older chains that don’t have delegations, but beacon chain the first one that mitigates some of their issues at scale without succumbing to delegations). Beacon chain eliminates a lot of the risks mentioned above, and is a fully trustless and permissionless system where each validator has an equal and predictable responsibility to validate the chain, and only needs to be online ~60% of the time to turn a profit. You don’t need to ask whales for votes, you just stake and are just as relevant as any other validator. Economically, this is much more sustainable, with Ethereum’s issuance rate for validators being 0.5% currently, up to a maximum of ~0.85% when the proposed active validator cap hits. There’s no need to bribe anyone. Needless to say, this is an order of magnitude improvement over the typical delegated-type chain. However, it has its own issues:

To summarize, delegated-type proof-of-stake chains are by their very design plutocratic cabals that centralize over time, exposing a multitude of security vulnerabilities, and are very expensive to sustain with high inflation to mitigate some of those. Some delegated-type chains are more secure than others, but Ethereum’s beacon chain proof-of-stake marks a giant leap forward, but still has its own issues fortunately with potential solutions. As an industry, we can, and must, do better.

Lastly, I see one usecase for delegated-type proof-of-stake where it might be viable. Ironically, on chains that make almost all of these delegated-type chains obsolete: rollups. On rollup chains, because security and decentralization has already been contracted out to L1, sequencer decentralization only need to perform the task of liveness and censorship resistance. Delegated-type proof-of-stake can do this, without any of the security compromises mentioned above because it doesn’t actually have to provide security, though even in this case I can see rollup developers adopt better solutions.

PS: For those requesting, I’ll now be cross-posting on Medium: https://polynya.medium.com/why-delegated-type-proof-of-stake-is-unsustainable-f18cf42e6112 [Editor node: dead link]

PPS: Please don’t ask me for my thoughts on XYZ project. I tried, but I can’t keep up as most of my responses are “It’s yet another delegated-type chain”. I’ll say that Ethereum beacon chain does not have any concept of delegations, Algorand randomizes delegations, Zilliqa uses proof-of-work, and Lukso is adopting Ethereum’s beacon chain consensus mechanism. To the best of my knowledge, every other smart contract chain is a delegated-type chain. Of course, you have rollups which are smart contract chains, but they leverage the L1’s consensus mechanism. Yes, they all have their own variations and differences, but this is not a comparison of delegated-type consensus mechanisms. This doesn’t matter - my beef here is with the concept of centralizating validation to a plutocratic election, which is something all delegated-type chains do in some way, to some extent or another, except the ones mentioned above. Indeed, even the above mentioned chains feature this to a much more limited extent, as I pointed out, and brainstormed some solutions to mitigate this.

Please understand this is not a your chain versus other chain thing. I just want to point out some flaws that should be improved upon, that’s all! I know you’re angry that you’re angry I criticized your chain unfairly or wrongly, but please take it easy.

Articles Index