Posted on

The 'Dark DAO' Threat: Vote Vulnerability Could Undermine Crypto Elections

Malicious cartels just might be lurking on your blockchain.

At least, that’s the latest finding from Cornell University researchers Philip Daian, Tyler Kell, Ian Miers and Ari Juels, who reached the conclusion in a paper published last week on a vote manipulation scheme it termed a dark decentralized autonomous organization, or “dark DAO.”

Describing the dark DAO as an entity set up using smart contracts, it would be undetectable, buying users votes in order to overwhelm governance systems, issue false signals or engage in market manipulation. According to the paper, such an attack would have far reaching-consequences in that it’s applicable to any project that uses a form of governance in which those who own the coins would have a say in decisions.

Adding weight to the finding, is that this distinction applies to an increasingly large amount of cryptocurrencies, including those with valuations in the billions.

Projects like EOS, Tezos, Tron, Decred and Polkadot, for instance, have all deployed various forms of blockchain voting in an effort to formalize decision-making on their software.

Several of these systems rely on a technology called delegated proof-of-stake, which requires a certain number of nodes to be chosen to validate transactions on the network. As such, token holders are allowed to stake their coins – basically posting them to the blockchain to prove they control them – in an effort to make their votes go further.

Others seek to overcome the governance hurdles faced by major blockchains by allowing stakeholders to vote on technical changes – or what Tezos calls a “self-amending crypto ledger.”

And while some of these projects have already hit roadblocks in their experimentation, according to the Cornell researchers, a dark DAO could cause havoc in a way that surpasses what’s happened in the past.

“The whole decentralization enterprise is founded on democratic ideals, so voting seems a natural governance mechanism,” Juels told CoinDesk. “Unfortunately, it’s hard to get right and until a catastrophe occurs, people tend to assume that theoretical problems won’t materialize.”

The co-author pointed to The DAO hack in 2016, where a malicious user drained 3.6 million ether from the first DAO built on ethereum, adding:

“In a post-2016 world, the fact that election systems can and will be subverted should be crystal clear.”

Past precedent

According to the researchers, this particular dilemma is another case where entrepreneurs in the blockchains space seem to be turning a blind eye to past analysis.

Ethereum founder Vitalik Buterin and ethereum researcher Vlad Zamfir, for example, have criticized on-chain voting mechanisms as “plutocracies,” whereby the wealthy – those that own more coins – rule.

The paper states:

“The blockchain space today, with predictable results, continues its tradition of ignoring decades of study and instead opts to implement the most naive possible form of voting.”

According to the paper, a dark DAO works by essentially dominating voter participation, which is especially disconcerting since many of these votes have suffered from low turnout.

One of the “attack flavors” the paper describes is that of the impact of “trusted hardware.” Because such hardware allows computation to occur in an “enclave” or private setting during which time it’s still submitting proofs, the authors argue this would allow nefarious actors to participate in the attacks without their identity being revealed.

This also means that the manipulated votes couldn’t be detected either.

“Potentially nobody, not even the DAO’s creator, can determine the DAO’s number of participants, the total amount of money pledged to the attack or the precise logic of the attack,” the paper states.

Such a cartel could overwhelm a cryptocurrency, “covertly collecting coins until it reaches some hidden threshold, and then telling its members to short the currency,” it continues.

More attacks

But that’s not to say that systems different than those employed by on-chain governance blockchains are particularly safe either.

For instance, the researchers also detail a bribery attack that could be committed against ethereum’s signaling tool, called Carbon Vote. (A proof of concept for the attack was published to correspond to the release of the paper.)

In this example, a smart contract simply offers to buy votes and can do this in a private or a public way.

The blog post warns that as blockchains begin communicating with each other – also known as interoperability – such incentive-based attacks between competing blockchains are likely to become more frequent.

“In a world with only one smart contract system, ethereum, internal incentives may lead to stable equilibria,” the paper states, adding:

“With two players, and the underdog incentivized to launch a bribery attack to destroy their competitors, such equilibria can be disrupted, changed and destroyed.”

While Jake Yocom-Piatt from Decred acknowledges that these kinds of attacks stand to be highly problematic in the future, the issue is one for both systems that deploy both on-chain and off-chain voting mechanisms.

He told CoinDesk: “It is difficult to defend against vote buying, and it is currently an open research topic how to best defend against it.”

Mitigating the threat

Speaking to CoinDesk, representatives from several on-chain governance projects – Decred, Polkadot and Tezos – said a crucial defense strategy is to raise the cost of attack.

Arthur Breitman, co-founder of the Tezos project, said, “At the end of the day, the only viable protection mechanism is ensuring that decisions involve sufficient skin in the game to ensure accountability to the network.”

Breitman also said that research into futarchy, in which decisions are made by future markets, could help on-chain governance going forward.

But according to the paper, the only defense against such attacks is more trusted hardware, “to know a user has access to their own key material (and therefore cannot be coerced or bribed), some assurance is required that the user has seen their key.”

Still, Juels noted that the reliance on trusted hardware will seem “anathema to a lot of the cryptocurrency community.” As such, he suggested the possibility of “social mitigations” or “community-implemented deterrence to election subversion.”

However, he and Daian warned of the complexity here.

“The mitigations for such threats are primarily social, in many cases imperfect, and in many cases likely complex enough to introduce additional vulnerabilities or attacks,” Daian told CoinDesk.

According to Daian, oversights of this type are common within the industry:

“In general, the blockchain space is extremely myopic: many of the ideas currently being put forward are not sustainable long-term, and only work because the systems being secured are either small or uninteresting to sufficiently motivated adversaries.”

Yet, the Cornell researchers plan to publish another article soon to discuss other available schemes that could eliminate, or at least diminish, the chance of these attacks being perpetrated.

Daian said, “I would strongly caution against direct reliance on any voting scheme vulnerable to vote buying or coercion in decision making.”

Not scared of the dark

Still, while ominous, other researchers don’t seem particularly fazed by the paper.

Griff Green from Giveth, an ethereum-based charity organization, said that little experimentation has gone into smart contract-based autonomous organizations since The DAO hack in 2016. As such, the likelihood that a group has created a dark DAO is slim, according to him.

“DAOs are built to decentralize decision making across stakeholders over shared resources. If that shared resource is ‘circumventing an on-chain election’ then sure, of course, it might be done one day, but we don’t even really have DAOs out in the wild yet,” he told CoinDesk.

“There is no foundation to really draw any conclusions on how DAOs can be used to circumvent other DAOs in their own elections,” he continued, dismissing the paper as “mental masturbation.”

Luke Duncan from Aragon, an ethereum application for building DAOs, seemed similarly calm.

While he admits the connotation around dark DAOs is negative, the industry is interested in protecting the privacy of organizations or individuals using the technology, so looked at in a different way, the research could point to positives.

He added:

“With any of these powerful technologies there’s how it can be used for useful applications and censorship resistance and then how people can use the same techniques to do more nefarious things.”

Dark water image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

EOS Is Coming, If Anyone Can Figure Out How to Vote

After a year-long initial coin offering (ICO), perhaps what has become the most hotly anticipated blockchain is scheduled to launch on June 2.

That blockchain is EOS, which has raised more than $2 billion in its token sale for Block.one, the company that created what’s being touted as a dramatically more scalable and user-friendly version of today’s blockchains. Those assertions rest on the projects consensus algorithm, delegated proof-of-stake (dPoS), whereby a set number of nodes – in the EOS case, 21 – will be chosen to act as validators (or “block producers”).

These nodes will take turns verifying blocks at a rapid clip, with each one taking a turn every three seconds or so. The idea is that with only a few validators it becomes easy to process lots of transactions very quickly (although there have been critics of these claims).

Since these validators will have a lot of responsibility, they will, therefore, be rewarded for their work (through the governance process, the EOS community will get to decide on what the rewards should be) with newly-minted EOS tokens, similar to how bitcoin rewards miners.

As such, it not only looks highly desirable financially to be a validator node but will also come with a certain amount of power. And vying for those spots (or backup node spots, which will also receive rewards) are several dozen organizations.

Companies aiming to serve as block producers range from existing crypto-mining operations, exchanges, blockchain consultancies and teams of EOS enthusiasts. Candidates are spread out all over the world, but China shows the most interest, followed by entities in the U.S.

This question of power has been at the center of quite a bit of debate, with skeptics, led by ethereum creator Vitalik Buterin, saying that EOS’s governance system is easily manipulable. According to Buterin in a post titled  “Plutocracy Is Still Bad,” it would be easy for cartels to form within such a small system.

Those spots, though, won’t be chosen by Block.one; the company merely created the software, but once the mainnet blockchain launches, the choices made over the blockchain will no longer be Block.one’s responsibility.

Sure, the company may be investing millions of dollars into the EOS ecosystem, but for now, just days before the launch, it doesn’t seem to have invested in educating the community on how they can participate in its governance.

Even Katie Roman, an EOS cheerleader and self-described Dan Larimer (who co-founded Block.one) fangirl, acknowledged the issue stemming from Block.one’s hands-off approach after launch.

“Block.one has said since the beginning of this project that they are not launching the chain, so the details of where and how to vote are not up to them,” she told CoinDesk, adding:

“This is the hard part about decentralization and DPOS in general. Anyone can lead an effort, but that also means that there is a chance that no one leads an effort.”

Nathan James, the founder and CEO of Scatter, a Metamask-like application for storing and interacting with EOS, echoed much the same, telling CoinDesk, “A lot of this launch has fallen to the community.”

Block.One has not replied to multiple requests for comment for this story.

The voting process

Still, there are a few videos and blog posts circulating about how the validator voting process will work.

The protocol uses so-called approval voting to designate validators, whereby each wallet can “approve” up to 30 validators and those approvals will determine the 21 “supernodes.” Voting users don’t have to pick all 30, though, but they also can’t cast unused approvals to bolster their favorite validator.

Voting happens continuously. There’s no election, per se, instead, an election is constantly running. With each new block, validators could potentially get ousted.

And once a token is staked for a vote, that token stays staked for a minimum of three days.

This means there is a cost to voting.

A user that stakes tokens to vote faces the risk that they can’t sell those tokens if the price dips or spikes. And no doubt there’s a lot of people holding EOS tokens right now hoping for a price spike right after mainnet launch. For instance, a quick scroll through the EOS Telegram channel shows that many users are excited about these potential gains.

“The whole point of the voting process is to have informed voters who have stake in the system,” Syed Jafri, founder of EOS Cafe Calgary, a validator candidate, wrote CoinDesk in an email. “If you have a financial stake in the network and wish to protect it, the best way to decide the future of the system is through participation in the voting processes.”

Yet, that only works if people do care about the future of the system and understand that voting helps ensure it, and aren’t just in it for the financial gain.

Another mechanism of the dPoS system is that a wallet’s vote is weighted by the number of EOS tokens it has staked on the network, so in this way, people with more tokens can have more of a say.

Block.One’s VP of Product, Thomas Cox, wrote about this process in a blog post, acknowledging that the system does give wealthier users more power, but saying that since EOS is all about the property of financial assets, the people with the most assets should have more weight.

Since EOS is more like a glorified bank account and not a nation-state, Cox wrote:

“Blockchains don’t run prisons and they can’t prosecute people for violent crimes. The very reasons that make ‘one person, one vote’ so important in a real-world government, are simply not present in a property based blockchain.”

While this type of system has proven to rub some crypto enthusiasts the wrong way, as they contend no one should have more power than any other person on the network, it is a trade-off for scale which will be now be tested.

In the code

But for many in the community, just how exactly they can participate in the system is unclear. For instance, if a user wants to stake 100 EOS tokens to vote on who he/she believes to be the best validators, how does he/she actually do that?

While there are several posts about the importance of voting and what kinds of issues users will be able to vote on, none tell users exactly how to vote.

There is an answer, though, but it’s in the code.

Roman wrote that Block.One is “enabling command-line voting, but most token holders do not have the technical skills to vote that way (me included).”

And as Roman noted, that’s not the easiest place for many in the community to understand. The ones that do understand it are likely those in a position to want to maximize their control over the network: potential validators.

Some community members are trying to get ahead of this problem.

For example, Roman is running a fundraising campaign to pay for the development of a user interface that she hopes it will be ready by the launch. And James has built an interface but that’s only for use on Scatter.

Plus, one of the biggest crypto exchanges, Bitfinex, which holds EOS on behalf of its users, took to Reddit to commit to building a tool that would allow its users to vote their EOS. But the target date for that tool’s release was May 16, and currently, there’s been no tool launched or no update issued.

Bitfinex did not immediately respond to a request for comment.

Still, even if these tools launch in the few remaining days before the EOS mainnet launch, many users will be unaware they exist. Some even wonder whether the blockchain will be launched after all since without adequate voter participation the blockchain will not go live.

According to James, “For a chain to become ‘launched’ 15 percent of the total tokens must be voted.”

He continued, contending user education is greatly needed right now:

“What we need right now is people to come together and create informational videos, posts and tutorials about the process and the importance of voting.”

And there’s not much time left.

EOS coin image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.