The promise of Ethereum’s move to proof of stake (PoS) has caused much excitement and discussion in the blockchain community over this year. Despite the upgrade taking considerable time to make any critical progress, the hype appears to sustain.
However, a recent incident on the Ethereum 2.0 testnet demonstrates that this version of PoS still needs plenty of work to solve critical issues with centralization and slashing the stake of honest network participants.
The testnet grind to a halt after a bug affected the Prysm client, which is used by a large majority of validators. The bug in question originated from Prysm’s use of Roughtime, a broadly centralized clock service provided by Cloudflare.
Roughtime is designed to provide a single source of truth regarding time in order that validators can reach a consensus over the timestamp that should be applied to any given block. Users connect to one or more Network Time Protocol (NTP) servers. Prysm was connecting validators to six NTP servers, which due to some bug, all returned an incorrect time.
Unfortunately, Prysm had no fallback for such a scenario, resulting in chaos on the Ethereum 2.0 testnet. By August 16, although the testnet was back up and running, there were up to five major forks. Even worse, many of the validators had been subjected to “slashing” - the Ethereum 2.0 penalty mechanism, which is ostensibly designed to prevent the “Nothing at Stake” attack.
The Prysm incident unveils fundamental issues that Ethereum 2.0 developers now need to solve before the mainnet can go live.
Firstly, it illustrates that even if there are thousands of validators using the Prysm client, they are heavily dependent on a centralized third-party service.
Potential solution could be to follow the example of Nxt’s pure PoS and implement a network-intrinsic clock.
Another significant issue, and one which could have been foreseen, is the application of the slashing mechanism to nodes that have done absolutely nothing wrong.
It is too early to tell if slashing indeed represents an effective protection against a nothing at stake attack or even if nothing at stake attack is indeed a practical risk for Ethereum or any PoS network at all given that it was never observed in the wild.
However the risks of mistakingly and automatically confiscating funds from potential block generators is already evident.
Whether or not the ETH 2.0 developers will choose to discard their slashing penalty remains to be seen, particularly since operating on testnet means that no validator has lost out on any real funds. However, in a live environment, the Prysm incident would have seen many honest validators lose their ETH stake.
Lior Yaffe is co-founder and director of Jelurida, and has 20+ years of experience in design, development, and deployment of enterprise applications for large organizations. Lior has his B.A. in computer science from the Technion in Haifa, Israel. Before establishing Jelurida (the company powering Nxt, Ardor and Ignis), he led the development and product management of a leading mainframe integration product at Software AG.