Simple attack on Masternodes and Stakers


#1

Hello PIVians

Today happened what I feared for a long time now. Somebody just knocked out, either willingly or by accident, around 400 MNs and god-knows how many stakers. Here is what happened:

Somebody filled the blocks up to more than 700 kb per block. The problem is that most self-hosted staking wallets and/or Masternodes are running on SBCs which do not seem to have the performance to handle zPIV very well. One 700kb-ish block takes around 3-10 minutes to confirm with my rock64. Filling up several consecutive blocks will slow down the sync a lot while simultaneously increasing the probability of a complete wallet crash.

Here we see that it was actually the case:

At the morning of the 25th there were around 178x Masternodes. Many of them went down.

This problem was not obvious in the past since most blocks were very small and some single big blocks are no issue. Now this is a “new” cheap attack surface. With spamming some big blocks and knocking out 20% of MNs and many many stakers, a bad actor probably increases her payoff a lot. The short time you are given to recover your MN is by far not enough to avoid the three day lock down.

Now you might argue that one should simply give away his MN to a VPN service. This is not a very good option as it leads to more centralization and (what is actually a huge problem) centralization of MN voting-potential. Despite this option, stakers are busted either way, as they would have to entrust the stake to a third-party.

So what can we do? Can somebody from the dev-team predict whether we can expect some performance increases (especially by using several cores, as I heard that zPIV mainly utilizes one core)? Or will this be not a thing and we have to find a new solution?

Sincerely,
TheEconomist


Setting up a self-hosted MN from scratch (+ automatic backup + crash-notification + SPMT-tool)