I think I see. The argument is that even though attacking ethereum to short-sell ETH may not work (as a successful 51% attack would also burn >1-5m ETH, so it may well on net make the price go up (!!)), but it could easily interfere in any dapps on top of ethereum in the meantime with no compensation. This is certainly an issue. Mitigations I can think of are:
Designing dapps so that they maximally “fail safe”; try to avoid assuming liveness on scales of less than a few weeks as a security assumption.
Plasma and state channels - even if the underlying blockchain fails, most layer-2 constructions lead to zero loss of service if you temporarily introduce the additional assumption that the counterparty/operator is honest. That is, for plasma or channel constructions to break, both the main chain and the counterparty/operator must be trying to attack you.
Protocol changes such as rent and fee reclaiming which burn a portion of txfees; this ensures that the value of ETH goes up under conditions of high demand for dapp usage, making it less likely that dapps will have a high value without ETH having a high value.
I guess we should distinguish between “break” in the sense of “irregular state transition / money is stolen” and “cannot provide the service to the user”, since even if a plasma operator is honest users might not be willing to continue making state transitions on the plasma chain, leading to a drop in the price of some app token.
Agree; I was talking about safety failures. If we’re talking about liveness failures, then the operator/counterparty attacks that can break liveness, but the main chain breaking cannot even break liveness, at least with state channels; with plasma you would have to rely on cryptoeconomic commitments to include things in some order.
Let me elaborate. I assume this burning would be caused by community initiated hardfork, is this correct?
I couldn’t understand “how” burning comes with this scenario.
True. Some earlier implemented sidechain might not have this parental fail-safe though, matured sidechain must have it by default. All earlier implemented sidechain must upgrade themselves as new security insight comes up. This is little bit hard part to me as Plasma lover.
In the “malicious party trying to attack the Rootchain” scenario, Casper PoS internally-applied nth-layer chains are also can be target of “collateral share overwhelming”. And it’s easier because nth-chains are rely on the Rootchain security. Hence I doubt “zero loss” is over expressive, yet still I can agree what you intended to say.
BTW, I got an insight that under this nth-chain also overwhelmed scenario, only the targeted “CDS or DEX used short-sell executor chain” might be kept alive for enabling attack.
If I could understand “burning” rationale, almost all doubt will be not a big deal.
The idea is that if ETH gets partially burned if paid for transaction fees, there’s a direct connection between expected future transaction fees and the value of ETH, so if there’s (expected to be) a very high level of base-chain activity, the value of ETH will incorporate that prediction, so there’s a natural upper bound to the ratio between expectations of future activity (and therefore value) of on-chain dapps and the value of the total amount of ETH.