A random user couldn’t do this, because the attempted 1 eth exit would require a merkle proof of the corresponding utxo (which doesn’t actually exist). This griefing vector only works if you can get an invalid utxo included in the plasma block (and thus the Merkle root), so the operator would have to be in on it.
Good observation, but I think in reality it could be pretty much the same thing. If a centralized hub tries something malicious in one (or a few) channel(s) and the counterparty user is forced to close the channel, the news will spread (by observing the main chain or through off-chain channels) and people will start leaving the hub, i.e. closing their channels. Does that make sense?
1 Like
Indeed, the panic-factor may ultimately lead to channel exits anyway. (Although I, for one, would defiantly keep my channel open with the hub until forced to settle; cryptoeconomics, dammit!!!)
Operator, while submitting a block, adds a hash describing his knowledge about deposits in the contract. Contract computes his own summary of state of deposits and compares it with submitted one. If not equal, transaction submitting the block is rejected. This solution enables operator to spend deposits as soon as they appear, without waiting.
Gas cost of this solution is 200 + 42 (SLOAD, SHA3 on two words) gas per deposit made to the chain, paid by operator.