Right, but an operator can update the balance with a fake deposit amount, send it to themselves a few times (masking the initial fake deposit), and then do a fast exit, all within a single withheld block. So you can prove that a single state transition is invalid if the block is available, but you can’t prove it if blocks are withheld. You also can’t efficiently prove that a chain of TXs is invalid.
Nitpick, there is no risk if the PETH is properly verified before purchasing (verifying the main chain up until the exited TX).
But yep, you basically get a market that trades withdrawal-locked Plasma ETH for liquid ETH.
In case of block withhold, stakeholders won’t sign the checkpoint and that’s why it won’t be the part of main chain. In @bharathrao model, stakeholders can vote for halt without any new checkpoint. So operator won’t be able to exit with fake deposit.
The operator can do this within the “fast exit” time (whatever that is, 2hrs?), so the vote would necessarily have to occur before this time is complete.
I think this is possibly broken. I can now halt the chain and force withdrawals by controlling > threshold of stake. If I hold > threshold of stake + I’m the operator, then I can just include invalid blocks and steal funds.
Even with (or without) case of “single operator with the threshold of stake”, the system must have “propose, wait for the challenge and commit” process while submitting the checkpoint. And allow anyone to challenge the invalid transaction. There are two issues here though:
- The challenge period must be long enough. Mitigation would be - use smaller block time and longer checkpoint time (and use partial confirmations). Similar to Plasma checkpoint cost and block time
- Data availability. I think that is being discussed on Minimal Viable Plasma
Well I agree here. If the checkpoint challenge period is long enough (2 wks, for example), then everyone can exit if a withheld checkpoint is proposed.
1 Like
Well I agree here. If the checkpoint challenge period is long enough (2 wks, for example), then everyone can exit if a withheld checkpoint is proposed.
One way is to avoid priority queue as much as possible to avoid emergency mass exit (perhaps cannot avoid it :). Instead just halt chain and turn into “withdraw only mode” for now, and user can exit without urgency or priority. One can do that in one transaction with vote sigs in short period (no need > 2 weeks. Around 2-6 hours would be enough for that).
1 Like