Meditations on EOS
Picking apart the various aspects of EOS and the recent events concerning its methods of arbitration and censorship.
It seems to have become widely accepted over the last few days that EOS is absolutely terrible. Even those who were previously fans of the project have begun to recognise the magnitude of the problems. It is important, however to recognize that EOS is also a great thing — because EOS has shown us what not to do. The makers behind the project have done the worst thing they can do on a large scale, showing everyone who is serious about building anything in this space what to avoid, they have done a great community service, sadly on the backs of those they’ve deceived with their “world changing technology”.
One could talk extensively about the decisions made throughout the launch, the negligence of the block.one team for deciding not to get an audit of their entire code base and the choice to create a bounty program with subpar rewards. However, there are probably multiple people who can shed light on this in a great amount of detail, and if I were to do it here this post would turn into a book. For this reason I have decided to only stick to a few topics which have become more relevant after events over the past few days, namely the centralization which has become blatantly obvious after block producers decided to censor various addresses and the arbitration process those block producers seem to be happy with enforcing.
Pre-launch, a constitution was drafted which is apparently necessary when managing a “decentralized” protocol (I admit, I dislike the idea of a constitution however it could have eliminated a lot of debates and conversations we saw in the ethereum ecosystem concerning account recovery). The constitution contains various articles and I question how enforceable those would be if there was a dispute to be settled in a real court, things like the developer liability clause seem pretty unrealistic.
Members agree to hold software developers harmless for unintentional mistakes made in the expression of contractual intent, whether or not said mistakes were due to actual or perceived negligence.
Constitutional changes must be agreed upon by the block producers, if those changes are accepted by 15/21 block producers over the period of 30 days they are implemented and all users must indicate acceptance. Interestingly, in the constitution itself this is documented differently, saying constitutional changes must be accepted by token holders. In the whitepaper however, there is no text describing how a user could go about changing the constitution, this begs the question whether the constitution is solely decided by block producers or if other important coordination institutions are ever taken into consideration. These may include nodes as well as users.
When a user sends a transaction on the EOS network, they must include a hash of the constitution to indicate that they have read and accept the various articles stated within it. Through this constitution, the EOS network is able to establish a jurisdiction for the entire network. One might ask if this is really the responsibility of a “decentralized” network, to have a jurisdiction which is seemingly enforced by a somewhat centralized authority which in turn almost wipes out any claims of decentralization.
I question who initially decided that everyone would need to agree with this, for example could block producers all decide to just not require or enforce any form of the constitution and fork it away? this seems especially doable when looking at the way the EOS network was launched. To me it seems as though the block producers have made themselves legally liable by enforcing this constitution, I am no lawyer so I may be wrong on this.
To discuss and come to resolutions the EOS community has created the EOS Core Arbitration Forum. It is unclear to me whether this was started by block.one, or is more of a community effort started by various block producers or members of the community. In the FAQ however, it is noted that block.one is not linked to ECAF and that it is an independent self-governing structure. What is also not clear is how ECAF has any form of authority, it seems as though various block producers just seem to agree that ECAF is the authority but there is no real way this is enforced, other than through the constitution which still begs to ask the question of why the constitution is enforced. For this reason I wonder what would happen if all the block producers decided to ignore any rulings made by ECAF, it would be interesting to see what happens to block producers who decide to ignore such rulings.
In order to become an arbitrator for the ECAF, one must be known to a member of the ECAF. This seems like a smart idea in order to guarantee that said arbitrator can be trusted, but it can soon turn into a centralized system where a cartel rules over much of the arbitration process, if those are colluding with block producers it may become a significant challenge to get rid of them. It is also not very clear on how arbitrators are kept in check, most decentralized arbitration systems would require a stake in order to have a financial incentive for arbitrators not to act maliciously. But considering this entire system seems rather centralized, there may be some other way to keep arbitrators in check.
Currently, there are 4 different arbitrators, these are interim arbitrators and will be confirmed by token holders during a vote roughly 6 months after the mainnet launch. The referendum being voted on by token holders could be seen as rather dangerously when we consider some of the caveats of on-chain token holder based voting.
Even if all of the finer details of a voting mechanism are implemented correctly, voting mechanisms in general have a large flaw: in any vote, the probability that any given voter will have an impact on the result is tiny, and so the personal incentive that each voter has to vote correctly is almost insignificant. And if each person’s size of the stake is small, their incentive to vote correctly is insignificant squared. Hence, a relatively small bribe spread out across the participants may suffice to sway their decision, possibly in a way that they collectively might quite disapprove of.
The size of the bribes required for a token holder to approve certain arbitrators could be very small and may remain undetected, this is due to the fact (as mentioned by Vitalik) that voters have little to no incentive to vote correctly as the impact they have on a result is tiny.
Malicious arbitrators could easily collude with various parties to revoke EOS tokens from large accounts and then potentially distribute those throughout those who colluded with them. This may of course require the collusion of block producers and the forum, but given the necessary incentives could be quite possible.
Allowing a court of any kind to revoke someone’s tokens in a system like EOS is something I would argue should be avoided at all costs. It gives a large amount of power to single parties of the environment who can do as they please and rule in tyrannical methods with close to no one being able to stop them.
To train arbitrators, the ECAF publishes a handbook with relevant methods. References to this handbook or the handbook itself could not be found.
One question that I asked myself when writing this repeatedly is what the legal implications are for block producers. What happens to block producers that enforce rulings if then taken into an actual court in a jurisdiction that may not agree to the ruling of ECAF on the basis of the EOS constitution, are they liable? Additionally, due to the centralized nature of the EOS ecosystem and its arbitration process could block producers be seen as money transmitters? To me it seems like a not so far fetched assumption that a court in the United States could find an american block producer to be a money transmitter. I would argue that if it wasn’t for the constitution and blatantly showing the ability to freeze accounts etc. this would be less likely.
Freezing of 7 accounts
On the 17th of June, the EOS block producers decided to freeze 7 accounts which were associated with phishing scams. Due to the fact that the EOS constitution had not yet been ratified by token holders, the decision was met by the block producers and not ECAF itself as arbitrators could only produce a guidance and not a real ruling.
A ruling was later pushed to the block producers with order ECAF Arbitration Order # 2018–06–19-AO-001. This indicated to block producers that they must continue to refuse any transactions from the 7 listed accounts indefinitely up until a later notice is given.
What really struck, was the fact that this order declared that the logic and reasoning would be posted at a later date, and the apparent fact that this is completely fine.
The timeline of the order displays a large concern, the ability for block producers to act autonomously and meet decisions that affect various actors of the network themselves without much that can be done by anyone. What if the collusion of block producers could result in the tokens of those disagreeing with them being revoked, would that be possible and if so who is to stop them?
Members of the EOS community have also been outspoken about the freezing of accounts, saying that the block producers have gone against the arbitration process in place.
Attacks & Conflicts
The problem with the governance system EOS has introduced, is the fact that there are scenarios where the legal system and the constitution may conflict.
Let’s take the scenario of a legal marijuana vendor who has decided to accept EOS as a payment method. This vendor believes that he is doing what he must legally and has decided to accept EOS as a payment method as the american system currently makes it hard for such vendors to open bank accounts. The seller in this scenario has done nothing illegal in the jurisdiction where he is located, however if ECAF decides that selling marijuana under the constitution is suddenly illegal, the vendor runs into the risk of having his EOS either locked or completely revoked.
Additionally, there is the attack described by Emin Gün Sirer in a series of tweets:
This is a rather simple attack and does not seem like an impossibility, the problem with EOSs arbitration system is that it does not play well with other cryptocurrencies and that arbitration on EOS can have a direct affect on various other currencies, potentially affecting the entire market. It is hard to think that the ECAF arbitrators will be able to verifiably measure the problems which may arise from a simple account freeze, and if they can, the effort to do so might not be worth their time.
The sheer centralization of the entire governance system of EOS and the network itself is concerning. I fear many users are not actually aware of how centralized it really is. The token holder voting seems to be a method to hide away the centralization, but I question how much power these token holders really have in the on-chain governance, especially if there is a method with which block producers could censor the concerned party. If the arbitration can result in revoking EOS tokens from a given user, then the block producers must have the ability to do so, unless this is somehow a right given to the forum. Nevertheless, the entire model of EOS seems like an oligarchy veiled in a democracy that can be easily corrupted through various means.
The governance of EOS seems like it started off with the right intentions, but by trying to solve for every possible edge case turned into a centralized system where power to do absolutely everything is given to the block producers.