A Review of the Stacks Blockchain from a RSK perspective
In this article I analyze the Stacks blockchain and compare it with RSK, especially on their origins and consensus protocols. To keep this article as short as possible, other platforms’ features, such their ecosystems, will be analyzed in a follow up post. While this post intended to be a purely technical analysis, my research on Stacks led me to a more philosophical discussion about fair coin distribution in PoS systems. I did my best to learn about Stacks consensus, having many times banged my head against the wall due to the lack of documentation. However, both Muneeb and people in Stacks forums were kind to respond to my technical questions (3). If you discover that the description of the Stacks protocol is incorrect, contact me and I will amend this article.
The Origins
Both RSK and Stacks have something in common: they are the only projects advertised by their communities as providing smart contracts on top of Bitcoin. But they are very different, almost representing opposing views of what it means to build on Bitcoin and what a cryptocurrency is.
RSK is a Bitcoin sidechain designed in 2016 (I was involved in its design). It was developed and finally launched in 2018 by a Latin American grassroot bitcoiner group, who founded RSK Labs. It soon developed its own community with shared bitcoiner values. RSK went under the news radar for almost a year, as bitcoiners were focused on the growth of the Lightning Network as the only payment scalability solution for Bitcoin. During the first year RSK had an organic growth comparable to the Bitcoin Lightning Network, slowly conquering unbanked people in Latam, and quite distant to speculative use-cases. RSK community is centered around the benefit of an open new financial system for financial inclusion and the belief that stateful smart contracts and stablecoins collateralized with Bitcoin are the enabling keys. During the first years the RSK community kept building infrastructure, such as easy to use wallets, on-ramp and off-ramps, to be ready for prime time. In 2019, the DeFi boom began, starting in Ethereum but then moving to RSK and other EVM-compatible blockchains as gas prices soared in Ethereum. DeFi developers realized that DeFi applications need not be tied to a single-chain, but can become multi-chain easily on EVM-compatible platforms. RSK was chosen due to its high security and cheap transactions. In 2020 and 2021 many new DeFi dapps were created on RSK by the RSK community. The existence of more users accelerated a virtuous circle where wallets integrated the DeFi applications natively, and tens of thousands of new users became active DeFi users in 2021.
Stacks creation and development was more centralized. Stacks was created by Muneeb Ali in 2017 under the previous name Blockstack. He wrote all white papers and founded the company Hiro Systems PBC to develop the project. He raised several investment rounds from known VCs. Many applications were developed for Blockstack. The Stacks platform seems to have a few hundred daily active users as of May 2021, if you look at the transaction volume in the block explorer. However, it seems that the active users does not equal active addresses on Stacks. Users can register a username (domain name) without any blockchain transaction. I was told that the explorer only reflects the active users of smart contracts and not active users of apps which require usernames (which are very hard to measure).
Regarding the involvement of early VCs and premines in Stacks, there are mixed opinions. Premining was a bad word until Ethereum did its pre-sale. Now is common for funding new projects. Certainly, for a cryptocurrency that pays an interest for staking, the coins should be fairly distributed among thousands of users to increase the consensus security and avoid a plutocracy.
Finally, given Muneeb academics credentials, I was disappointed by the inexistence of a scientific paper describing Stacks PoX consensus protocol. No soundness or liveness proof. The white papers only superficially explain PoX consensus.
Incentive Alignment
RSK is a Bitcoin sidechain. That means a lot. It means that no other token is needed to make RSK work. It means that Bitcoin is the native coin of RSK and it means that as long as Bitcoin remains a store-of-value, RSK fears no inherent monetary risk. Bitcoin miners earn transaction fees when merge-mining RSK. This flow incentivizes improving the security of both Bitcoin and RSK. The majority of Bitcoin miners participate in merge-mining RSK.
Stacks announces itself in marketing materials as a Bitcoin companion, but internally it bears no shared incentives with the Bitcoin community (miners, holders or infrastructure providers). The only link between Stacks and Bitcoin is that Stacks uses the Bitcoin blockchain as a technology to secure consensus, and as a byproduct stacks has a Bitcoin blockchain oracle. Stacks 2.0 native currency is STX, not Bitcoin (and there is no wrapped-BTC token on Stacks!). As the intent of the Stacks developers is that people stack (lock for long periods) the STX token, it looks like the incentivized use case for STX is as a store-of-value, directly competing with Bitcoin. In an event of confrontation between the Bitcoin community and the Stacks community, Bitcoin miners could censor Stacks PoX transactions (they can be distinguished easily), leading to problems or a halt of Stacks consensus. Because of the lack of cross-chain incentives between Stacks and Bitcoin, Stacks is a Remorachain.
To summarize, Stacks competes with Ethereum, Avalanche, Cosmos, Arbitrum, and all other smart contract blockchains, which is a compliment for Stacks. I just don’t buy the “Built on Bitcoin” slogan.
Blockchain Consensus
RSK uses merge-mining to secure its chain, and its security is given by the value transacted on RSK, and the incentives of Bitcoin miners not to attack a Bitcoin sidechain. Cryptoeconomic security rises as fees do, but during its first year RSK was mainly secured by a 51% honest mining majority. Since more than 68.5% (monthly average) of the Bitcoin miners also mine RSK, and that percentage is rising day by day, the security threshold of RSK is rapidly approaching Bitcoin’s. Merge-mining security has been criticized as insecure during bootstrapping, but RSK has successfully surpassed the “insecurity zone”.
On top of merge-mining, RSK has a decentralized protection system called Armadillo. Armadillo nodes can detect potential malicious forks before they cause damage and alert the network about them. Any user can run such a node.
As of the future, RSK community is also evaluating implementing an innovative improvement of standard merge-mining called Inclusive Fork-aware Merge Mining.
Stacks’ consensus protocol is called Proof-of-Transfer (or PoX). Miners bid for the right to create a block. The process of selecting a block proposer (called leader) resembles an all-pay auction. In an all-pay auction, all bidders must pay their bids, even those who do not win the auction. The bidding happens using bitcoins. The bids are to be sent to some “stacker” addresses, which are determined using a multiparty random number generation process. As time goes by, the PoX mechanism will apparently undergo some transformation (sunsetting process) whereby an increasing portion of bitcoins are burned instead of being transferred. Who are the stackers? How does the set of stackers evolve and what is their connection to miners? Does the mechanism contribute in any way to the bitcoin community?
Stacks consensus protocol comes without formalization and without a security proof. The description in the PoX white paper is vague. There was a pre-existing Stacks 1.0 consensus protocol that mimics Nakamoto Consensus and achieves its security by anonymous virtual miners burning bitcoins. The security collected by the best chain is given by the value burned. The best chain is the one with the most burned value. Stacks 1.0 consensus is easy to analyze. But in Stacks 2.0 instead of burning the bitcoins, pseudonymous block producers bid for the right to create blocks by transferring bitcoins to another pseudonymous group called stackers that perform fixed-term deposits in a new token called STX. In return, the stackers signal (vote) on a Stacks chain version/fork as the current one. The locking of STX by stackers is called stacking (don’t confuse with staking).
The paper later alerts that the stackers may, over time, overlap or collude with block producers, and then block producers will be just paying themselves, rendering the consensus protocol insecure. There is a high chance the community will never discover this until it’s too late. The paper proposes that if the community detects an overlap (difficult, since all participants are pseudonymous), the community will hard-fork the network to the previous consensus protocol (Proof-of-Burn) or somehow a central authority will decide who to pay the bitcoins to. For more information the white paper redirects the reader to the improvement proposals which either contain deprecated information (stacks 1.0) or an exact copy of the white paper content.
Stacks consensus resembles a two-chamber government, and this idea is not new in the blockchain ecosystem(1). In such cases a majority of each chamber members decides the chamber vote, and both chamber votes must match to reach consensus. This idea is not inherently flawed, but requires that at least the participants of one of the chambers can be identified beforehand, or can be legally liable if a fraud is committed. If not, then it just represents an honest majority assumption on all pseudonymous actors together. This is no different to proof-of-stake (without slashing) and the only motive for these actors not to cheat is unrealized future revenue.
Finally, according to the stacks whitepaper, Stacks block producers can also produce Bitcoin-NG style micro-blocks, as frequent as one per second, but I couldn’t find any way to see them. I was told that microblocks can be produced every 30 seconds, and the functionality is implemented and functional, but not reflected in the block explorer.
Consensus Security
RSK consensus is based on merge-mining, and it is known that merge-mining achieves high security when participating blockchains incentives are aligned, when the majority of miners participate, and when the fees paid by the merge-mined chain is significant to merge-miners. RSK scores high on the three conditions. RSK is a Bitcoin sidechain, an average 68% of Bitcoin miners do merge-mine RSK and RSK fees paid to miners have been steadily increasing.
Is much more difficult for me to say that Stacks PoX is securing consensus. The claim of security in PoX documentation seems to be circular: block producers will receive STX rewards as long as stackers vote for the chain they are extending and stackers receive rewards as long as block producers follow the chain they voted for. However, I was told later that stackers’ votes for the best chain is only a hint for miners, not actually enforced by consensus (4). I still think that if the two groups collude and deviate at the same time, they can reorganize the chain and impose any fork they wish without penalty.
Also, once the attackers collude to take over block production (a coup), they can outcompete any honest block miner since they benefit from paying themselves, while the honest intruder must either pay the malicious group to mine or else burn the coins. Luckily the honest majority of stackers can be restored by using a feature in the protocol that prevents stacking censorship. This is done by using special Bitcoin transactions (called Stack-STX, Transfer-STX, PreSTX), but to regain control of governance they would need to surpass the stake of the attackers, and the attackers can also stack more, just enough to maintain the voting majority. In the end, the group who control the majority of stacked STX have the possibility to retain the power, just like PoS. Why stackers provide a hint of the best chain? I don’t know. It seems that if miners follow this hint, this weakens the protocol security. If they do, the fact that there is no slashing means that the only deterrent for a coup reorganizing the blockchain is the potential value loss of their STX holdings. In any case, as in any blockchain, the majority of miners can censor the minory of miners by ignoring it, and mining a sibling block.
PoX has one benefit over PoS: although block producers can be censored (miners can skip blocks), they cannot be silenced, as the Bitcoin blockchain is used as a secure broadcast medium. Stackers can be outcompeted, but not censored. In the end, the last resort is a UAHF that confiscates the STX of the malicious stackers.
As the PoX white paper states, the only way PoX can remain secure is by preventing block producers from stacking, which can only be achieved by a trusted group stacking most of the STX in circulation. In other words, a plutocracy. To avoid becoming a plutocracy PoX requires an initial coin distribution among many individuals, exactly as PoS. Therefore I decided to find out what the coin distribution was when stacks 2.0 was launched 4 months ago.
Pre-mine
Stacks 2.0 took a snapshot of a previous ledger called Blockstack, which was a Bitcoin blockchain overlay protocol. You can explore the legacy Blockstack ledger here. You can verify the correctness of the balance migration with a verification script here. It seems the team behind Stacks has been very transparent about the coin distribution between the numerous investors and founders (you can find it here). This is the overall distribution of 1.3B tokens created and sold from 2018 to 2021 (1B STX). More coins are distributed with vesting in 2021 (346M STX):
It is outstanding in the concentration of coins in a few parties. Ethereum started with PoW to avoid entering the PoS era with such a concentrated distribution. Concentration of tokens is dangerous because if a few participants are hacked, attackers may get control of the blockchain consensus. Also, token concentration increases over time leading to rich-get-richer dynamics.
Apart from this chart, the specific addresses belonging to investors have not been disclosed. This is understandable for personal privacy, but companies, VCs and foundations should disclose them. I decided to review the code to look for this information. The balances transferred from 1.0 to 2.0 are stored in a file called chainstate.txt. I parsed the file and found several interesting things.
First, I learned that there were 330K accounts with non-zero balance, but 322K accounts hold exactly 100 STX. This is the coin distribution split by amount:
By googling I found that those 100 STX wallets correspond to airdrops made in 2020 in partnership with some multi-currency web wallets. However, since those web wallets have not implemented support for Stacks 2.0 yet, the user balances are locked. Only 2.4% (8K) of those accounts seems to have been active, so the number of active users of non-custodial wallets until January must have been about 8K (I’m not counting off-chain users, which are very hard to measure).
Second, I learned that the 16 highest-balance accounts held 503M STX tokens, more than 50% of the tokens that existed when Stacks 2.0 was launched. That seems to be consistent with the published chart although some of these addresses could be exchange wallets, or other aggregators of non-custodial users wallets. Here is a list of the top 5 addresses when Stacks 2.0 was launched, in Stacks 1.0 address format:
1. 138 M STX: 1AtPvrrMiuBdoA6R6atZpgfLsRM7V9ep1W
2. 45 M STX: 3PJ31s6hBNqWZxomHE1JZPUq78tNyQmepA
3. 43 M STX: 1NDhoMmGDiwqcFTohUMXkidymcxG12Q82x
4. 36 M STX: 17UxtH36S3AFM3odE8MQepqMFhNR1sKUWb
5. 30 M STX: 31tXY8LMEcc3YzWwpFQj7ZGYE2U2BM1kk4
The first one holds 138 million STX. Here are the corresponding Stacks 2.0 addresses for the first 5 (you can convert Stacks 1.0 addresses to 2.0 with this library):
- SP1P72Z3704VMT3DMHPP2CB8TGQWGDBHD3RPR9GZS
- SM3PFM748JYCK9H823C8BGRGFRHFPXHPP8F2FFRV8
- SP3MC3C65ZCS9X9W27EFWQW5ME3W7N7632VWE89G3
- SP13HN8N68CFASWYBX6C78XP5HF50EHJENRYQHJ7S
- SM12TJXJEQQER0EWX6783RWH1R8YZG3M9SBQVDFH
Some of them still receive tokens as part of a vesting schedule that began with Stacks 1.0, and continues with Stacks 2.0. None of these addresses seems to be participating in stacking now, but a lot of STX has been moved out of these accounts (1AtPvrrMiu has only 46M STX now), so more research would be needed to track if their owners are still stacking using other addresses.
What is more interesting, is that the Gini coefficient at Stacks 2.0 at launch was 0.96, which seems to me pretty high. In reality. the coefficient may be even higher as several addresses may belong to the same person or organization. Large exchange holdings also increase the index. There have been several attempts to measure the Gini coefficients of Bitcoin and Ethereum at different times, and Stacks coefficient at genesis seems to be considerably higher than any of them, indicating higher centralization, which isn’t good for bootstrapping a staking system. However, I cannot compare their Gini coefficients fairly due to differences in the methods used by each measurement (window method vs static balances, cut-off amounts, etc.).
To summarize, Stacks has a staking system for consensus, which, like many other PoS systems, tends to enrich richer parties if initial token concentration was high. The site stacking.club shows all the information regarding stackers and staking cycles in a nice UI (2).
It’s also interesting to note that this high concentration of STX at genesis continues today, repeating in every two-weeks reward cycle. For example, in stacking cycle #6 (the last one), only 12 stackers concentrated more than 51% of the total stacked coins (385M STX). Some of these stackers may be stacking pools, comprising hundreds of participants, as in Bitcoin mining pools.
RSK had no premine because a sidechain can’t have any, as there is no coin minting. The RSK ecosystem development fund, which receives a part of the RSK transaction fees, has contributed to RSK development and research several times the amount received, paid first by RSK Labs, and later IOV Labs.
Bitcoin Bridge
Stacks documentation states that “Clarity contracts have built-in SPV proofs for Bitcoin and can make interacting with Bitcoin state much easier for developers’’. But still there is no live bridge with Bitcoin. I was told that there is a wrapped BTC service (by TokenSoft) in the works, and planned work on two-way pegs, but there is no public roadmap.
RSK is a Bitcoin sidechain and as such can only exist with a two-way-peg to Bitcoin. Because RSK contains a header-only view of the Bitcoin blockchain, this view needs to be updated by users by calling the Bridge contract. As a fun fact, during the first week after the launch of RSK, calling the bridge to inform a peg-in was free (zero transaction fees forced by consensus) because there were no bitcoins in RSK to pay the fees!
The bridge started with a federated peg, then added standard HSM security and finally migrated into a Powpeg: a system where hardware security modules (HSM) with custom firmware and firmware attestation protect the multi-signature private keys and only operate based on commands received by the RSK blockchain. The commands are verified in the HSM using RSK blockchain cumulative proof-of-work provided by merge-mining. An overview of RSK Powpeg can be found here.
Smart-Contracts Language
RSK VM is highly compatible with the EVM (Ethereum virtual machine) and it is compatible with the Ethereum web3 standard. Most Ethereum applications can be ported to RSK with a few configuration changes. The RSK VM is not identical to the EVM, and the differences are documented here. Solidity is the main language used to program the EVM. It’s not perfect, and for several years I criticized the security problems caused by using an immature language. However, it became a de-facto standard. Nowadays each new release fixes a smaller number of bugs and language changes are minimal, achieving stability and backwards compatibility.
If you need higher security assurances from contracts, you can use your own DSL to compile to EVM bytecode. Although there are several tools to formally analyze Solidity contracts, the Vyper language, which also compiles to EVM, is better suited for formal verification.
Stacks uses an interpreter of the Clarity programming language. The same criticism I gave to Solidity when it was launched I would give to Clarity, or Simplicity or Vyper. Why invent still a new smart-contracts language having so many of them? However, let’s concentrate on Clarity pros and cons. Clarity is a new LISP-like language. Being a new language, the lack of tutorials and community libraries is one of its main drawbacks. I find interesting and unique the design decision to interpret Clarity in the node instead of interpreting a bytecode or running a JIT compiled code, which would have required writing a Clarity compiler from scratch. Interpreting Clarity takes away the generally huge problem of buggy compilers and supply chain attacks. However, LISP is a particularly easy language to compile, so I’m not so sure about this benefit.
The fact that the node interprets text files means that contract code will be much larger, and execution will be slower. Trying to improve execution performance by compiling the source code on the fly will bring all the complexity of the compiler into the full node, with the additional risk of compiler bombs. The additional cost in CPU and storage resources for interpreting Clarity may not be important now, but may be prohibitive in the future preventing Stacks scalability. All known techniques to scale the onchain layer of a blockchain without changing the security model are based on constant speedups due to more efficient resource utilization.
Clarity uses LISP notation, which if you haven’t used before, you can learn easily. The programming language lives up to its name. It has useful native types, such as structs, lists and byte buffers, but not floats. The LISP notation is also great for easily parsing the code and performing semantic analysis on it.
In fact, the first language that compiled to EVM, called LLL, was LISP-inspired. Since I implemented an LLL compiler in Java, I can attest that creating a compiler from Clarity to EVM bytecode is an easy task, and RSK could one day benefit from the Clarity toolchain. You can compile Clarity to the EVM but you cannot do the opposite because Clarity language is not Turing complete.
The main benefits of a non-Turing complete language are that maximum gas costs can be computed in advance, and formal analysis of programs with automated tools is easier. The downsides are that many complex DeFi applications may be much harder to code, and most programmers will be less comfortable with the restricted language.
While I prefer Solidity, in this post a Stacks developer compares Clarity favorably with Solidity.
Properties Summary
Here I present a summary of all the features and properties I reviewed in this article.
(*1) As Clarity is a team effort with Algorand, an standard may emerge between the two blockchains.
(*2) The Stacks Average Block Interval was approximated from the blocks shown in the Stacks block explorer.
Final Words
As I contribute daily to RSK and I’m a bitcoiner, I will never be 100% objective regarding Stacks nor RSK.
These is my personal critique to Stacks:
- It is misleading how Stacks associates itself with Bitcoin in marketing.
- Stacks consensus protocol is complex, unproven and not well documented.
- Stacks consensus may lead to stackers colluding with block producers, and become a de-facto PoS system without slashing.
- Stacks advertises itself as Smart Contracts on Bitcoin but the Stacks blockchain does not have any token representing bitcoin yet.
- Clarity language may prevent scaling and lead to increased transaction costs, as interpreted execution of a high-level language can be an order of magnitude slower than bytecode execution.
- Lack of programming tutorials, courses, documentation, samples and libraries.
- Average block interval is 10 minutes (the protocol allows microblocks every 30 seconds, but there is no documentation about this feature, not block explorer showing them)
These are Stacks pros:
- Clarity language interpretation increases security by eliminating compiler supply attacks, bombs and bugs.
- Consensus system incentivizes locking STX, lowering the amount of tokens offered in the market.
Regarding RSK, these are the known benefits:
- Aligned incentives with the Bitcoin ecosystem
- Compatibility with Ethereum applications
- Secured by the well-known technique of merge-mining
- >60% average Bitcoin hashrate secures RSK.
- The consensus security is given by the value transacted on RSK, and the shared incentives between Bitcoin and RSK.
- The Bitcoin miners receive the majority of the RSK transaction fees.
- Benefits from supporting the EVM, a standardized compiler toolchain, which is continuously improved.
- High number of online programming tutorials, documentation, sample applications and audited libraries
- Shared research and development efforts between several EVM-enabled blockchains in the crypto ecosystem.
- Average block interval is 30 seconds.
And these are known RSK downsides:
- RSK two-way-peg (Powpeg) requires that at least 51% of the pegnatories to be online to allow peg-outs.
- Solidity contracts may be error-prone if programmed by inexperienced developers.
- The Solidity compiler may contain bugs.
- Bitcoins in RSK (RBTC) do not have the same security model as bitcoins in the Bitcoin network (BTC).
Last, Stacks community chases the creation of a new decentralized Internet. The competition will be fierce because a decentralized Internet is a winners-take-all use case. The RIFOS on RSK has the same goal. DFinity was launched this week. Stacks future will depend highly on the appreciation or depreciation of the STX token. Stacks consensus security depends on the incentive for users to lock STX for two-week periods, which depends on their STX price projections.
RSK community is motivated to change the world for good using Bitcoin, with a special focus on DeFi and helping the unbanked and excluded population, and in that respect it is unique in the cryptocurrency ecosystem. RSK success depends only on Bitcoin and the evolution of the RSK technology.
— — — — — — — — — — — — — -
(1) For example, the security model for the pegged funds in RSK resembles a two-chamber government: it requires that there is no collusion between the 51% of the pegnatories and the 51% of the miners. A two-chamber solution to governance is only secure if at least the participants of one of the chambers are publicly identifiable. In the case of RSK, each pegnatory identity is published and validated by the rest. While miner pool identities stamped in blocks could be manipulated, this kind of obfuscation can only occur over short periods, because the Bitcoin community often checks the hashrate distribution over mining pools. The security of two-chamber governance relies on an honesty majority assumption, which is hard to maintain if the participants are pseudonymous and the only barrier to acquire a majority of the governance shares is to pseudonymously buy and lock tokens, as is the case of Stacks consensus.
(2) If you want to explore addresses from a Bitcoin blockchain explorer, Stacks’ Block producers create ordinary bitcoin transactions where the first output contains an OP_RETURN opcode followed by a push of data starting with “X2[” for Stacks 2.0. The following outputs pay to stackers. By contrast, a RSK block tag can only be included in a Bitcoin coinbase transaction, something only Bitcoin miners can do. Indeed, this inclusion by Bitcoin miners is what ties RSK’s security to Bitcoin’s
(3) However, nobody can’t write an article on PoX if the real consensus implemented differs from what is documented, and after publication I’m told this by DM. Consensus protocol documentation should be unambiguous. That a pre-requisite for scientific argumentation.
(4) However SIP 007 states that “In addition to an anchor block needing to reach a certain number of miner confirmations, it must also pass some threshold t of valid Stacker support message signals.”. And those signals are defined in “Submitting Reward Address and Chain Tip Signaling” as “Indicate support for a particular chain tip”.
