A Blockchain Dilemma: Chain Forks, Catastrophic Re-orgs, and Insurance
An analysis of a critical issue that blockchain networks must address, and a look at potential solutions
Forks often present pivotal moments in the history of a blockchain network. Ethereum’s hard fork after the notorious DAO hack in 2016 created Ethereum Classic, and Bitcoin’s numerous contentious forks have led to upwards of six different iterations of the Bitcoin network and subsequent currency. As permissionless blockchain networks become more ubiquitous and decentralized — with far flung actors and communities with differing intentions all over the world often sharing the same network — the underlying assumptions that maintain a chain’s integrity are likely to be tested.
This presents a number of questions about forking and decentralized network, perhaps most saliently: When is forking a chain the economically sensible thing to do? Let’s say a single project accounts for 80% of the volume on a particular chain in that project’s own token. At what point should the project fork the state and try to capture the premium of the native chain as well? If the project in question has its own wallet and user base that has little overlap with the native chain, are the native chain fees paying for something meaningful, or just lining the pockets of the native coin holders?
What a native chain “sells” is decentralization. Decentralization is a mix of a number of important factors: distribution of native coin ownership, geographic distribution, the security of the individual validators, the stickiness of stakes, how much participants are paying attention to governance, and a host of other more nebulous elements. However, although these decentralization factors are directly related to the likelihood of a catastrophic loss of consistency, ie a re-org.
In the centralized world, institutions like banks in the United States pay insurance to the Federal Exchange, as well as spend tons of money on regulatory compliance designed to ensure the consistency of their internal ledgers. Sufficient decentralization allows the chain to reduce costs associated with making sure that the accounting system is consistent and cannot be corrupted. But even for a public chain as decentralized as Bitcoin, this may not be always possible.
An example: When Binance was hacked for 40m usd earlier this year, the centralized exchange could have published the private keys of the stolen Bitcoin and let the global, decentralized community of miners decide if they wanted to do a 4 day re-org of Bitcoin.
Binance CEO CZ mused on this very subject on Twitter:
“cons: 1 we may damage credibility of BTC, 2 we may cause a split in both the Bitcoin network and community. Both of these damages seems to out-weight $40m revenge. 3 the hackers did demonstrate certain weak points in our design and user confusion, that was not obvious before”
Ultimately Binance decided not to go ahead with this tactic, because they felt it would split the community and undermine confidence in Bitcoin as a decentralized entity. However, this doesn’t mean that in the future we won’t see some hacked third parties attempt this approach. Custodians may even be legally obligated to do it by their insurance company.
A project whose success is contingent on Bitcoin re-orgs never occurring after 1 hour or 6 confirmations requires insurance against a re-org that is larger than 1 hour. This applies to Proof of Stake networks as well. There is no protocol that could prevent a 33%+ slashing event or a hard fork due to a malicious partition. Imagine that some well meaning custodian and staking pool offers negative fees at the right moment, goes viral, and captures more than 33% of the stakeholders. Getting 33% of the stake doesn’t require an economic attack to purchase 33% of the coin, it simply requires an understanding and leveraging of human greed.
Now, imagine that these malicious actors — now in control of the network — store the validator keys in plain text or fires the wrong engineer at the wrong time. If you think that this scenario is unlikely, just imagine a world where custodians store keys as securely as our financial institutions store our data or credit card numbers.
If we have a mature cryptocurrency ecosystem, projects will likely buy insurance against re-orgs. A project can then make a financial decision between upfront and continuous cost of the fork, along with price of re-org insurance (risk) on its own chain, vs native fees and current re-org insurance costs. To me, this looks like the classic split between vertically integrating your business so you own the entire stack versus specialization and focusing on your own horizontal.
In theory, a chain with 80% of usage from a single project and 20% from long tail projects should result in higher decentralization then the resultant forked chain. In a healthy business environment, projects should start coalescing around a few chains such that the overall cost of re-org insurance for everyone involved drops. Yes, re-org insurance would be lower given more decentralization, but this process should also hit diminishing returns, while chains will compete on other factors.
Chains with slashing could provide their own insurance market for re-orgs priced in the native coin itself. A project would likely choose this over any off-chain insurance as it does not require an oracle. A contract on the native chain could pay out the insurance bonds automatically if a proof of a re-org is presented to the contract. Slashing also guarantees that the network burns the number of tokens used to cause the re-org, which should cause the value of the remaining tokens to increase.
Using a native coin is attractive, because the remaining 66% of the stakes can be used as the insurance collateral and earn an additional return based on volume, while also guaranteeing that the price per token will increase to compensate for the re-org, while a non-native asset may drop in value.
As we’ve already witnessed through a number of contentious forks on notable networks, the risk of malicious actors attempting to take control of networks is already a very real threat. The issue of catastrophic re-orgs and insurance against them will only grow in importance as blockchain usage increases. Chain native insurance via slashing, as described above, presents an opportunity to create positive results for networks looking to protect against the phenomenon, and is an area that the blockchain industry must devote greater attention.