Nostr Web Client

It's easier to fight back against those miners in Bitcoin though. The anonymous nature on xmr means something like stratum v2 is not possible.

With Bitcoin the bad history is noticed way quicker and whatever addresses benefited from it can be traced with meticulous scrutiny all the way back. Even if they are behind tor or a vpn, their spend and miner reward is public and the bad history could be forked from by users.

With Monero, a low amount double spend attack could go on for months, with everyone accepting the history and without an easy or possible way to go back and check/fork from. Is the rate source and timings of reorgs being tracked by the average operator ? or anyone ?

Saberhagen The Nameless 1y ago

I would accept the fork-to-fix argument from Bitcoiners if the exact same thing wasn't incessantly used to criticize other crypto all the time as a flaw (not saying you say this). It would also only be a very temporary solution of course and does nothing to remedy the aftermath (All users that gave away goods/services are screwed).

Maybe I'm ignorant, but what is so great about StratumV2? It's a small improvement over current mining pools on Bitcoin, but payouts remain custodial, and I thought P2Pool is superior anyway?

Ok I see what you mean for that specific type of attack. Would depend on the exact way the bug worked if the double spend was discoverable or not. The flood attack in March, or whatever it was, was noticed almost immediately. But if it wasn't discoverable then yea I admit we would only be able to suspect something was going on via market price consistently sliding downward in a relatively short period of time?

Reply to this note

Please Login to reply.

Discussion

Cyber Seagull 1y ago

The earliest way we would know is by repeated reports on forums of issues. Then we run into more problems:

How long has this been going on ? How can we even check ?

Are these reports trustworthy or an attack ?

For instance, certain users are less likely to report anything in the first place; persecuted substance users and sellers, small holders.

The reporting venues themselves are numerous and i've noticed we rely on certain people to crosspost news (such as about haveno) from simplex, matrix, reddit, nostr, monero, twitter.

Several fresh accounts with few followers could post a complaint on each of those platforms every day for months and no one would notice. The sub-Reddit is censoring unfavorable posts about Monero, and so its "news" is skewed. Monero town and Matrix a are a pain to sign up for.

So a sub-group of a sub-group will even know.

What if everyone was looking at the Black marble flood attack but ignoring the frequency of reorgs during that attack?

Something like moneroinflation .com having a reorg tracker, with report inputs from accross the network to account for local signal decay bias might be useful, but still, even with active pattern seeking, it's the type of attack that majority hash can carry out in very very small doses, say, only on purchases of a few cents, that in the aggregate amount to thousands.

Then at some juncture of weakness for the network, like a network upgrade or contentious fork: Bam: and in the chaos no one knows whats going on long enough to lose maket cap and users that will never return.

Again, i'm looking for a technical reason majority hash could not be held by a single entity right now accross the several trusted pools, and what they could do if they did , and how we would even know.

I'm looking through historical posts with similar questions but not finding good ansers, maybe i will eventually.

Any standard reply, such as : it is unlikely, why would they, or we would find a way to fight it, while possibly true, is cope as far as i'm concerned.

Btw P2pool solves the custodial payout issue of trad-pools, but as far as i can tell, it does not prevent the coordination of individual nodes behind p2pool.

Saberhagen The Nameless 1y ago

I think I agree with you for these specific attacks. They would be difficult to discover on Monero unless in some indirect fashion or someone else found the exploit.

Maybe you should bring up the reorg tracker somewhere to discuss and someone can try and implement it if you cant sounds look a good idea. Maybe on:

https://bounties.monero.social/