status

Understanding Single Point Of Failure

Published 30.1.2024

Decentralization is about eliminating weak points that could threaten the expected properties of the network. A single point of failure can even stop the entire system from working. No entity, whether in the form of a group of nodes or people, should have a significantly stronger position than other entities. These entities can abuse their position or become easy targets for attackers. In this article, we will look at the potential weaknesses of blockchain projects.

What Can Be A Single Point Of Failure?

A single point of failure (SPOF) can be a node or a group of nodes in the network that have a significantly stronger position than other nodes. Nodes are always run by humans, so they can be SPOFs too.

In the image below you can see 4 nodes of block producers (pools) operated by Alice, Bob, Carol, and Dave. They all produce 25% of the blocks in the network. They have equal status.

It is possible to attack either nodes or people.

For example, a DDoS attack is directed at nodes (trying to take the node out of service) while regulators limit the decision-making of node operators.

The team is also an important part of any blockchain project and can represent the SPOF to some extent.

The team is responsible for client (software) delivery. The Bitcoin Core team publishes new versions of the Bitcoin client. The IOG team publishes new versions of the Cardano client.

If a single client dominates the network, a vulnerability in the client's source code can cause the entire network to collapse. The client is also the SPOF together with the team responsible for it.

In this article, we will discuss the following SPOFs:

  • Nodes
  • People (node operators, team)
  • Client (software)

An attack can target network consensus. This could be an attempt to censor transactions, produce empty blocks, or attempt a double-spend attack (spending the same coins multiple times). This is an attack on the nodes, but it also affects the people who operate the nodes. Users can also be affected by the attack.

Some attacks can target both nodes and operators at the same time. Operators can respond to the attack in some way.

Users expect from a decentralized network that these attacks will not occur. The security of the system is, among other things, dependent on decentralization.

External and Internal Attacks

The most famous attack on the network is the so-called 51% attack. It is an external attack carried out by network adversaries. Satoshi Nakamoto believed that states would attack Bitcoin to stop it.

The 51% attack targets network consensus. Resistance to this attack is based on the assumption that it is so costly that no one will attempt it.

An attacker must control enough of the expensive resources used in a given network to decentralize. In the case of Bitcoin, it is the hash rate, in the case of Cardano, it is the ADA coins. This attack is very difficult to commit in practice.

Governments have other softer methods to attack networks such as regulation, confiscation of assets, imprisonment, etc. For example, if a large tax is imposed on mining or staking, it can drive that business out of the country. It may not threaten the existence of the networks, but it will weaken centralization.

Internal attacks can be committed by people who are close to the network and are responsible for its operation. They can be important pool operators, a team, but also ASIC hardware manufacturers, energy suppliers, etc.

For example, it is always the pool operator's decision to censor transactions. They may do so because of regulatory requirements. A MEW attack, i.e. an attack where operators manipulate transactions in such a way that it is advantageous for them, is motivated economically.

No one would expect an attack from the team responsible for publishing the client. The team may be dependent on funding from VC funds or other sources. Team members may be loyal to those who pay them, not to the community.

It can be relatively difficult to find out what motivates teams' decisions to implement some functionality, or vice versa not to implement it. This is a hard-to-detect insider attack.

Some circumstances may not be a deliberate attack on the network but can influence the occurrence of SPOF. For example, when it was most profitable to mine bitcoins in China, that country had dominance. When China decided to kick the miners out of the country, the network was temporarily weakened.

We can describe it as an unintentional external circumstance with a direct impact on the network.

Production Of Blocks

The biggest SPOF can often be found in block production. There may be thousands of nodes in a network, but there may be a few that have a dominant position.

In the image below you can see 4 pool operators, each with a 25% share of block production. Also 4 common nodes of other users. Ignore the topology.

Let's imagine that an attacker is looking for a target for a DDoS attack.

Block production is not affected by an attack on user nodes. The attacker must target the block producer nodes, i.e. the nodes operated by Alice, Bob, Carol, and Dave. All pools have roughly the same share of block production, so it doesn't matter which node the attacker chooses. He can choose multiple nodes to attack, maybe all 4.

From SPOF's point of view, this network is ideal because it is difficult to find a target for a DDoS attack.

This insight can serve us to roughly assess the quality of decentralization. If you find a point in the network that can be attacked and a potential attack would cause problems, the network is centralized. Finding the right target to attack should be difficult, or it should be a large number of entities.

There should be as many block producers as possible and ideally, they should have approximately equal representation in the network. There are a large number of pools in the Cardano network. Although some MPOs have a stronger position than SPOs, the number of MPOs and their share of block production is relatively balanced.

Decentralization involves the decision-making of delegates, as their choice affects the balance in the system.

Arguably the largest SPOF in the crypto industry can be found in the Bitcoin network, in which the 2 dominant pools Foundry USA and AntPool mine more than 50% of the blocks. These nodes (which certainly have a failover strategy) are Bitcoin's weakest point.

In the image below you can see the 9 pools with their current (gross) mining share. If an attacker managed to bring down all nodes simultaneously with a DDoS attack, the mining of new blocks would essentially stop temporarily.

Pool operators have a significant influence on the Bitcoin network when voting on a protocol change or adopting a new version of the client (installation on their nodes).

The position of most pool operators, whether in the Cardano or Bitcoin network, is dependent on delegated power.

An operator who does not behave according to the wishes of the delegators can quickly lose his position. However, this is only an assumption.

If a large mining company is registered in the USA, it can agree to the behavior of the pool operator which will be following the requirements of the regulator.

MEW attacks are infamous mainly due to Ethereum where they commonly used to occur. This required the cooperation of the pool operator and the miners.

Large delegators, i.e. those who hold a large share of the resource, are also SPOFs. They can have the same power as say 10,000 small delegators. We may think that it is not fair, but it cannot be prevented. Money can buy power. Moreover, if it is possible to profit financially from a strong position, which is the case with both staking and mining, there will be whales in the system.

Teams are SPOF

Teams are a weak point of decentralization.

We talked about VC funds being able to buy team loyalty.

If the project has enough funding for many years ahead, it can be independent of VC funds. This is the case of the IOG team, which raised funds for development through the initial sale of ADA coins. VC funds were deliberately left out of the initial sale.

Therefore, the IOG team is independent of third parties and manages the development of the protocol on its terms.

If the coins were sold to VC funds, the team may be influenced by their requirements. This may or may not be positive. It can be negative in that VC funds can dump coins as soon as the first successes appear.

The IOG team thought about the future, so the project treasury is also part of the protocol. The planned launch of on-chain governance will allow ADA holders to decide what changes will be worked on, who will implement the changes, how much it will cost, and what will have priority.

If only one client is available, the team that built it (and continues to maintain it) is the point of centralization. Let's focus on the client.

If there is a critical bug in the source code that causes the client to crash, it may cause block production to stop. It is advantageous if there are multiple client implementations from independent teams. This increases the resilience of the network against the fatal failure of a single client implementation, but at the same time increases decentralization as there are multiple teams.

All current networks in the top 20 are dependent on a dominant client. So far, we have little experience with the existence of multiple teams that would have to coordinate with each other regarding adding new features to the protocol.

The situation when the team is not able to innovate is not ideal. If the team controls the development according to their discretion, this is only acceptable up to a certain stage. Over time, greater decentralization should occur through on-chain governance or client diversity.

Conclusion

There are many kinds of external and internal attack vectors. The target of the attack is almost always an important center of power. It is probably impossible to achieve a state where all entities in the network will be equal. There will always be weaknesses that can become SPOF at some stage.

Currently, the largest SPOFs are dominant block producers, whales controlling large amounts of resources (big miners and stakers), teams, and dependence on a dominant client.

Decentralization is a moving target. Someone must have been constantly working on improving the quality of decentralization in a given network. This can be tricky. The entity that tries to do this must not become a center of power.

Establishing on-chain governance may be necessary as all coin owners will be responsible for decentralization.

Featured:

Related articles

Did you enjoy this article? Other great articles by the same author