My understanding is it works like this in Ethereum:
The miners can run any arbitrary code ("a contract") that you write, and this code is verifiable and trusted by everyone once it's been uploaded to the blockchain. The contracts can read/write arbitrary things in the blockchain and send coins to anyone you want, determined by the code you write.
There's a "gas price" that you have to pay for each operation you tell the miners to execute. However, the operation "EXTCODESIZE" evidently has too low of a cost, allowing someone to pay to have it executed enough times to noticeably slow the miners down for shits and giggles.
Sounds right. In Bitcoin, there are also some opcodes that are more expensive than others (hashing) which have been limited to a certain count per block.
Is there another angle? E.g. can the attacker have precomputed the results of those operations and now he can mine faster than anybody else or something like that?
Yes you can game the network by writing your own Ethereum Mining Client. Introducing a ton of code. Selectively ignoring code. BUT this isn't smart. You are devaluing the currency you are deriving profit hurting your profit margin.
Furthermore you need to maintain plausible deniability. THIS IS HARD. If Ethereum catches you, they'll just hard fork. So your average blocked claims can't change by a large amount. So in reality you already need to 1st/2nd sigma miner, then increase your profits by maybe 20-30%. This is a lot of risk, and a ton of work.
Most likely it is just somebody doing it for the lulz
I'm disappointed that the devs established the precedent that if things go south they'll hard-fork. It reduces the incentive to avoid risky behavior. Having a centralized roll-back/bailout authority is what led to too-big-to-fail banks.
This isn't quite sufficient, because the prices are set by miners but the transactions have to be processed by every single full node in existence. That's why Bitcoin has a hard upper limit on the complexity of processing any given block.
Etherium is a first cut at a hard problem. The "smart contracts" problem is interesting, but after the DAO debacle, it's clear that smart contracts shouldn't be executable programs. It's too hard to predict their behavior, and that's very bad when they're connected directly to money. Some human-readable declarative notation is needed. I've suggested decision tables. Dealers need enough expressive power to handle all the usual financial instruments, but don't need or want Turing completeness.
Another advantage of a declarative notation is that compute time tends to be bounded by a fairly low bound. That would put a lid on problems like this new one, where the little programs are chewing up too much time.
We may see some smart contracts system with a better notation in the derivatives business. It doesn't need to be a currency, just a blockchain with enough identified independent players to prevent tampering. The need for "mining" comes from the desire for anonymity; it's not inherent in smart contracts.
> miners and nodes need to spend a very long time processing some blocks. This is due to the EXTCODESIZE opcode, which has a fairly low gasprice but which requires nodes to read state information from disk;
AIUI, the data in the blockchain isn't just "data". It's actually small bits of code that execute inside a VM, which each node needs to execute in order to "understand" the blockchain. "EXTCODESIZE" would be one of the instructions in this particular VM.
I think that most blockchains either have a complexity limit per record/transaction, or have a complexity "cost", so that complex code is more costly to insert into the blockchain.
However, in this case, it sounds like someone has figured out how to insert some code that is actually more complex than the complexity-measuring code thinks it is, and is therefore causing all miners (all users?) to perform higher-than-expected amounts of computation to parse the blockchain, to the point where they can't keep up with the network.
Sure but I think the person you replied to thinks the person the person you replied to replied to thinks it's a network attack because s/he said "shouldn't decentralized networks be resilient against this".
The network protocol agrees that operation F is priced at X, with an understanding that operation F costs Y. The decentralized nature is exactly what makes it hard to suddenly and unilaterally make a policy change of "F is now forbidden, or F now costs 100x more". This is a good thing. It means that people can't make sudden unilateral changes :)
This looks more like a bug, where the attacker exploited a function which is particularly slow and forced the nodes to run this function many times.
If the nodes had different implementations, chances would be that only some nodes would be slown down, but the reality -i assume- is that there's only 1 implementation.
Think to mail servers, if they were all running the same os/sw then attacks to the whole system could be easier.
This was part of the development philosophy, to implement the client (based on the yellow paper http://gavwood.com/paper.pdf that specifies the protocol) in multiple languages in order to find bugs: if 2 clients don't agree on something, then we found a bug.
Decentralized networks benefit from no single entity being a bottle neck on connections. All a conventional DDOS does is slow down that single entity- here someone is employing the network to slow down most entities which uphold the network, achieving a very similar result.
This organization represents major financial firms, including Visa Europe, and law enforcement agencies, including the City of London Police and Europol, and had a 2 page article appearing in the 2013 G8 trade magazine calling for a global ban on Bitcoin, for the most powerful people in the developed world to read.
The people who run this organization appear to be ruthless and amoral, going as far as publicly justifying cyber attacks against companies in the Bitcoin space:
Then there is the Hacking Team, a blackhat cyber security firm that works for government agencies around the world, and whose CEO said in an email "The DARKNET is your enemy. TOR is your enemy. ENCRYPTION is your enemy":
>People who run this organization appear to be ruthless and amoral
...
>Going as far as talking about a DDOS attack on Twitter
Also, that G8 article you linked has a full page MTGOX ad on page 8. Kinda ironic huh?
Okay, enough with the low hanging fruits, now some serious stuff.
I don't see how Bitcoin enthusiasts can trivially brush off the criminal activities connected to Bitcoin. The public at large doesn't care about your shiny little toy - but they do if it's used by criminals. The article specifically mentions child pornography. Now how can CP be distributed? Tor and hidden services. But how is someone going to pay / profit from it? There was no easy solution - then comes Bitcoin, and suddenly people can be absolutely untraceable on the internet. You cannot simply ignore this. You have to acknowledge it, and then a) provide some form of solution (kinda contradicts its principles) or b) argue that it isn't as important compared to potential benefits of Bitcoin.
>You have to acknowledge it, and then a) provide some form of solution (kinda contradicts its principles) or b) argue that it isn't as important compared to potential benefits of Bitcoin.
There is no solution to the specific problem of electronic cash making it easier to transfer money in exchange for an immoral product like child pornography, just like there's no solution to the specific problem of strong cryptography and the internet making it easier to disseminate child pornography.
I would argue, with plenty of rationale and evidence, that the economic freedom provided by these technologies, has the potential to massively improve the quality of life of the world's population, despite these unavoidable side effects.
If there were fewer poor and desperate families, there would be fewer parents who sell their children into the sex trade. Economic freedom facilitated by technologies that also make it harder for states to prevent trade in immoral goods reduces the number of desperate parents and we can reasonably assume reduces the problem of child exploitation as a result.
Hard to say exactly, but perhaps someone with large holdings in an already established crypto-currency might have motive to want Ethereum crushed, or at least be perceived with less legitimacy than whatever other coin they hold (likely BTC)
Off the top of my head the people with the largest long-term vested interest in bitcoin would be
1. Satoshi Nakamoto (whoever s/he really is)
2. Winkelvoss twins
3. Whoever stole coins from the various exchange hacks
The crypto-community is a pie whose size isn't changing much. Coin prices fluctuate as investors move money from one coin to another, which causes price fluctuations. Attacks like this one which make ethereum look bad are beneficial to those other coins, who will expect prices to rise as a result of people selling their ETH out of fear.
And in the end, after the whale makes his profit in btc, he will probably reinvest in eth because it is low, gaining a larger stake in an already fragile economy, and will be able to exert more influence next time he tries to move the market.
I wonder if this is related to what is going on with the folks at http://www.foundups.com claiming they invented ETC and are hosting their own conference around their own protocol.
The developers were thinking of doing this at the beginning but decided against it.
Currently, when you send a transaction, the transaction includes a gas price that you are willing to pay for a unit of gas. The miners then decide if they want to mine your transaction, or not. Each opcode in the Ethereum Virtual Machine requires a different amount of gas, which is hard coded (look at this spreadsheet: https://docs.google.com/spreadsheets/d/1m89CVujrQe5LAFJ8-YAU... the opcode that is causing trouble today is EXTCODESIZE which has a gas cost of 20, which is apparently too low).
Initially, there were ideas where you could specify in the transaction the gas price you are willing to pay for each opcode. But this would make transactions very large (in terms of bytes).
Yes, but if some other miner decides to actually build on top of the other block, the miner that chooses not to will get orphaned and lose their block reward.
In addition, the cost of the expensive blocks is a burden on the entire network, not just the miners.
Bitcoin has a soft fork process (BIP9) where a rule can be enforced among all nodes at the same time. Of course, it is necessarily slow to activate and currently requires 95% of miners to signal support to minimize the number of blocks produced using the old rules.
The miners can run any arbitrary code ("a contract") that you write, and this code is verifiable and trusted by everyone once it's been uploaded to the blockchain. The contracts can read/write arbitrary things in the blockchain and send coins to anyone you want, determined by the code you write.
There's a "gas price" that you have to pay for each operation you tell the miners to execute. However, the operation "EXTCODESIZE" evidently has too low of a cost, allowing someone to pay to have it executed enough times to noticeably slow the miners down for shits and giggles.
Someone correct me if I'm wrong?