Thought experiment re: responsibility of validators


#1

I wanted to present a thought experiment to incite some discussion about the responsibilities and commitments of validators. The scenario is quite far off and totally theoretical in nature, but should be interesting for discussion.

Hypothetical

The POA network is used like ethereum for smart contracting and transactions. Major, million dollar transactions begin occurring on the network. One transaction worth $30 million is lost by mistake of the executing party. That party is an extremely large corporation and well resourced. The corporation begins lobbying validators, offering them $1 million each to propose and pass a governance vote that would reverse the transaction through a fork.

The interesting thing is that this scenario has happened on ethereum, and the governance implications of whether to refund the party who lost the millions of worth of ETH through no intentional fault has divided the community.

Question

What should the validators do in this instance?


Thought experiment re: responsibility of validators
#2

Hello Angus, thanks for posting such an interesting question. My response would be to act in the best interest of the Network.


#3

But what is the best interest of the network in this instance? In some ways it could be refunding the unintentionally harmed party right? Is ledger immutability more important than an easy save for one person that would mean a lot to them? How does the addition of attempts by the harmed party to economically transact a non-zero sum self-saving measure (by providing remuneration to validators) change the analysis?


#4

I believe the ledger immutability is more important. POA Network is a blockchain protocol layer not a centralized bank. I wonder what would be more important for you as validator on POA Network?


#5

Angus, I suggest you replace the word “Facts” you have listed in bold heading with the word “posit” or similar; these are obviously not facts; they are a set of artificial assumptions created to pose a question for the sake of discussion. Please change; people reading a quick snippet or web scraped segment of your question may take this for factual information vs.a posed question.

As laid out, you are describing a party attempting to commit bribery to influence a position; paying for an outcome. Perhaps if you wish to present a thought experiment, you could design one with actual ambiguity where a reasonable person must use independent judgment instead of presenting a question like this.


#6

@henryvishnevsky ledger immutability is definitely probably the most important thing to maintain, all else being equal. I actually agree with you and would probably lean in that direction regardless of the situation. (But see further hypo below.)

@1proof thanks for the note, good to be careful with choice of words. I think your instinct is actually right. Given the bribe (though no law makes attempting to lobby validators illegal, it looks and smells like a bribe), i think a validator’s response should at least from an ethical standpoint to refuse the payment (if anything because validators are already rewarded), and STILL vote whichever way they thought was right, including for a reversal of the transaction if they think a mistake doesn’t deserve to be punished this harshly.

But here’s the next bit to the hypothetical, which I was holding back until I got an answer like yours. Again it’s something that’s never happened.

POA is the only network where validator nodes officially declare their identities (unlike ETH and BTC where miners can choose to be anonymous), and even the whitepaper open states that POA validators must have U.S. notary licenses and be subject to U.S. legal jurisdiction.

So, what if the company, knowing that validators are all subject to U.S. court jurisdiction. Instead of attempting to bribe the network. Goes to court to seek a court order commanding all validators to ballot and vote for a reversal of the transaction? I have a lot of thoughts on how the validators as a group or even individually should proceed, but am curious to hear what everyone’s thoughts are in the hypothetical scenario.


#7

Among the strengths of the POA Network is Validator independence and geographic diversity. POA Network and any POA Clone blockchain draws strength from geographic diversity and the fact that each U.S. State has unique rules to obtain and maintain Notary Pubic Status within their jurisdiction. As such independent Validators are not monolithic and, were such a frivolous suit brought in a Civil Court, the plaintiff would need address local jurisdiction for each Validator. The added value of this is that an Independent Validator acting in poor faith places only themselves at jeopardy and not POA Network or the other Independent Validators.

This framework can be modeled by POA Clone networks per industrial sector, smaller region and even in non United States areas by adapting the POA Network framework with a similar way of identify Validators of good character. The job of a Validator is to maintain their Validator nodes and participate in on-chain governance in good faith. Geographic diversity is one of the tools that keeps an outside malicious effort from impacting the entire network, and brings diversity of experience to the POA Network and any POA Clone.

Finally, when spinning up a POA Clone blockchain, the Master of Ceremony for that chain is tasked with seeking out qualified candidates that provide as much regional and socialization independence as possible. Several of the POA Network early Validators are from California and Washington States, mostly because they are technology centers and the qualified Validators were willing and able to participate, long in advance of any promise of reward. We have a wonderful group of Independent Validators whose diverse opinions help us all recognized that this is a very large world, the skin of which we all tread for just a short while. POA Network has a current Validator from New York and and excellent candidate (Oxana Kunets) on track to be voted in shortly. This is up to each Independent Validator who takes that responsibility quite seriously. I urge you to study the resources provided by POA Network and spin up an independent POA Clone blockchain in all its complexity, Angus. While doing so, you have the ability to change and codify any rules or guidelines you find appropriate so you can best support the community you choose to serve. Good luck!


#8

Angus that is an interesting question. I believe validators need to act in the best interest of the network. Not only are validators stewards of the network, but are also representative of the integrity and reputation of the network. Immutability of the ledger is vital to the integrity and reputation of any public network irregardless of mistakes made by 3rd parties.

It would lead to a slippery slope if stewards of a network allowed for hard forks every time a mistake occurred. Where would you draw the line between a transaction that wasn’t worthy of a hard fork based on monetary value and one that was?

If I recall, a similar circumstance happened last November on ETH when a flaw in multi sig wallet contracts effectively locked $150 million worth of ETH. There was not a hard fork after this incident. You can read about it here: https://mashable.com/2017/11/08/ethereum-parity-bug


#9

How can they prove that something went wrong with the transaction?
can they prove they sent to the wrong address?
Can they prove they don’t have access of the private key?

“Tx is lost” - how can you prove that tx is really lost or someone is just trying to do double spend

Is it a user mistake or protocol level bug?


#10

My thoughts,

The Distributed Liability of Distributed Ledgers: Legal Risks of Blockchain

  • There is a difference between proof and liability, a highly motivated claimant could make things very painful … probably don’t even need a preponderance of evidence
  • There is money involved
  • Things WILL go wrong
  • There are individuals who staked their Identity to secure the network.
  • There is a real non-zero risk of litigation individually and collectively.

“It’s all fun and games until someone looses and eye”

or in our case:

“It’s all fun and games and bravado, until we all get sued”


#11

The market approach is that transactions and validators are bonded. Those bond holders are the insurance providers to the validators and system.

If the transaction is a bad transaction, and it cannot be recovered through other means (ie. courts, regulatory complaint process, transaction insurance, etc), then the bond holder has to make good on whatever the smart contract or blockchain policy is (There is a defined liability policy right?).

As the bond holder is the person ultimately on the hook, he/she is inclined to put pressure (probably higher premiums, and a properly designed and audited certification process) to ensure the validators were doing due diligence on protecting the system, and properly validating data entered.

Validators are economically incentivized to operate in a secure manner, as doing so help keep their / bond premiums down.

If validators, miners, and everybody is doing their jobs right, and the problem / error comes from one of the transacting parties, then liability falls onto the transacting parties, and they can sort it out amongst themselves. Their problem should not be a cause to fork the chain.

All this is to say, that if the system and operators were bonded, everyone would be incentivized to do their jobs right and maximize data integrity. Situations (which are bound to arise) that call for a fork could be remedied by making claims for damages, paid by those in the business of pricing risk and insurance.

In this way, the need to fork is drastically reduced (or eliminated), as damages can be remediated by a system designed (bonds and insurance) for such conflicts.

Part of good governance are transparent, auditable policies. Bonding the system (and participants) is a good way to incentivize security and integrity, in that it not only encourages Best Practices, but it also builds up appropriate reserves to remediate the inevitable problems when they do occur.

This can protect the chain from forks.