Michael Neuder

Pranav Garimidi, Michael Neuder, Tim Roughgarden

Blockchain protocols often seek to procure computationally challenging work from a decentralized set of participants. While there are simple procurement auctions that result in the minimal cost of acquisition and maximal efficiency, they also lead to concentration in the provider set due to the winner-take-all market structure. We design and analyze single-good procurement auctions that balance social-cost minimization (at the extreme, a winner-take-all auction) with decentralization (at the extreme, a uniform allocation). We first give a dominant-strategy incentive-compatible (DSIC) mechanism explicitly designed to implement non-winner-take-all allocations. Our allocation rule uniquely solves an optimization with respect to a modified social-cost metric that penalizes large, single-player concentrations and is parameterized with a curvature value, $α$, with $α\rightarrow 0$ implementing the uniform allocation and $α\rightarrow \infty$ implementing the winner-take-all allocation. We further quantify the loss in social cost of this mechanism as a function of $α$. We then propose two alternative mechanisms, each addressing a limitation of the DSIC mechanism, namely a lack of Sybil-resistance and a complex payment rule. First, we examine a variation of Tullock contests to achieve a non-winner-take-all Sybil-proof procurement mechanism. Second, we consider a mechanism with the same allocation rule as the DSIC mechanism but with an alternative payment rule in which producers are simply paid proportionally to their bids. This provides a much simpler payment rule which, while not DSIC, still results in the mechanism being ex-post ``safe'' (where there exists a bidding strategy that is guaranteed to result in non-negative utility) for participating bidders. For both non-DSIC mechanisms, we characterize the equilibrium allocations and prove price of anarchy bounds.

Maryam Bahrani, Michael Neuder, S. Matthew Weinberg

An emerging blockchain protocol design pattern leverages the asymmetry between the computational effort in performing versus verifying tasks. For example, cryptographic validity proofs (e.g., SNARKS) require the prover to expend significant effort demonstrating the correctness of their claim, while the verifiers benefit from extremely easy validation. The operationalization of this paradigm requires efficiently soliciting the performance of expensive tasks in pseudonymous, adversarial environments. We formalize this as a mechanism design question. The protocol balances the economic cost of a liveness fault, where the work is not completed, with the payments required to incentivize specific behavior from candidate suppliers. We show that the loss of the optimal protocol scales logarithmically in the cost of a liveness fault, scaled up by the adversarial fraction of the network. Further, we find that the optimal equilibria have an intuitive structure, allowing us to provide concrete advice to practitioners. Specifically, in many regimes, the optimum designates a single, random node as the primary worker and a committee as a fallback, which is reminiscent of leader-based consensus mechanisms. We also characterize the asymptotic regimes where having negative payments (i.e., slashing in blockchain parlance) is especially helpful.

Zhou Fan, Francisco Marmolejo-Cossío, Daniel J. Moroz et al.

Uniswap v3 is the largest decentralized exchange for digital currencies. A novelty of its design is that it allows a liquidity provider (LP) to allocate liquidity to one or more closed intervals of the price of an asset instead of the full range of possible prices. An LP earns fee rewards proportional to the amount of its liquidity allocation when prices move in this interval. This induces the problem of {\em strategic liquidity provision}: smaller intervals result in higher concentration of liquidity and correspondingly larger fees when the price remains in the interval, but with higher risk as prices may exit the interval leaving the LP with no fee rewards. Although reallocating liquidity to new intervals can mitigate this loss, it comes at a cost, as LPs must expend gas fees to do so. We formalize the dynamic liquidity provision problem and focus on a general class of strategies for which we provide a neural network-based optimization framework for maximizing LP earnings. We model a single LP that faces an exogenous sequence of price changes that arise from arbitrage and non-arbitrage trades in the decentralized exchange. We present experimental results informed by historical price data that demonstrate large improvements in LP earnings over existing allocation strategy baselines. Moreover we provide insight into qualitative differences in optimal LP behaviour in different economic environments.

Michael Neuder, Daniel J. Moroz, Rithvik Rao et al.

We outline two dishonest strategies that can be cheaply executed on the Ethereum 2.0 beacon chain, even by validators holding less than one-third of the total stake: malicious chain reorganizations ("reorgs") and finality delays. In a malicious reorg, an attacker withholds their blocks and attestations before releasing them at an opportune time in order to force a chain reorganization, which they can take advantage of by double-spending or front-running transactions. To execute a finality delay an attacker uses delayed block releases and withholding of attestations to increase the mean and variance of the time it takes blocks to become finalized. This impacts the efficiency and predictability of the system. We provide a probabilistic and cost analysis for each of these attacks, considering a validator with 30% of the total stake.

Michael Neuder, Daniel J. Moroz, Rithvik Rao et al.

Blockchains are intended to be immutable, so an attacker who is able to delete transactions through a chain reorganization (a malicious reorg) can perform a profitable double-spend attack. We study the rate at which an attacker can execute reorgs in the Tezos Proof-of-Stake protocol. As an example, an attacker with 40% of the staking power is able to execute a 20-block malicious reorg at an average rate of once per day, and the attack probability increases super-linearly as the staking power grows beyond 40%. Moreover, an attacker of the Tezos protocol knows in advance when an attack opportunity will arise, and can use this knowledge to arrange transactions to double-spend. We show that in particular cases, the Tezos protocol can be adjusted to protect against deep reorgs. For instance, we demonstrate protocol parameters that reduce the rate of length-20 reorg opportunities for a 40% attacker by two orders of magnitude. We also observe a trade-off between optimizing for robustness to deep reorgs (costly deviations that may be net profitable because they enable double-spends) and robustness to selfish mining (mining deviations that result in typically short reorgs that are profitable even without double-spends). That is, the parameters that optimally protect against one make the other attack easy. Finally, we develop a method that monitors the Tezos blockchain health with respect to malicious reorgs using only publicly available information.

Michael Neuder, Daniel J. Moroz, Rithvik Rao et al.

Proof-of-Stake consensus protocols give rise to complex modeling challenges. We analyze the recently-updated Tezos Proof-of-Stake protocol and demonstrate that, under certain conditions, rational participants are incentivized to behave dishonestly. In doing so, we provide a theoretical analysis of the feasibility and profitability of a block stealing attack that we call selfish endorsing, a concrete instance of an attack previously only theoretically considered. We propose and analyze a simple change to the Tezos protocol which significantly reduces the (already small) profitability of this dishonest behavior, and introduce a new delay and reward scheme that is provably secure against length-1 and length-2 selfish endorsing attacks. Our framework provides a template for analyzing other Proof-of-Stake implementations for selfish behavior.