Farcaster

Farcaster Devs

The snap chain design is cool, but its weak point is validator election.

My concern is that once we move to system where 10 or 20 people or entities have the power to censor the network, it will eventually happen. Once we get there it will only be a matter of time, for someone to suggest that validators must censor topic A or fid B, and use social, legal or regulatory pressure to do so. 

I even guess that from day 1, there will be some geographies that implicitly or explicitly won't be able to host validators. China? Russia? Does the EU live up to the standards of the 10 voters?

Do we really think that the 6 validators (even if they are not located in the US) will not comply with a decision of a US court or regulator that asks them to censor any FID associated somehow with an OFAC-sanctioned wallet? And do we want them to have to fight this fight?

I have huge respect for the people that worked on the design, this is not an attack, but we have to have this discussion. I want to be convinced that I'm wrong.

@vrypan raises an important point about the tradeoffs of snapchains design. If we only have 10 nodes that can validate messages isn’t that bad for decentralization? 

Let’s start with the problem that Snapchain is solving. Our deltagraph network lets any hub add a new message at any time. As the network grows, failures between nodes increase and delays become inevitable. 

You have to be able to “check” your sync state with a large percentage of the network in a short amount of time and this breaks down quickly. When it does, users will complain about messages moving very slowly between apps, which will make them less likely to use Farcaster, and less likely for apps to be built.

Dad, geek, conversation liquidity provider. vrypan.net (home), /weatherxm (work), @l--o--l (fun). Also https://paragraph.xyz/@purplesubmarine

Technowatermelon. Elder Millenial. Building Farcaster. 

nf.td/varun

Have you considered doing something like an L3 and leveraging existing consensus rather than building your own?

For example, nodes could race to commit a merkle root of messages for the next epoch, let the rollup consensus decide who wins.

A doodler and computerer. I like permissive/permissionless open source, smart contracts, p2p systems, room-scale VR, and NixOS.

shazow.net

Currently: WhatsABI

Most of the complexity of consensus lies in getting agreement on who gets to commit the merkle root and whether messages are valid

@shazow.eth you may want to take a look at https://gist.github.com/vrypan/1ae6a60ecb3741ab031b5b06c974acab

I'm trying to identify its week spots, and fix them if possible, so that it can be considered an alternative to snapchain.

I did read through it when you first shared it too! Just took another look, some thoughts:
1. Agreed that bond to join writing-hubs set makes sense (but I'm generally pro-bonds, even if it's not money and even if it's not slashable).
2. Agreed that a kind of "mempool" is necessary.
3. I like that this can be implemented as a smart contract, e.g. on a rollup (rather than a standalone L1)
4. I worry about spamming OCEC as a DoS, especially if this is used as a metric for winning the next block. Could be a censorship attack vector.

But we can imagine other metrics for scoring, for example:
a. Block that contains *oldest* message that hasn't been included yet
b. Randomness is always good for thwarting attacks that rely on consecutive blocks, but need to avoid devolving into PoW. Maybe use RANDAO value to influence selection onchain.

I assume message datastructure contents are enclosed in a signature from the sending account, right?

Are there any heuristics for what is the oldest allowed message before it's invalid? Or can I craft a 0001-01-01 message today and it'll just be accepted?

Re attack scenario: Couldn't a hub operator have a few accounts that do actions that generates a lot of OnChainEvents just to pad their own blocks and consistently exceed competing honest blocks?

OCEC can't be spammed. It's the number of onchain events, and it is defined by the OP chain where our contracts are deployed. 

What am I missing? If you can construct an attack scenario, it would help a lot!

Messages do not have age, and the timestamp can be set arbitrarily. This is ok in case of adding/removing reactions, where the user is free to decide what comes first, but it's not reliable.