This is actually a really tough question. And the answer really is: it depends. Like all security questions it has to start with a threat model: what are you afraid of happening. In order to do that we have to first understand the risks and benefits of downloading an unverified Chia blockchain.
The benefits are pretty clear; syncing a blockchain can take a REALLY long time, and even though the Bluebox Timelords are hard at work compressing the chain and making that work a little better at the end of the day to start up a full node you have to download every transaction and verify every block. Starting with a pre-verified chain file can save days depending on the performance of your full node.
But the risks can be murkier. The risk most often discussed in cryptocurrency circles suggests the main risk is that someone will distribute a modified chain, which is the risk but not for the reasons I think most people assume. Its not really possibly to modify a block chain in the middle so that the latest blocks end up verifiable. If you change a transaction anywhere in the chain you will modify the Merkle trees and end up with a chain that won’t sync. You will waste some time, but unless a significant number of nodes are running the same modifications as you it shouldn’t have any effect.
The real risk comes from the habit. If people habitually downloaded a pre-verified chain from some source, like Chia Network, then it would become a central point of attack where either the company in control or someone that breached their systems could modify and distribute the blockchain as the “good copy”. This is unlikely to happen from some random 3rd party source but it is good security hygiene to verify your own blockchain. The risk of this happening is low but the impact would be incredibly high and difficult to unwind.
So what is the risk to you if you download a blockchain file from an untrusted source? Well, the risk is the same, a modified blockchain, but my thought is the main risk that someone puts malicious code into the sqlite file that executes when it gets verified causing issues with your farming system. Basically the same risk when downloading anything from untrusted sources. This would probably require a security vulnerability in the Chia blockchain software in how it parses the database, but nobody is perfect and vulnerabilities do happen. The best way to avoid this risk to the network is for every node to verify the transaction history.
The main problem here isn’t that you have to verify the blockchain fully in order to run a node, the problem is that you need to run a full node in order to farm Chia, even to a pool. While it does work to protect the blockchain having every user verify and serve the entire thing it is really inefficient for people who want to farm. It also makes it much more difficult to farm from low powered hardware, something we are going to be focusing on a bit in the next couple of weeks.
I think now that pools are a solved problem, and DeFi is well into the planning stages the next major problem to solve is going to make farming less resource intensive. Let me know your thoughts on the problem, and any ideas you have in the comments or on our discord.
