Menu
The Chia Plot
  • Blog
  • How-To
  • About
  • Contact
  • Security
  • Discord
The Chia Plot
pool shutdown

MaxioPool shutting its doors for good due to Chia pool protocol exploit

Posted on August 8, 2021August 8, 2021 by Chris Dupres

MaxioPool, a friend of the site and a very good Chia pool in my experience, is shutting down for good. This is very sad news, but the reason why they are closing down is even more concerning. MaxioPool has discovered an exploit in the on-chain pooling protocol. They have discovered, tested and proved in a testnet, that it is possible for a selfish farmer to submit partials and prove netspace to a pool without ever forming a block. We will discuss that in detail below. I’m going to call this attack a Lazy Farmer Attack.

First I want to wish MaxioPool the best. I really liked working with them on testing the pooling protocol, I enjoyed the time I farmed with them and I don’t think their team would make this decision lightly. Of all the pool operators I spoke to they seemed among the most invested. They had been doing custom software development since they started, had a number of tools built and were clearly building a long term ecosystem. Also, the team there was just a delight to work with, so this really is a sad day for Chia.

As for the exploit they found, it is fairly easy to reproduce. If you comment out a single portion of /chia/farmer/farmer_api.py in the new_proof_of_space function you can make the Chia client stop signing blocks but still continue to happily submitting partials properly to a pool. Well that seems odd, why would someone want to submit partials to a pool and never win a block? Because its an attack, that’s why.

The attack is this: I am a malicious pool operator and I want to grow my netspace as much as possible. I could add my farm to my pool, as a sane normal person would do, and farm blocks the honest way. Or, I could slightly modify my Chia client, join my primary competitors pool with my broken client and reduce their luck. With a big enough farm, or a few big ones, I will materially affect the luck for the pool and reduce the payouts to their farmers below what my farmers are getting paid. After that its a simple reddit or chiaforum post with some tables about how Pool X, my target, is offering lower payouts than other pools and voila! their farmers start to leave.

So what we have here is a working malicious exploit that will absolutely work for one pool operator to harm another and show that their pool is the best pool. The attack is very low cost, literally just requires a simple client modification and joining that client to a competitors pool, and it funds itself as your target will literally pay you to attack them.

When MaxioPool approached Chia Network with the details of this exploit they were dismissed because Chia Network could not understand why a malicious pool would do this. What they need is a real security architect then, because a self-funding malicious action like this is guaranteed to be executed. That’s the nature of systems exploits, ones that are a lot more expensive for a lot less reward are executed every day. I am positive this one will be too if it isn’t already.

Is it possible MaxioPool is shutting down for other reasons and using this as an excuse? Of course. But I don’t think so. I have worked with them in the past, and spoken to them on many occasions, and this team was very excited about Chia and the future. Way more so than I. They put a TON into their pool, in fact I use MaxioShovel for my plotting and I love it. If this was another pool I would be a lot more suspicious, and maybe that makes me a fool, but I do believe them. And I do believe that this is a working exploit and that malicious pool operators absolutely have an incentive to do this. I think detecting it will be very difficult since it will be impossible to prove vs plain bad luck without years of data. What is more likely is that MaxioPool is just very sensitive to these issues because of their PPS payout model so any serious difference from statistical payout models would hurt them much more than other pools, who would just see a difference in payouts from expected.

The fundamental cause for this exploit, and the reason I had to call it an exploit and not a bug, is that the Chia Blockchain architecture is designed around the farmer signs the block. This is core to their design, and key in their arguments against FlexPool’s FlexFarmer. So as long as the farmer controls that process it will also be possible for the farmer to mess with it against their own self interest. This does not become an issue until a farmer has outside interests that supersede their farmer perspective – like malicious pool operators. I am not sure what the answer here is, especially since Chia wants more smaller distributed pools. It seems their protocol might not truly support that vision, unless they can create a fix for this to force contributing farmers to sign blocks if they are able.

I highly recommend Chia Network take this seriously, even if ultimately the answer is that PPS pools don’t work because of the “farmer signs” architecture. This is the problem with branding your on-chain pooling protocol as “official”. Now you own support.

Related

6 thoughts on “MaxioPool shutting its doors for good due to Chia pool protocol exploit”

  1. JackT says:
    August 8, 2021 at 12:43 pm

    Also, they (chia) should have published a proper specification and not pool “reference” code if they didn’t want people to use the code… they’re always saying don’t use it, well maybe then don’t publish it and do a spec instead?
    It seems PPS farmers only have 21chia.com left?

    Reply
    1. Chris Dupres says:
      August 8, 2021 at 12:45 pm

      I think so, yes. I am not aware of any other pools offering that option – in fact I was not aware 21Chia did either until your comment! Thank you!

      Reply
  2. Qwinn says:
    August 8, 2021 at 3:54 pm

    It is not “self funding”. The attacker loses the 0.25 farmer reward they would get if they were farming normally, which hurts them at a higher rate than it hurts the pool. That’s one of the main stated reasons for the 0.25/1.75 split, and why Chia feels the “exploit” (IMO this doesn’t meet that definition) has already been addressed. You can never stop someone who is willing to burn themselves to burn you less. Not just in this but in any human interaction.

    Reply
    1. Chris Dupres says:
      August 8, 2021 at 4:01 pm

      Its self funding in that it makes more money to run the attack operationally than it costs in overhead. There is some lost opportunity, but even considering that its very cheap.

      Reply
    2. cboles says:
      November 2, 2021 at 1:18 pm

      The malicious pool is spending $1 to cause another pool to lose $7. If you can put them out of business, or at least take the majority of their business, this could easily be worth it assuming you have deep enough pockets.

      Reply
  3. Yohoho says:
    August 9, 2021 at 3:49 am

    “The attack is very low cost” WUT? Loosing reward = cost.

    Reply

Leave a Reply Cancel reply

Advertisement

Recent Posts

  • Crypto is burning down – Chia seems fine
  • Chia CAT upgrade fiasco part 2 – Was I wrong?
  • WTF just happened?? CAT1 to CAT2 “upgrade”
  • The era of the Chia NFT is upon us
  • Chia Blockchain 1.4.0 released – NFTs and DIDs oh my
  • Discussion
  • Facts About Farmers
  • How-To
  • Information
  • News
  • pools
  • Security
  • Trademark
  • Trading
  • Uncategorized

Dark Mode Switch

©2021 The Chia Plot - Donate XCH / MRMT / SBX @ xch1p4440d6zwu9ryta2vx073lq2ge3s29d37kskz6t34jp085e8srjqnk0gcr
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-advertisement1 yearThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONIDsessionUsed by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
na_id1 year 1 monthThis cookie is set by Addthis.com to enable sharing of links on social media platforms like Facebook and Twitter
na_rn1 monthThis cookie is used to recognize the visitor upon re-entry. This cookie allows to collect information on user behaviour and allows sharing function provided by Addthis.com
na_sc_e1 monthThis cookie is used to recognize the visitor upon re-entry. This cookie allows to collect information on user behaviour and allows sharing function provided by Addthis.com
na_sr1 monthThis cookie is set by Addthis.com. This cookie is used for sharing of links on social media platforms.
na_srp1 minuteThis cookie is used to recognize the visitor upon re-entry. This cookie allows to collect information on user behaviour and allows sharing function provided by Addthis.com
na_tc1 year 1 monthThis cookie is set by the provider Addthis. This cookie is used for social media sharing tracking service.
ouid1 year 1 monthThe cookie is set by Addthis which enables the content of the website to be shared across different networking and social sharing websites.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
CookieDurationDescription
d3 monthsThis cookie tracks anonymous information on how visitors use the website.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
__gads1 year 24 daysThis cookie is set by Google and stored under the name dounleclick.com. This cookie is used to track how many times users see a particular advert which helps in measuring the success of the campaign and calculate the revenue generated by the campaign. These cookies can only be read from the domain that it is set on so it will not track any data while browsing through another sites.
_ga2 yearsThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_199099757_11 minuteThis cookie is set by Google and is used to distinguish users.
_gid1 dayThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT16 years 4 months 5 daysThese cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
CookieDurationDescription
advanced_ads_browser_width1 monthThis cookie is set by Advanced ads plugin.This cookie is used to measure and store the user browser width for adverts.
anj3 monthsNo description available.
CMID1 yearThe cookie is set by CasaleMedia. The cookie is used to collect information about the usage behavior for targeted advertising.
CMPRO3 monthsThis cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMPS3 monthsThis cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMRUM31 yearThis cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMST1 dayThe cookie is set by CasaleMedia. The cookie is used to collect information about the usage behavior for targeted advertising.
DSID1 hourThis cookie is setup by doubleclick.net. This cookie is used by Google to make advertising more engaging to users and are stored under doubleclick.net. It contains an encrypted unique ID.
i1 yearThe purpose of the cookie is not known yet.
IDE1 year 24 daysUsed by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
KADUSERCOOKIE3 monthsThe cookie is set by pubmatic.com for identifying the visitors' website or device from which they visit PubMatic's partners' website.
KTPCACOOKIE1 dayThis cookie is set by pubmatic.com for the purpose of checking if third-party cookies are enabled on the user's website.
mc1 year 1 monthThis cookie is associated with Quantserve to track anonymously how a user interact with the website.
test_cookie15 minutesThis cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
uid1 year 1 monthThis cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
uuid3 monthsTo optimize ad relevance by collecting visitor data from multiple websites such as what pages have been loaded.
uuid23 monthsThis cookies is set by AppNexus. The cookies stores information that helps in distinguishing between devices and browsers. This information us used to select advertisements served by the platform and assess the performance of the advertisement and attribute payment for those advertisements.
VISITOR_INFO1_LIVE5 months 27 daysThis cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSCsessionThis cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devicesneverThese cookies are set via embedded youtube-videos.
yt-remote-device-idneverThese cookies are set via embedded youtube-videos.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
__gpi1 year 24 daysNo description
adImpCountpastNo description
C3UID5 yearsNo description available.
C3UID-9245 yearsNo description
fc5 months 27 daysNo description available.
pfpastNo description
pxs5 months 27 daysNo description available.
SAVE & ACCEPT
Powered by CookieYes Logo