MaxioPool, a friend of the site and a very good Chia pool in my experience, is shutting down for good. This is very sad news, but the reason why they are closing down is even more concerning. MaxioPool has discovered an exploit in the on-chain pooling protocol. They have discovered, tested and proved in a testnet, that it is possible for a selfish farmer to submit partials and prove netspace to a pool without ever forming a block. We will discuss that in detail below. I’m going to call this attack a Lazy Farmer Attack.
First I want to wish MaxioPool the best. I really liked working with them on testing the pooling protocol, I enjoyed the time I farmed with them and I don’t think their team would make this decision lightly. Of all the pool operators I spoke to they seemed among the most invested. They had been doing custom software development since they started, had a number of tools built and were clearly building a long term ecosystem. Also, the team there was just a delight to work with, so this really is a sad day for Chia.
As for the exploit they found, it is fairly easy to reproduce. If you comment out a single portion of /chia/farmer/farmer_api.py in the new_proof_of_space function you can make the Chia client stop signing blocks but still continue to happily submitting partials properly to a pool. Well that seems odd, why would someone want to submit partials to a pool and never win a block? Because its an attack, that’s why.
The attack is this: I am a malicious pool operator and I want to grow my netspace as much as possible. I could add my farm to my pool, as a sane normal person would do, and farm blocks the honest way. Or, I could slightly modify my Chia client, join my primary competitors pool with my broken client and reduce their luck. With a big enough farm, or a few big ones, I will materially affect the luck for the pool and reduce the payouts to their farmers below what my farmers are getting paid. After that its a simple reddit or chiaforum post with some tables about how Pool X, my target, is offering lower payouts than other pools and voila! their farmers start to leave.
So what we have here is a working malicious exploit that will absolutely work for one pool operator to harm another and show that their pool is the best pool. The attack is very low cost, literally just requires a simple client modification and joining that client to a competitors pool, and it funds itself as your target will literally pay you to attack them.
When MaxioPool approached Chia Network with the details of this exploit they were dismissed because Chia Network could not understand why a malicious pool would do this. What they need is a real security architect then, because a self-funding malicious action like this is guaranteed to be executed. That’s the nature of systems exploits, ones that are a lot more expensive for a lot less reward are executed every day. I am positive this one will be too if it isn’t already.
Is it possible MaxioPool is shutting down for other reasons and using this as an excuse? Of course. But I don’t think so. I have worked with them in the past, and spoken to them on many occasions, and this team was very excited about Chia and the future. Way more so than I. They put a TON into their pool, in fact I use MaxioShovel for my plotting and I love it. If this was another pool I would be a lot more suspicious, and maybe that makes me a fool, but I do believe them. And I do believe that this is a working exploit and that malicious pool operators absolutely have an incentive to do this. I think detecting it will be very difficult since it will be impossible to prove vs plain bad luck without years of data. What is more likely is that MaxioPool is just very sensitive to these issues because of their PPS payout model so any serious difference from statistical payout models would hurt them much more than other pools, who would just see a difference in payouts from expected.
The fundamental cause for this exploit, and the reason I had to call it an exploit and not a bug, is that the Chia Blockchain architecture is designed around the farmer signs the block. This is core to their design, and key in their arguments against FlexPool’s FlexFarmer. So as long as the farmer controls that process it will also be possible for the farmer to mess with it against their own self interest. This does not become an issue until a farmer has outside interests that supersede their farmer perspective – like malicious pool operators. I am not sure what the answer here is, especially since Chia wants more smaller distributed pools. It seems their protocol might not truly support that vision, unless they can create a fix for this to force contributing farmers to sign blocks if they are able.
I highly recommend Chia Network take this seriously, even if ultimately the answer is that PPS pools don’t work because of the “farmer signs” architecture. This is the problem with branding your on-chain pooling protocol as “official”. Now you own support.
Also, they (chia) should have published a proper specification and not pool “reference” code if they didn’t want people to use the code… they’re always saying don’t use it, well maybe then don’t publish it and do a spec instead?
It seems PPS farmers only have 21chia.com left?
I think so, yes. I am not aware of any other pools offering that option – in fact I was not aware 21Chia did either until your comment! Thank you!
It is not “self funding”. The attacker loses the 0.25 farmer reward they would get if they were farming normally, which hurts them at a higher rate than it hurts the pool. That’s one of the main stated reasons for the 0.25/1.75 split, and why Chia feels the “exploit” (IMO this doesn’t meet that definition) has already been addressed. You can never stop someone who is willing to burn themselves to burn you less. Not just in this but in any human interaction.
Its self funding in that it makes more money to run the attack operationally than it costs in overhead. There is some lost opportunity, but even considering that its very cheap.
“The attack is very low cost” WUT? Loosing reward = cost.