What prevents miners from cooperating and causing intentional chain reorgs?

The top 5 ethereum mining pools currently have more than 60% of the network's hashrate. What prevents these pools from cooperating to cause planned reorgs? There could be many reasons to do it, like selling ethereum at 4300$.

I know that the consequences of something like this could be devastating (especially on weeks or months old reorgs) and potentially be disadvantageous for miners, but could they do it if they wanted to?

EDIT: As you may have already guessed this question is inspired by the recent MEV "chain reorgs as a service" fork (currently under development). I understand that this is manly going to cause 1 or 2 block reorgs, but assuming the code is going to allow "infinite length" reorgs (provided that the user pays enough) isn't this going to greatly reduce the security of the network?

Answers 2

  • Nothing prevents collusion

    From former Bitcoin Core developer Greg Maxwell https://old.reddit.com/r/Bitcoin/comments/ddddfl/question_on_the_vulnerability_of_bitcoin/f2g9e7b

    The attack would work just as well if there were 100 people each with an equal amount and a majority of them colluded to dishonestly override the result.

    Also, any mechanism that would let you prevent one party (much less a secret collusion) from having too much authority would almost certainly let you just replace mining entirely. The only known way to do that is to introduce centralization and if you're willing to do that it's trivial, if you're not it appears impossible. People have cooked up 1001 complicated schemes that claim to do it without introducing centralization, but careful analysis finds again and again that these fixes centralize the system but just hide the centralization.

    Rationality is still important

    From Satoshi's Bitcoin white paper

    The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favor him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.

    Community defenses against reorg games

    Assuming collusion in hostile pools, here are some defenses from https://twitter.com/hasufl/status/1413268973811085324

    Miners can leave hostile pools, Flashbots can ban miners or searchers, users/apps can stop sending txns to hostile pools, other miners can censor hostile miners blocks, and these are just some of the tools this community has to defend a line of "no reorg games", if they want to

    Eth2 Proof of Stake increases defenses

    • Validators are actually ETH holders: there's no way to be a validator without owning and staking ETH.

    • Validators being ETH holders is more skin-in-the-game, for the longer-term rather than shorter-term.

    • Reorgs beyond finality are impossible: the Proof of Stake consensus software don't have code to do such reorgs.

    • Reorgs of a justified checkpoint will lead to at least 1/3 of validators being slashed.

    Source: https://twitter.com/ryanberckmans/status/1413198551836987396


    Other references:

    https://www.coindesk.com/no-concentration-among-miners-isnt-going-to-break-bitcoin includes:

    "just assuming that everyone is always in perfect collusion with everyone else. Specifically, that all of the hash power is actually owned and operated by one guy, whom we might call ‘Mr. Greed.’ […] Why doesn’t Mr. Greed double spend, you ask? (He can reorganize the chain at any time.) Well, Mr. Greed prefers to keep all of the new coins for himself, rather than undermine the system (and the validity of his own wealth).”


  • As Mikko mentioned, it would be super difficult for them to start cooperating in such a way. If their miners find out, they can just easily switch to an "honest" pool.

    But assuming that those miners somehow wouldn't find out and the pools managed to cooperate, then yes they could cause some havoc. If they for example caused a week's worth of reorgs, they could double spend a lot of assets. Such actions would be easy to detect and action would be taken swiftly.

    If they managed to steal a lot of assets, it would undermine the whole Ethereum network a lot. Which, in turn, would undermine the pools' value. So they would basically be committing a rugpull where they also steal their own value.


Related Questions