It is said that “51% of the miners can steal all of the funds on the sidechain”.
It is true that 51% hashrate can overwhelm the 13,150 ACK requirement (ie, the “train metaphor”), and (if unopposed) include any withdrawal they like. Namely, they would include a withdrawal that pays them all of the sidechain’s BTC. At 51% hashrate, this takes 6 months to accomplish; at 100% hashrate, it takes 3 months.
So, it is true that 51% hashrate can steal all the BTC on the sidechain. But, already, they can steal all of the BTC on the mainchain. In a way that full nodes cannot prevent. And the mainchain theft is easier, and pays more.
It is to simply take the assumed attack (ie, “6 months of 51% miner-attacking, or 3 months of 100% attacking”), and use it to cause a block reorganization. Specifically, a 13,150-block reorganization.
The reorg attack is easier in two ways. First, the reorg-attackers may work in secret. In contrast, the DC-attackers must announce the attack in advance, and then continue it openly each block. Secondly, because of their hashrate superiority (of at least 2%, in the 51%-case) they can start their new chain as many as ~526 blocks into the past.
The reorg attack allows miners to steal all BTC transacted on the mainchain, in two ways. First, by making BTC purchases themselves, and then refunding themselves via doublespend. Second, by collaborating with other purchasers (by rewarding them “epsilon” if they sign a doublespend txn directing the merchant’s money to miners).
How much BTC could be stolen by a reorg attack?
Well, at 200,000 BTC transacted per day, we can expect turnover over 13,500 blocks to amount to 18.4 million BTC. This value is greater than the current number of Bitcoins in existence [~17 million], and so all circulating coins would be stolen (only those which hadn’t moved in 6+ months would ever be safe). Interestingly, because ~3.8 million BTC are estimated to be lost forever, 18.4 M is more BTC than could ever be deposited onto any sidechain ever.
Critics who raise this point, are really objecting to the entire philosophy of “optional sidechains”. The purpose of sidechains is to allow the mainchain Bitcoin Core software to ignore BTC-activity on other networks – this indifference frees up those networks to try experimental or controversial features. Critics who invoke “miners can steal”, fail to understand this purpose. Since the only way to block “miner theft” is via full-node rule-enforcement, these critics are really advocating a sidechain security model where Bitcoin Core is required to download and validate all sidechain blocks on all sidechains. This would prevent miner-theft, but it turns each new sidechain into a mandatory hard fork!
Some people believe that miners are free to do whatever they like. This view is often simplified [perhaps for politeness reasons] as sorting miners into two “types”, the “honest” type that tend to choose to do friendly things, and the “dishonest” type that tend to choose to do unfriendly things (ie, short-term, narrowly selfish, deceptive, etc).
In reality, though, miners have no choice but to profit-maximize.
Here are some passages which explain this well:
Two days after Dan Robinson’s post, miners cancelled their SegWit2x project, which they –seemingly– wanted very badly. But not as badly as they wanted more MONEY!
Please see the published security model and also panes 5 and 6 of this meme for details on what miners would find to be more or less profitable.
A related notion is the idea that “miners” are the “owners” or “masters” or “controllers” of the Bitcoin cryptosystem – and wherever miners lead, everyone else follows blindly and without resistance.
But the truth is the exact opposite of this. Whenever “miners” and “nodes” disagree, it is always nodes that get the final word. For example:
These are examples of Miners being trumped by users, in a variety of contexts. Drivechain merely acknowledges this pre-existing fact.
This fallacy is similar to the “Enough to Buy Back the Product” and “Labor Theory of Value” fallacies. It demands that “the makers of cheap dresses should get enough to buy back cheap dresses and the makers of mink coats enough to buy back mink coats”. Miners are like security guards – watching diligently over a football game or rock concert to deal with altercations. But “a group of security guards” does not a rock-and-roll concert make…you need the guitarist. And you need the drummer, and the promoters, the record company, the guitar-maker, the producer of nylon string, etc.
Related – a time when hashrate determined nothing.
While the security guards should be obedient they should NOT be incompetent – they must be able to carry out the investor’s will. That is the subject of the next misconception.
Some “smart contracts” are actually bad, and we want to get rid of them.
This is near-impossible to do, if the smart contract system is too general purpose (as in Ethereum). See my “Smart Contract Ecology” presentation (or answer below for details.
However, it is also impossible to do, if no one has an incentive to do it. Without an incentive to curate the portfolio of active sidechains, we will have a free rider problem – who will take out the trash?
We solve this by harmonizing ownership and control – the miners are the only ones with enough skin in the game to make this decision, so they should be the ones who control which sidechains are “evicted”. So the 51% theft possibility is actually a feature, not a bug. We want it there, filtering out sidechains that interact badly (just like we want miners to “evict” txns that are double spends).
Not all sidechains are the same – some are bound to be “low quality”. This could be because they are not popular enough to be secure, or because they have been constructed by saboteurs. Depositing into these would be a bad idea.
It is natural to want to “protect” people from their mistakes.
But it is neither possible nor desirable. If the user can’t get what they want from a sidechain, they’ll get it from an Altcoin. And – as they should! The user is sovereign.