Will Ethereum Be Vulnerable to Censorship After the Merge?
- The Ethereum community is debating whether large validators may end up being forced to censor transactions following the Merge.
- Ethereum creator Vitalik Buterin believes transaction censorship would amount to an attack against the network.
- Some Ethereum projects have already started blacklisting sanctioned addresses.
Share this article
With the upgrade to Proof-of-Stake rapidly approaching, the Ethereum community is debating whether the recent sanctions against Tornado Cash may end up endangering the blockchain itself.
Merge Hype Overshadowed by Tornado Cash
The Ethereum community is concerned about censorship.
Only a month remains before Ethereum switches away from its Proof-of-Work consensus mechanism to Proof-of-Stake. The transition, colloquially known in the crypto space as the “Merge,” is expected to reduce the network’s energy consumption by 99% and slash token emission rates by 90%. Delayed multiple times in the past, the highly-anticipated upgrade looks set to take place next month on September 15.
Dampening the community’s excitement, however, came the recent decision from the U.S. Treasury’s Office of Foreign Assets Control (OFAC) to add the popular privacy protocol Tornado Cash to its sanctions list, asserting that the app was primarily a money-laundering vehicle for cyber criminals. The move is unprecedented in that it is the first time a piece of open-source code has been added to a sanctions list. Following the move, Dutch authorities arrested a Tornado Cash developer in connection to a separate investigation into the privacy protocol.
Upon news of the Tornado Cash ban, several companies such as stablecoin issuer Circle, software version management platform Github, and Ethereum infrastructure provider Infura promptly complied with the sanctions, blacklisting Tornado Cash affiliated Ethereum addresses listed in the OFAC statement. The Tornado Cash case sets a worrying precedent, and now the crypto community has deep concerns that centralized entities running Ethereum Proof-of-Stake validators may be forced, in the future, to censor transactions on the Ethereum blockchain itself.
Ethereum’s Vulnerability to Censorship
The crux of the matter is that once Ethereum upgrades, it will no longer rely on Proof-of-Work miners to reach consensus but on Proof-of-Stake validators. Instead of expending energy to create new blocks as miners do, these validators must stake ETH tokens. While each validator needs 32 staked ETH to run, a single entity can run multiple validators, increasing their influence over the network. And as noted by DXdao contributor Eylon Aviv, five of the six largest validating entities would most likely be forced to comply with OFAC regulations.
Aviv singled out crypto exchanges Coinbase and Kraken, staking services Staked and Lido, and crypto service provider Bitcoin Suisse as entities that would likely be forced to censor transactions on the Ethereum. “I somehow believe Coinbase will find a way to make sure it doesn’t validate a block with Tornado [transactions],” he stated, before adding:
“If 66% of the validators will not sign specific blocks, block builders / relayers who propose blocks with sanctioned [transactions] are less likely to be included, meaning these block builders will lose money, making the inclusion of such [transactions] economically inviable.”
In response to these concerns, multiple community members pointed to the slashing system embedded in Ethereum’s upcoming Proof-of-Stake consensus mechanism. As Ethereum creator Vitalik Buterin explained in a 2018 tweet: “if a 51% coalition starts censoring blocks, other validators and clients can detect that this is happening, and use the 99% fault tolerant consensus to agree that this is happening, and coordinate a minority fork.”
In other words, should the largest validators decide to censor transactions, the rest of the Ethereum validator community, even if in the minority, has the option of destroying censoring validators’ funds.
OFAC Compliance as Censorship
The possibility of slashing large validators funds gives way to another question: should compliance with OFAC regulations be regarded as an attack on Ethereum itself?
Swedish Bitcoin advocate Eric Wall seems to think so. “Ethereum can’t comply with all nations’ censorship demands at the validator level,” he stated. “Zero censorship is the only neutral option for global consensus.”
Wall asked in a poll whether the Ethereum community should burn the stake of large validators attempting to comply with OFAC sanctions. Of the 9,584 Twitter users who participated, 61.2% were in favor and 9.3% against (with 29.5% asking to see results.) Vitalik Buterin also weighed in, indicating in a comment that he was among the people voting yes.
However, large validators who have already skated ETH into the beacon chain may be left with few options. After the Merge, staked ETH will remain locked until 2023, meaning that validators won’t be able to withdraw their staked funds from the Ethereum network even if they wanted to avoid censoring transactions as per OFAC regulations.
An option they do have is to “voluntarily exit” by simply ceasing to perform their validator duties. By doing so, they would be unable to rejoin the network, or to access their ETH until withdrawals are enabled. Worse, they could potentially be hit with inactivity fees worth 50% of their stake.
When asked on Twitter whether Coinbase would prefer censoring transactions or shutting down its validators, CEO Brian Armstrong answered:
“It’s a hypothetical we hopefully won’t actually face. But if we did we’d go with [shutting down] I think. Got to focus on the bigger picture. There may be some better option (C) or a legal challenge as well that could help reach a better outcome.”
Still, stuck between a rock and a hard place, Coinbase and other validators could end up choosing to hard-fork to save their funds, Spacemesh developer Lane Rettig believes. This would result in two different Ethereum Proof-of-Stake chains: one OFAC-compliant, the other permissionless. “It’s possible that the OFAC-compliant fork would win,” stated Rettig. “It would totally change the landscape of Ethereum, since it’s very likely that the stablecoins, asset-backed things, and a lot of [decentralized finance protocols] would not be able to follow the non-compliant fork.”
Ethereum’s Difficult Road Ahead
Beyond the question of Ethereum’s consensus mechanism, some crypto projects in the ecosystem have decided to preemptively ensure they are OFAC-compliant. TRM Labs has already launched a wallet screening service that allows decentralized finance (DeFi) protocol frontends to block sanctioned addresses, or those which have been the counterparty of sanctioned addresses. The decision has been met with criticism from the broader crypto community.
“Hackers don’t use your frontend,” Yearn.Finance lead developer banteg stated. “You can only block legitimate users. TRM has played you for absolute fools.” Banteg later shared an article from a DeFi hack victim describing his inability to access his funds on the DeFi lending protocol Aave because a direct transfer had previously occurred between his wallet and a sanctioned wallet—the transfer being a hack in which he lost $200,000.
Flashbots, an organization that helps Ethereum mitigate the downsides of on-chain price arbitrage, also indicated it would be blacklisting addresses sanctioned by OFAC, prompting calls for validators to use a different relay. Flashbots responded to the criticism by making their own relay code open source.
As the Merge deadline ticks closer with every block, the uncertainty surrounding the fate of the ecosystem feels heavy for some. “[Ethereum] had one job–ONE JOB: censorship resistance,” says Rettig. “It’s the ONE THING that makes all the pain worthwhile: all the obnoxious, slow, painful decentralization theater. If you can’t do that one thing, then there’s no point in any of this and we should all pack up and go home already.”
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.