One of the biggest (if not the biggest) attack vector against a Plasma chain is the byzantine operator. This is particularly evident in the single-operator model, like in Minimal Viable Plasma. If the users on the Plasma chain detect that the operator has started to act dishonestly (e.g. withholding blocks), then they'll exit.
Currently, the operator is able to create an "out of thin air" transaction that appears to be valid. This means that the operator can start an unchallengable exit from the UTXOs created by this transaction. In theory, the users on the chain will not lose money as long as they exit within a specified period of time. However, this also means that the chain becomes permanently useless as any new deposits to the chain can be instantly stolen by the operator.
So, the question: How can we recover from byzantine operators? Can we come up with failure modes that effectively "reset" the chain and remove the operator's exits? Do these failure modes even matter?
One of the biggest (if not the biggest) attack vector against a Plasma chain is the byzantine operator. This is particularly evident in the single-operator model, like in Minimal Viable Plasma. If the users on the Plasma chain detect that the operator has started to act dishonestly (e.g. withholding blocks), then they'll exit.
Currently, the operator is able to create an "out of thin air" transaction that appears to be valid. This means that the operator can start an unchallengable exit from the UTXOs created by this transaction. In theory, the users on the chain will not lose money as long as they exit within a specified period of time. However, this also means that the chain becomes permanently useless as any new deposits to the chain can be instantly stolen by the operator.
So, the question: How can we recover from byzantine operators? Can we come up with failure modes that effectively "reset" the chain and remove the operator's exits? Do these failure modes even matter?