search

simplecrypto / powerpool

A Python gevent driven stratum mining server
BSD 2-Clause "Simplified" License
48 stars 71 forks source link

How to discover Block Withholdding Attack? #103

Closed sbwdlihao closed 9 years ago

sbwdlihao commented 9 years ago

Can we discover Block Withholdding Attack as early as possible?

icook commented 9 years ago

Not easily, the only way is using statistics. IE, you can see how many shares a user has submitted over time, and how many blocks they've solved. It's easy enough to calculate an individual users "luck", but until they're really "unlucky" its hard to assign blame. I've seen plenty of blocks that took 10x the average number of shares, therefore a user could withold a lot of blocks before you were "sure" that they were witholding.

Are you trying to setup a PROP payout pool with SCM/powerpool? That's the only situation in which it's an issue, since otherwise it's in the users best interest to not withold.

sbwdlihao commented 9 years ago

Yes, I want to setup a PPLNS payout pool with SCM/powerpool. There are many Block Withholdding Attacks I know from some big pool, it's very annoying but realistic and I want to find a way to easily discover this attack before setup a pool for the public.

icook commented 9 years ago

With a PPLNS payout system block witholding attacks are very rare, since it costs you money to generate shares, but you're intentionally reducing the amount you will get paid out. From my experience it's only really an issue with PROP payout systems that pay you regardless of finding blocks or not.

Either way, there's nothing more that PowerPool can do to mitigate these attacks, so I'm going to close this issue.

icook commented 9 years ago

Fyi I just started a google group that might be a better place for questions/discussion like these that aren't directly related to software:

https://groups.google.com/forum/#!forum/simplecrypto-dev

ericecook commented 9 years ago

@icook I think you're thinking of PPS. PROP only pays out on block solves

@sbwdlihao banning people for this is simply not very effective. Since you don't want false positives, you need to rely on waiting until the user is already very unlucky. And even if you ban them at this point it is pretty trivial for a malicious user to just use a new mining address/ip address and circumvent the ban.

Its much more effective to use a payout system that punishes a user for withholding blocks, and PPLNS does a decent job of this

icook commented 9 years ago

Ah my mistake, definitely meant PPS you're right. Literally get them reversed almost every time...