Theoretical attacks in agenda setting

Some reflections on the role of theoretical attacks within the cryptoeconomic-scientific method and how this relates to real-world institutions such as the state-of-the-art and an ecocystem.

The cryptoeconomic method

History

First, there was pulling a Satoshi, producing together a protocol and its implementation.

Then, there was theoretical attacks in the wild (starting with selfish mining), contradicting the current doxa on cryptoeconomic guarantees brought by the system.

Soon after, there was a call to action to bring together researchers around making game theoretical sense of Bitcoin.

Once the industry and venture capital started abundantly funding research, came impossibility results, leaving no room for interpretation, aligning the doxa with what mathematics have to say.

Missing empirical data

Attacks as epistemological replacements for empiricism to support a theory.

Taking as example my recent research on Stackelberg attacks on Uniswap governance [link to come], it all starts with a hunch that the tension between liquidity providers’ (LPs) interests and UNI tokenholders along with the possibility of a fork of Uniswap’s smart contracts create an instable equilibrium. Continuous participation from LPs seems not incentive compatible once forking is included in the game. This intuition is then formalized, analyzed and verified, using a mathematical model.

Then, an attack by LPs on UNI tokenholders is concretized by deriving an algorithm to be run within a smart contract (called Grim Forker) that should be invoked by LPs to perform the attack, which is valuable to them. The tension that is described by our mathematical model, basically u(LP | fee = 0) > u(LP | fee > 0), is made real by this attack concretized in code.

We would have loved to present real-world data on how the discrepancy has made LP act by themselves, but there is none we found (and probably to be found). The reason is that transaction & coordination costs to perform such attacks are high.

And indeed, the main point of building a new smart contract like Grim Forker is to reduce coordination costs among multiple parties.

Another example of such an approach is used by the authors of the Voting Block Entropy paper that, once described they have described the VBE theoretical framework and its implications on instability of governance, leverage Dark DAOs to display an effective attack concretizing this instability.

Attack = patch

Rather than “Attack then Patch” from [Azouvi and Hicks, SoK 2023].

Positive attacks

Based on the previous description, I’ll suggest a basic framework: (1) Intuition, (2) Theory, (3) Attackability.

1. Intuition:
   • Grim Forker: There is a discrepancy in utility for LPs between an AMM with protocol fee and its fork without fee, so there “must be” a way to exploit this by LPs.
   • Selfish Mining: Bitcoin protocol doesn’t fully account for the rational, selfish behavior of miners, notably in terms of collusion and withholding of information, so there “must be” a way to exploit this by Miners.
2. Theory:
   • Grim Forker: The modeling effort and related Stackelberg analysis. The modeling efforts allows measuring the intuitive discrepancy.
   • Selfish Mining: Modeling miners as rational agents.
3. Attack strategy:
   • Grim Forker: the new “Damocles sword” strategy by LPs, enabled by Grim Forker contracts.
   • Selfish Mining: the Selfish Mining strategy by Miners.

Note: an important methodological question in such a process is thus to prevent theory-making as being “telegraphed” by the intuition, thus failing to scientifically validate it.

We use here the term _attack strategy which relates to the theory to make a distinction with attack which is an actual implementation and instanciation of such a strategy.

Meta-game: updating the State of the Art

If a Theory:

• is a good model of the protocol under consideration (formally correct, represents satisfactorily the network, embeds previous SotA),
• allows deriving a sound theoretical attack (derivable from the theory and its practical requirements are achievable (costs…)),

Then it constitutes a valuable patch to the State of the Art:

• it is a patch because it adds to the SotA by filling in formal weaknesses (where previous SotA wasn’t able to describe an attack),
• it is valuable because the attack is deemed achievable within real-world conditions (so not updating the SotA with the Theory would endanger it).

We’ll call these theories Successful Attackability Theories.

Patch theory via attacks, ecosystem via memes

Successful attackability of a theory, in the sense defined above, justifies why such a theory has reach and should spread-out as a meme.

So, the attack designer is really saying “dear research community, you’d better all update your theories to include mine, otherwise you’re at risk of designing mechanisms that are prey to this attack”. This, in reality, applies not only to researchers but to all actors in a given ecosystem: agenda setters, founders, developers, thought leaders, regulators…

Conclusion

Successful attackability justify patching formal shortcomings even entirely in counterfactual space, when no empirical data is available.

It is thus a powerful instrument to the agenda setter.