P2pool a trojan horse?

Started by giverofmemory, Nov 22, 2021, 01:01 PM

Previous topic - Next topic


At first glance p2pool seems like the answer to all our problems, it prevents malicious pool operators with over 50% of the hashrate from bieng able to use all the pool miners to attack the network.  And it requires each miner runs a full node!

But not so fast, there seem to be some critical downsides. Unless I am mistaken:

1. You don't really need to run a full node.  You can just connect to another full node (as long as they have ports open).  This means that worst case there could only be a single actual network node and everyone else just running p2pool nodes. https://github.com/SChernykh/p2pool/issues/65

2. You aren't actually mining your coin.  You are mining a p2pool altcoin and merge mining the real coin.  But you aren't even getting the p2pool coin (not sure if this fact could be used for a malicious attack).  So it is like dogecoin in that respect, everyone is mining litecoin and merge mining dogecoin.  Firstly I want to mine coins I care about directly.  Also there can be downsides such as the merging of the proof of work from the p2pool chain to the real chain.  This process could cause node syncing issues and another potential attack vector.

Just thinking that if china or some other hostile actor wanted to destroy the whole crypto industry at once it would by somehow getting everyone to mine on your pools and then use that fact with some hidden backdoor type vulnerabilities to attack the real blockchains.  And then if you could hide the fact your pool was doing it (by it seeming decentralized) so that people never wise up and stop using that pool.  Anyway for me it is way too risky.  Thoughts?


1. A scenario where everyone uses the same node is unrealisitc. There could be one node but this will never happen. The wownero chain is 4.5GB in size. If there were too little nodes, the wownero community could probably spawn 1000 in a day.
1. (b). The bitcoin maxis and their insistance in running their own non-mining node for *muh sovereignty* had caused so much confusion about what is actually enforcing the consensus. Non-mining nodes have nothing to do with consensus, only mining nodes do. If there were 50 different nodes mining with equal hashrate that is more decentralized then 10 mining nodes and any number of non-mining.

2. Merge mining is in practice no different than mining directly. Also, not every proof of work needs a coin... the monero reward is the monetary incentive. p2pool has its own node and will not cause node syncing issues with your monero node. p2pool is much better system than existing mining pools as it is decentralized and permissionless. Anyway, wownero does not have p2pool, and forcing everyone to use p2pool is no different than enforcing solomining only.

A bug on p2pool would have nothing to do with the consensus of the chain it is mining. If you are scared of imaginary anti-crypto actors revealing 0-days to "attack blockchains" you need to stop worrying :slightly_smiling_face:.
P.S. people would know that p2pool is doing it as it announces all of the blocks it mines. If you actually used it you would know :upside_down_face:.
P.S.S nodes can always be patched and chains rolled back to 1 block before the exploit, despite what bitcoin maxis like to say.

tldr: you are imagining scenarios that will never happen and then freaking out about such thoughts.