Plasma is coming soon to the Ethereum blockchain and it carries a lot of promise. As discussed in an earlier article, the upcoming Minimum Viable Plasma (Plasma MVP) will be capable of processing up to 1,000 transactions per second, which will enable a whole host of new applications to call Ethereum home.
As Ethereum continues to scale and more organizations and users bring their business to the blockchain, security is increasingly important. If Plasma allows so many transactions per second, that's all the more funds that can be lost if something goes wrong.
One Ethereum developer, Jieyi Long, recently posted an idea to improve Plasma MVP to the Ethereum Foundation's official research forum, through which he brings to light a potentially major vulnerability of MVP.
As some readers might know, Plasma MVP is just one iteration of plasma. In this version of the concept, a Plasma EDCC creates a side chain wherein users can execute fast and cheap transactions facilitated by a so-called "Plasma operator." The Plasma operator is a third party who verifies each transaction on the Plasma chain. The operator periodically sends updated transaction information to the main chain, which is then mined into blocks and finalized.
To help ensure the plasma operator is honest, MVP specifies a system for users to challenge the operator if they attempt to leave the chain with fraudulent transaction claims. However, this requires that users be online to notice. (The Ethereum Foundation's Karl Floersch gives a great, more in-depth explanation of MVP and the dispute process here).
Long points out that in a lot of scenarios, it is not reasonable to assume that transacting parties are always online. He then provides a potential solution, applicable for scenarios where users can be divided into "payment senders" and "payment recipients." He points to three real-world applications: video games, online marketplaces like Amazon, and payment processors like PayPal and Alipay.
In-depth technical details are beyond the scope of this article, but Long provides a basic overview of the concept in a few relatively easy-to-follow sentences (edited for concision and clarity).
"The Plasma operator maintains … an augmented Merkle tree containing the token balance for each user. The operator needs to periodically commit [information from the] Merkle tree to the main-chain. [Meanwhile, the] on-chain Plasma smart contract periodically samples and validates a small random subset of the state Merkle tree."
Under this method, Long argues:
"If the Plasma operator cheats, there will always be some inconsistency in the Plasma state Merkle tree, which can be detected by the random sampling process with arbitrarily high probability."
Long goes on to say that inconsistencies will be detected with more than a 99 percent probability. If this works, it would be a much more practical way of catching bad behavior than relying on users to notice and respond appropriately.
Plasma MVP was never intended to be the be-all and end-all of Plasma. It's called minimum viable for a reason. Vitalik Buterin was completely transparent about the fact that "it leans heavily on users being willing to immediately exit as soon as they detect any kind of malfeasance," which he said in the second sentence of the proposal. But Long's point raises questions of whether MVP is all that viable in the first place. What Buterin didn't acknowledge, at least at the time, is that it's not just users' willingness to immediately exit a Plasma contract upon noticing bad behavior; it's also their ability to notice in the first place, which hinges on them being online.
If Plasma MVP implementations are to successfully bring more, better, and bigger Dapps to the Ethereum blockchain, that might be a problem.