A recent news story, about censorship, prompted me to wonder if there could be censorship on Cardano.
Tornado Cash is a protocol that allows people to hide the origin or destination of their cryptocurrencies and tokens on the Ethereum network. Its code is designed to mix a user’s cryptocurrencies with a pool of other users’ cryptocurrencies, via a smart contract using a method called Zero Knowledge Proof. This makes transaction traceability difficult.
The US Treasury Department’s Office of Foreign Assets Control (OFAC) added 45 public Ethereum addresses to the sanctions blacklist, including addresses where the Tornado Cash bytecode was stored, making interactions with those addresses in violation of the law. The addresses included in the block list had been wallets allegedly belonging to known ‘bad actors’, making the Tornado Cash sanctions an unprecedented expansion of sanctions.
But the most pernicious result of OFAC sanctions on those addresses is that they have the potential to be extended to compliance with blockchain participants, the base layer (L1), which includes validators and other actors such as developers.
Basically, this means that the base layer participants could exclude from the validation of the blocks any transactions related to the sanctioned addresses.
The Problem Tornado Cash Raises About Base Layer Censorship on Ethereum
In a Telegram group in which I participate, a debate started by Alejandro, a member of that community, was raised about the possibility that SPOs could choose the transactions they want to validate, discarding others, resulting in something similar to the censorship suffered by Tornado Cash.
Can This Type of Censorship Occur in Cardano?
Can an SPO (Stakepool Operator) choose transactions to validate, and discard others?
Could a government authority ask the SPOs in its jurisdiction that certain addresses be censored?
The quick answers to both questions are YES. Why?
The memory pool it is a virtual memory buffer in which valid transactions are placed before being inserted into a block. Each stakepool has its mempool.
While stakepools validate transactions for inclusion in a block on a first-come, there are ways to avoid validating some or all operations and even forge an empty block when it shouldn’t be.
Bitcoin has a Fee Market, and this implies that miners can choose to validate transactions with a higher fee first, because they have a greater economic incentive.
In Cardano there is no such method, and even if a simple transaction can be set with a higher fee, it will not have privilege according to the design of Ouroboros, its consensus protocol.
In Cardano, transactions are validated by the ‘first come, first served’ method.
But to my surprise, I found out that it is possible to circumvent that order, and the SPO that was designated by the protocol to validate that block, could prevent certain transactions from being validated.
I didn’t find official documentation that gave this argument, and I guess it’s because the protocol design doesn’t allow selecting transactions, and it can only be done with a mempool manipulation in each stakepool.
But what is the point of validating certain transactions instead of those ordered in the mempool? Well, choosing the ones of your own convenience for a more expensive fee to collect better rewards (those with NFTs are more expensive), or because there are some related to some self-interest development.
The community helped me in my research, and allowed me to come to a conclusion. I quote some important Tweets that gave response.
LiberLion: While tx in #Cardano are validated on a first-come, first-served basis in Mempool, can an SPO choose which tx to validate by circumventing the order? Can an SPO censor tx and leave it in Mempool without validating it? I did not find any official doc.
Giovanni – EASY1 – NuNet $NTX: Yes, SPOs can decide what to put in a block. No way currently to prevent this from happening.
ATM Stake Pool – ATM (AdaPulse, Dripdropz ): An SPO can remove ALL Txs from the mempool and create empty blocks (don’t know if this gap has been plugged already).
Andrew Westberg, NEWM CTO, BCSH: If you know haskell, yes.
Brothership Pool: Yes we can…. We control the node, if we want we can manipulate its mempool to get the transactions we care about in or our of the next block.
PGWAD : Developer |Blockchain+AI|: very much if you can create custom version, easier thing is set mempool to 0 then pool will mint blocks without any tx & yes, will still get paid! maybe with lost reputation.
SPEC – The Spectrum Cardano Pool: Yes, you absolutely can modify the logic governing the mempool and what TXs will be added to a block by your node. You just have to run a forked cardano-node then and keep you changes up to date with upstream
$conrad: Yes, this is technically possible and I have tested it. I could deny incoming transactions from all other peers and only accept them from specific DEXs for example that could pay me a fee. If I’m minting enough blocks, I could provide this service. Another reason for sSPO
Quantumplation | Pi Lanningham: Fundamentally, so far as I know a protocol can’t enforce this in a distributed system. If we had a foolproof way to universally identify a “true” ordering to txs, we would be using that consensus mechanism, not “proof of ____”; 1/ It is, however, enforced at the implementation level, and would require a custom fork of the Cardano node, and would likely be detectable at a statistical level. 2/ The scooper model circumvents this by saying that the order your *escrows* made it on chain is the canonical order that they will be scooped; it would be very easy to detect someone violating that ordering.
Sebastien Guillemot: Cardano node operators changing tx order isn’t a bug, but it is an issue that affects Cardano in practice as we saw last year (and every chain in some way). Input endorsers will change this drastically and tx prioritization algorithms ( ex: tiered fees) will also help capture this.
Decentralization is the Solution
Of course I searched for the answer, and the same community responded with similar solutions, mostly invoking decentralization.
LiberLion: Some have answered me that it is possible. My understanding was that protocol mandated first-come, first-served and no one could change that. Unpopular question: What prevents a central authority from forcing SPO’s to censor tx in #Cardano? I’m critical, looking for the truth.
Lewis: Nothing but unlike in the current ETH POS situation users could move stake to pools not censoring blocks and therefor remove said pools ability to make blocks. Having pools distributed across the globe is important to avoid local censorship enforcement. Liquid staking and low hardware requirements make it much easier for the network to adjust to such an attack, assuming the users of the network value have a censorship resistant L1
SANDSTONE: The mempool is sort of where the meat layer and blockchain collide. The on-ramp before block immutability. But there is really limited scope for malice here. Censoring TX for instance would require collusion at scale between successive slot leaders.
₳aire Voltaire: Decentralization. Easy to switch. Easy to spin up new stake pools in non censoring jurisdiction. Thousands of pools all over the world to choose from. We could just switch stake straight away. No hard-coded incentive to centralize stake to custodial stake-as-service providers
Brothership Pool: I can only speak for BSP, but if the EU mandates I censor the blocks I make, the I will most definitely be leaving. (Just hope the price is high enough to afford the plain tickets 😂 )
Rodrigo P₳cini: Nothing. We should be more careful with SPOs that show bad behavior. Cardano has the concept of a friendly approach to regulation but this is worrying, as it can migrate from friendly to “OFAC lists compliance” if we don’t keep constant monitoring.
$conrad: They can’t find you. Blocks can’t be traced to a specific server. There is no IP information. BLADE could be mining blocks in Japan or Switzerland for all that authorities know. Thus, there is no jurisdiction that can enforce this.
KtorZ: There’s no immediate global truth (and consequently, no global ‘mempool’). Actors of the network can manipulate or drop messages / transactions between nodes. That’s what it means to build a public, permissionless, distributed, byzantine & fault tolerant system.
Final Words
I had faith that I would get answers to my research from members of the community. There are big players, both SPOs and developers, and also ‘simple humans’ like me, who are interested in Cardano development.
The coincidence in the responses that an SPO can choose the transactions to validate was unanimous, although with different methods to achieve it.
The different blockchains, both PoW and PoS, be they Bitcoin, Ethereum, Cardano or many others, have mempools that can be reconfigured by their operators individually for each network node, changing the design established by the protocol.
Manipulating the validation of transactions in Cardano is not honest, of course, because it violates the protocol, but it is also visible (albeit with some degree of difficulty) and it would damage the reputation of the SPOs that did it.
Quantumlation | Pi Lanningham: So that moves the opportunity for MEV to the submission of the escrows in the first place, which happens through a different set of nodes, usually controlled by the wallets. Wallets are way more incentivized away from such things, their entire business is built on that trust. This is also why wallets that allow you to specify custom nodes for submission are awesome, because it diversifies the set of nodes processing txs; MEV relies on fairly careful control of a set of transactions, and the less control, the less the statistical advantage.
LiberLion: Thank you. That’s the point, it would be easy to detect if there is mempool manipulation to validate tx. From what I have been informed, it can be manipulated, but it is also visible.
Quantumlation | Pi Lanningham: Well, detecting it at the mempool level would be harder than at the scooper level, but still (in principle, I think) possible. For what it’s worth, the IOG research teams have thought through all of this stuff and are unconcerned with the risk.
In a network explorer you can see if a stakepool has a pattern of validating certain operations, for example all with higher fees, and none with simple, cheaper transaction fees. I don’t know if it’s possible, but I would like there to be some DApp to check if there are manipulations when validating. It would be interesting.
The Input Endorsers that will be implemented in Ouroboros Leios will be the solution to counteract these activities at the base protocol level. I leave an article on the subject at the end (1).
St₳kΣ with Pride: Yes it is possible with custom code (or if you attach a debugger to the current version). Input Endorsers fix this. Stake pools will be randomly selected to pick tx and build blocks (and get paid), which get proposed by another random set of pools (which also get paid).
But there was also unanimous agreement for the most accepted solution, which is decentralization, since if more than 51% of the SPOs colluded to censor certain types of transactions, that would be possible.
This is why decentralization matters. Understanding the importance of decentralization, and that it has an impact on security (avoiding censorship, for example), is key.
Delegators can choose stakepools, and in Cardano you can quickly change staking, since there is no blocking time, and that gives enormous power to delegators to decentralize the network, and reward good actors.
An informed and critically thinking community contributes to a healthier ecosystem.
PS: thanks to the participants in my article for their valuable answers.
. . .