ETH had the benefit of PoW working and proven for years prior to deployment.
Switching to an entirely new consensus model, that has never been done before, is complicated and a big reason why it has taken as long as it has.
Furthermore, there is a giant target (huge sum of money) on ETH's back now. If you had an exploit for PoS, why would you reveal it early?
As the person below also states... they could just fork and fix things, but this time, it will be a lot harder to do so without entirely destroying the value of ETH.
This is a massively risky venture that takes more than just hope and prayers. As we've seen in many many hacks over the last few years, even the most competent developers can miss something crucial.
Ethereum's PoS has been running since December 2020. Right now about 10% of all ETH is deposited on it. What's coming up is the "merge", where the rest of the chain starts looking at the PoS network for choosing blocks, instead of looking at mining difficulty.
> Right now about 10% of all ETH is deposited on it.
Nope. The ETH is just in a rather simple write only deposit contract on ETH1. [1] It is also not 'all' ETH, since there is no hard cap on the total amount of ETH in existence.
It is also a bit more complicated than just looking at the beacon chain. That beacon chain has zero value tied to it. So while it has been running just fine, there hasn't been a reason to attack it. It also hasn't been used to actually do anything really... and now there is a use. There is also a lot more communication going on between nodes that didn't exist before. All of these things become attack surfaces.
That's an...interesting view. Let's skip the semantics and stick to facts, which are these:
- 10% of the current supply of ETH is in the deposit contract, and can't be withdrawn from the deposit contract.
- Every address that deposited ETH into that contract got a corresponding balance of "ETH" on the beacon chain. (I'll call it "ETH" instead of just ETH to avoid arguing over whether it's really ETH.)
- The beacon chain is functioning as designed, and the "ETH" balances of various addresses are getting changed over time. The economic incentives appear to be working. People are keeping their nodes up and running to get rewards, and trying to avoid getting slashed.
- The plan is for stakers to be able to withdraw their balances to the main chain, from the beacon chain. When someone withdraws, an ETH balance will be incremented on the main chain, and the same address will get its "ETH" decremented on the beacon chain.
Right now, the contract is one way and there is no way to withdraw. The code hasn't been developed yet. The ETH or "ETH" or whatever, are secure because there literally cannot be insecurity without some code to break.
Heck, even "The Merge" doesn't enable withdraw... it is scheduled for some time after (still to be decided and coded... more potential security issues) and is of course a slow trickle too (first people who can withdraw win the short market). That 10% is about as secure as you can possibly be in that it is effectively burned at this point and will require yet another hard fork to unburn it.
Let's go back to the premise of my original comment:
PoS is a lot more complicated than PoW and offers a much wider attack surface.
Any large mistake in the code that causes financial loss is going to go down a huge rabbit hole of how to manage consensus around fork choices and will likely have at least a short term devastating effect on the market.
I want to see PoS succeed, but as a 20+ year developer, I'm very skeptical it will go off without a hitch.
There's hundreds of blockchains using Proof of Stake for years. Finally, if exploited, everyone will just agree to rollback again; there's no destruction of ETH.
You can't just generalize all PoS as being the same code and execution. ETH is quite different from the rest. Furthermore, none of the other blockchains have even close to the level of value (not just $ amount, but also fame) tied up in them.
As for rollback... that's what created ETC, but this time, it is different... with PoS, the 'stake' is tied up in the network. It isn't external, like it is with PoW and isn't as easy to just fork. You're effectively now forced to convince everyone to follow another canonical chain, but you don't have an external way to do so. Forking becomes a lot harder. It also becomes a lot more complicated and hasn't even been done before... how much 'testing' has that gotten?
How are exchanges going to agree to rollback after they have already exchanged those tokens with others? Someone has to burden the loss, so it might as well be the original blockchain that got exploited.
Yes! This is exactly the premise of Jeff's essay [1] that I mentioned in comments below.
This gets messy fast when there is an issue and even worse is that there isn't a published plan for how to deal with things when they do come up. Everyone is betting on it all executing perfectly and given the complexity and value at stake here, chances are that at some point now, or in the future, it won't go well.
Switching to an entirely new consensus model, that has never been done before, is complicated and a big reason why it has taken as long as it has.
Furthermore, there is a giant target (huge sum of money) on ETH's back now. If you had an exploit for PoS, why would you reveal it early?
As the person below also states... they could just fork and fix things, but this time, it will be a lot harder to do so without entirely destroying the value of ETH.
This is a massively risky venture that takes more than just hope and prayers. As we've seen in many many hacks over the last few years, even the most competent developers can miss something crucial.