STAKESURE: Proof of Stake Mechanisms with Strong Cryptoeconomic Safety
Soubhik Deb, Robert Raynor, Sreeram Kannan
TL;DR
This paper addresses the apparent mismatch between on-chain value security and stake by formulating cost-of-corruption and profit-from-corruption as core cryptoeconomic safety metrics. It introduces the Corruption-Analysis Model to separately analyze minimum attack costs and maximum exploitable profits, and shows that slashing can raise attack costs while refining profit bounds by focusing on vulnerable, hybrid transactions within a reversion window $T_{rev}$. A secure confirmation rule $\Pi_{sec}$ is proposed to reduce exploitable value during reorgs, and a novel insurance mechanism, STAKESURE, reallocates slashed funds to insure transactors, enabling strong cryptoeconomic safety and safer bridging. Collectively, these contributions yield a framework for robust PoS security with a self-balancing, crash-resistant economic layer that protects honest users, supports insurance-backed liquidity, and guides practical deployment in environments with cross-chain interactions.
Abstract
As of July 15, 2023, Ethererum, which is a Proof-of-Stake (PoS) blockchain [1] has around 410 Billion USD in total assets on chain (popularly referred to as total-value-locked, TVL) but has only 33 Billion USD worth of ETH staked in securing the underlying consensus of the chain [2]. A preliminary analysis might suggest that as the amount staked is far less (11x less) than the value secured, the Ethereum blockchain is insecure and "over-leveraged" in a purely cryptoeconomic sense. In this work, we investigate how Ethereum, or, more generally, any PoS blockchain can be made secure despite this apparent imbalance. Towards that end, we attempt to formalize a model for analyzing the cryptoeconomic safety of PoS blockchain, which separately analyzes the cost-of-corruption, the cost incurred by an attacker, and the profit-from-corruption, the profit gained by an attacker. We derive sharper bounds on profit-from-corruption, as well as new confirmation rules that significantly decrease this upper-bound. We evaluate cost-of-corruption and profit-from-corruption only from the perspective of attacking safety. Finally, we present a new "insurance" mechanism, STAKESURE, for allocating the slashed funds in a PoS system, that has several highly desirable properties: solving common information problem in existing blockchains, creating a mechanism for provably safe bridging, and providing the first sharp solution for automatically adjusting how much economic security is sufficient in a PoS system. Finally, we show that the system satisfies a notion of strong cryptoeconomic safety, which guarantees that no honest transactor ever loses money, and creates a closed system of Karma, which not only ensures that the attacker suffers a loss of funds but also that the harmed parties are sufficiently compensated.