Steem blockchain multivote security vulnerability

Steem blockchain has been purposefully designed with 30for1 or multivote security vulnerability.

In essence, multivote vulnerability centralizes blockchain and poses security risks, blockchain disruptions and loss of funds.

Description

Each steem power (SP) owner can cast 30 votes on witnesses, i.e. choose up to 30 representatives. Simplifying, 1 SP allows casting 30 Sp worth of votes. At first, it looks as it allows to cast votes on more representatives (witnesses) and helps to decentralize blockchain, but in fact, it allows for an individual or a small coalition to govern the blockchain with a minority stake.

Exploitation

The most distinctive use of the exploit was steem blockchain hijack carried out on the first week of February 2020, when apparently customers funds were used by Poloniex, Binance & Huobi exchanges to change all 20 top Steem witnesses; new witnesses run a new 0.22.5v software, freed ninja mined tokens purchased by the Tron owner, destabilized blockchain and disrupted hundreds of services. New witnesses also provided not up to date price feeds. We can assume multivote vulnerability was previously used by some established witnesses to their advantage, either willingly or unconsciously.

Mechanics

Let's assume A ownes stake worth 10, B stake 4, C stake 4, D stake 4, E stake 3, and F stake 1.

Screenshot from 20200304 231803.png

We choose 3 primary representatives {W1, W2, W3}, who hold the true power and a number of reserve ones. Each vote can be used 3 times, i.e. 3 representatives (witnesses) can be voted). The rule allowing to vote 3 times with each voting unit leads to centralization of the power:

Screenshot from 20200304 231822.png

Either dictator A or a coalition {B, C, D} takes all 3 primary witnesses. If B, C, D... cannot form a coalition, A takes all spots, despite B, C, D... having the majority of votes. If B, C, D... can find an agreement and form a coalition, A, despite having almost 40% of votes, will have no representatives. This holds true whether we choose 3 or 20 primary witnesses, as long as we have more vote uses than number of primary witnesses, i.e at least 3 (as in the above example) or 20 uses (as in steem blockchain, where we have 30 uses) for each vote.

Solution

A simple solution is to allow only one use for each vote (SP, voting power). This allows more parties to have representatives and promotes decentralization.

Screenshot from 20200304 233353.png

Now A can divide his stake into two parts, but, even if B, C, D... are in disagreement, he cannot take full control of the blockchain. (top table). If B, C, D... can form coalitions, they can choose a majority of representatives (witnesses), in line with the majority of stake they own. Still, A cannot be easily pushed out and can still have his representative.

Conclusion

Steem blockchain multivote security vulnerability allowed for serious disruptions of blockchain governance & functionality in February 2020. Removal of voting redundancy will prevent oligarchy or dictatorship ruling of the blockchain and will allow further decentralization. One account must be allowed to vote only one witness.