> so you would need to borrow around 5 billion USD in order to make this attack work.

If you were about to find someone to sell you $5B in ETH at spot price. In reality you would need much more than this.

Indeed, this is true. I was also assuming you would be buying the ETH from other stakers (if not, you would need $8B in ETH at spot price) and that you as an attacker have the ability to make the network desynchronous (if not, you would actually need 1/2 the total stake rather than 1/3). These are just generous assumptions that give us a lower bound on how much money it would actually take to attack the network.

> If you reached 1/3 of the total stake on the network, you would be able to screw up consensus and make conflicting blocks both appear to be finalized, just as a 51% attack on a PoW currency

And if you did that then all your stake would be automatically destroyed. It's as if a 51% attack on PoW caused your mining rig to burn down.

Semantics on "mis-verify," maliciously verify same-nonce transactions if you prefer.

Using the below language to discuss a threat model vs. implications of my tinfoil hat existing or not...

5B USD for an attack isn't a major barrier though to an actor looking to attack ETH, though. Are you implying that it is?

For reference, some of the crypto-lenders have around 15B USD-equiv under deposit, and they're fairly small stakes wrt capitalization of possible attackers of ETH.

The issue I point out and don't hear discussion on except stuff like you've posted is that it's significantly easier to acquire 5B USD to DoS a PoS network, than it is to acquire enough hash rate and lag time due to physical data center constraints to do something equivalent POW. PoS might be secure-enough, but it's not just a clean, environmentally better but security equivalent swap out for PoW.

The assumptions seem to be that the attacker would want to do it to take over and their coins will be deleted when caught, that there are protocols in place to recover consensus if this happens based on community involvement, and lastly that an acquisition of that much ETH would be noticed before an attack. Take these together, and security risks of PoS are controlled.

But that's fairly narrow minded wrt adequate risk controls and actually considering the threat model

- Cost to do it: 5B to DoS ETH into a consensus-rebuild isn't a high barrier to entry.

- Goals of an attack: There are plenty of attackers that would be happy just DoS'ing it vs. winning consensus on their chain version for DSs or what have you.

- Has this been done: there's more than enough precedent out there of acquiring 5B covertly, especially with a derivatives market in place. Easy example is across multiple crypto lenders aggregate enough ETH derivatives that can be converted to the underlying, convert in unison, and 5B of ETH suddenly lands. This is already sort of how it's done in normal corporate finance.

- Community involvement in a recovery: I'm really skeptical of the community-driven recovery mechanism. Tezos/EOS and similar already had a lot of trouble making this approach to consensus fixes work because of basic voter participation challenges. It sounds more like a few key nodes will drive a fix like in the DAO, and then this starts to look fairly centralized. Not a bad thing as it will fix chain problems, but again not a clean 1:1 swap for PoW security guarantees.

Final point - "well there must be someone thinking of the risk modeling here in PoS and accounting for it, Ethereum has smart people working on it" The reality is that protocol-level security research beyond the 51% consensus research and strong cryptography is really, really lightly done. This was a main topic of MIT Bitcoin Expo's Keynote this year, actually. PoW took 30 years of research and some luck during BTC's early days to identify that it could actually secure a chain. PoS does not have that history yet.

The edit - when I ref 5B USD, I'm implying the ability to convert it into equiv ETH. This is still doable as the market isn't that illiquid, and if you spread out the balance over a N-nodes until you aggregate for the attack, attributing that to a single attacker is very hard to do.

> 5B USD for an attack isn't a major barrier though to an actor looking to attack ETH, though. Are you implying that it is?

Well 5B USD may not be an impossible sum for some corporations and nations, but for some actors this is a barrier, yes.

I'm not necessarily trying to say such an attack is out of the question, I'm just trying to elucidate the question of the difference between PoS security and PoW security. I'm not convinced that your argument about the possibility of a covert accumulation of staking power does anything to distinguish PoS from PoW. You could just as easily invest that 5 Billion to build a chip fabrication plant, use that plant to covertly build ASICs, and surprise the Bitcoin network with a 51% attack.