In ChainNode White Paper decryption Book Club 01 events, more than a senior fellow at the original chain Qiu Shan lead the collar reading "MOV: next to the center across the chain Layer 2 value of the swap agreement," White Paper, it has been the concern of many fans, which gentledog reading posts "Some Thoughts MOV ombudsman system" won first place in reading activities.
Text as follows:
According to the white paper, MOV ombudsman has a duty to prevent the side chain of evil. I wonder if there are loopholes in this system do? After some thought, it seems that there are several ways to attack: 1, the copy transaction attack ombudsman found the problem and initiate a transaction in the main chain, someone get the deal content, increase fees to the network or directly to conceal this transaction, and then initiate a transaction sum of the same content to steal the fruits of labor inspection officer. In this case, the ombudsman can get benefits almost zero, or even negative, so there would be no incentive to inspected. Such attacks are responses. One thing that perpetrators can not be copied: purse address! Can take the proposal (commitment) + evidence of mode, ombudsman may be submitted commitments (+ hash value data purse address), and so block confirmation, and then publish the data (address can not publish wallet). This would compare the perfect solution to this problem. 2, when the evil pretending to attack the gateway node loss when a reward is greater than the perpetrators suffered side chain, may take such attacks. Side chain of the perpetrators can pretend to do evil, then the first to submit evidence of collusion ombudsman evil, cheat award from the gateway node, when the reward is greater than the punishment of the perpetrators received, the perpetrators will profit. This attack illustrates, the gateway node a reward is capped, it can not be greater than the punishment of the perpetrators received, not necessarily to the degree of evil peers. 3, DOS attacks when the side chain of evil and the huge amount of time involved, garbage transaction initiated on the network, temporarily blocking network, making the ombudsman to monitor the cost is far greater than the reward he could get (due pretend evil attack, the reward is limited, it not with the degree of evil, etc.), once the controversy of the past, the perpetrators would have succeeded. DOS attack is not impossible (see Ethernet cats and EIDOS dropped), the perpetrators can choose to attack when the network congestion to reduce costs.
先撇开DOS攻击不谈,下面试从经济角度分析巡查官制度。先取一个观察时间段,设在这个观察时间段内,巡查官的巡查成本为U,网关节点的奖励为V,作恶者被举证时遭受的损失为R,作恶成功时获得的收益为S,作恶者作恶的概率为p,巡查官的平均巡查人数为q,某单个巡查官巡查的概率为t。这里假设巡查官的机会是均等的,即当巡查官的巡查人数为q时,成功举证的概率为1/q。则某单个巡查官和作恶者的博弈如下图: 
则某单个巡查官的期望支付为 
在完全竞争的条件下,某单个巡查官的期望支付应当接近于0。由此可以推算出
。 由此可以得知,当
时,q=0。 进一步的,我们可以计算作恶者的最佳作恶概率。这里不妨设
且
,于是
,
。 则作恶者的期望收益为 
在区间
上,该式单调递减。所以,在
处取得最大值。 所以,作恶者的最佳作恶概率为
,此时无人巡查!
上述的“观察时间段”是指一个充分小的、不可分割的时间段。如果是一个较长的时间段T,怎样计算作恶概率呢? 这里设巡查官在单位时间内的巡查成本为u。 将时间段T等分为n(充分大)个小时间段。则每个小时间段内的作恶概率约为
。则n个时间段内作恶发生的概率约为
。 
所以,在较长时间段T内,作恶发生的概率为
。
我们可以得出以下结论: 1、巡查官制度可以减小侧链作恶的概率。 2、侧链作恶的概率与巡查官的巡查成本U和网关节点的奖励V有关,减小U或增加V都能减小作恶的概率。 3、侧链作恶的概率与作恶成功时获得的收益S无关,也就是说减少侧链上托管的资产无助于减小作恶的概率。 4、侧链作恶的概率与作恶者被举证时遭受的损失R无关(如果忽略V≤R的关系),也就是说在不增加网关节点的奖励的前提下,只增加侧链运营者的保证金无助于减小作恶的概率。 5、由于假装作恶攻击,网关节点的奖励V无法无限增加。巡查官的巡查成本U也无法无限减小。巡查官制度无法杜绝作恶的发生。
作者:gentledog