| Good points. Tendermint aims to be a general purpose consensus system - how the validators are actually chosen and changed is outside Tendermint's domain. All Tendermint wants to know is an initial set, and leaves it up to the App to tell it how the validators should change with every block. You can build PoS at the application level, if you need it. This is what we're doing with https://cosmos.network/. With every block, the application can decide, according to its particular PoS design, how the validators should change. There's actually no reason you couldn't build a Tendermint app that determines who the next validators are based on PoW they did and submitted as a transaction. Not quite the PoW we're used to, but it shows Tendermint is quite flexible. That said, a 2/3 coalition of the current validator set always has complete control on what goes in the blockchain, and a 1/3 coalition can halt it - we can't bail out of that without a hard fork. Note PoW is also only safe in a synchronous network, though it hedges this with an economic random lottery. Of course PoW guarantees a thermodynamic immutability that nothing else can. Tendermint isn't inherently economic, and is safe so long as <1/3 of the validating power is malicious, even in asynchronous networks. That's what Jepsen shows here (well, fails to disprove). Arguably, Tendermint is most useful as an analog of Paxos/Raft but in a multi-stakeholder, or otherwise more adversarial, setting. We aim to prove it's also useful for structuring global financial systems and scaling cryptocurrencies :) |