[aphextim]

When I was toying around with mining some alt coins with GPUs a few years back I had the thought when joining a mining pool on say supernova, what is to prevent someone from doing an attack and convincing the pool to send my coins to them instead at a level 'under the hood' and beyond my understanding. Or get the entire pool to act in a way that is for their own personal gain.

I know there had been guides on how to set up your mining rigs, setup the batch files etc. These were all guides written by other people and I could see how in this newly created space there was room for nefarious actors to try to convince people to mine in a pool, but not give them the rewards they deserved or scammed them in some other way.

I also thought about someone hacking entire pools' hash-rates to be used for their own purposes rather than trying to figure out the next block on whatever chain it was running. This would allow someone to 'steal' the hash power of expensive rigs and redirect the power to their own wallets.

My understanding of all these protocols is very limited to what is regurgitated from others. When it comes to reading the bitcoin whitepaper I was only able to comprehend up until section 11 on page 6 where it got into the calculations, at which point I got lost as I am not that good at math.

Thank you for the insight.

[hinkley]

If you kept all of the coins from a pool, you'd be caught.

But would I ever know if you lied about the pool's GH/s rate and kept half of the coins?

[RL_Quine]

You can probably assume that most pools are skimming or cheating in some way, they'd never be caught.

[labawi]

Not going to claim they aren't skimming, but is it not possible to calculate expected number of blocks from declared GH/s, expected earnings from user provided MH/s and tell if the pool is excessively "unlucky"?

[hinkley]

Yeah I thought of that too after posting. I think it comes down to how transparent the pool is with their data.

The obvious thing to do would be to tell everyone that my 500 GH/s pool is 400 GH/s, and reward everyone an 80% share on every hash. If you're sophisticated enough you might notice that my pool is mining blocks about 25% above what you'd expect, but how many data point do you need for that, and it's statistical, so I'll have runs of good or bad luck.

Another option is to dilute the pool of contributors, but again you might be able to detect that either I'm misreporting your hash rate, or the sum of all contributions doesn't line up.

Assuming I give you enough tools to figure any of this out.

[labawi]

If you report the pool's hash rate as lower, the users should demand a higher fair share, as they know their own hash rate.

Either way, if a user knows his hash rate, he can calculate expected earnings and their presumed share. You could fudge a bit, but go too much, especially on a large pool, and it will be apparent. There are probably lots of users doing calculations, willing to call you out.

[hinkley]

> If you report the pool's hash rate as lower

err, right. If you want to convince people they're getting a fair share, you have to downplay their contributions, and since they know what they did you have to make the pool bigger, not smaller. How long would it take to notice someone was fluffing the pool by 10%?