[gvhst]

They claim (via formal verification, I cannot speak to their threat model with much accuracy) that they are able to achieve the same or better security properties as ETH 2.0 without lockups (staked funds earning income are like demand deposits) or slashing (penalties for bad behavior / bad network performance).

The project as a whole (Cardano) has some other notable advantages. Personally, it has a built in governance system which actively funds projects / improvement proposals paid for by some of the block rewards & fees. Cardano just had their first round of voting and funding which gave in aggregate $250k to a variety of projects [0]. Funding batch sizes are expected to grow to $10 million dollars a year in 2021 (at current prices). This is where I'd draw the largest difference between ETH 2.0 and Cardano (the project which developed and uses Ouroboros)

[0] https://iohk.io/en/blog/posts/2021/01/12/project-catalyst-th...

[DennisP]

Without slashing, I'm wondering whether they've adequately accounted for attacks motivated by extraneous factors, rather than simply for profit within the system. The abstract says "we prove that, given this mechanism, honest behavior is an approximate Nash equilibrium," but does that still hold if an attacker has shorted the coin?

With slashing, even if someone finds it advantageous to attack, you quickly take away their ability to attack.

(I haven't yet read past the abstract, so for all I know they do address this.)

[ilap]

It is much more complicated. First, Cardano use in-house built pull based network layer, so the attacker cannot exhaust your node even cannot do some resource attack against it, and even if some attacker is connected to your node and do some nasty stuff that causes protocol violation, it is just simply discomnected and dropped out of the 1000 cold list of other nodes in the aueue, and needs to wait a lot of time to rebuild its reputation. Anyway, it is very complex with a lot of mitigations of these kind of attacks. Secondly, you need money lot of money and bribe almost 500 pools (assuming nash) to be successfully alter the chain, it is like bribe 500 bitcoin miner pool from a theoretical 1000 evenly distributed hashpowers bitcoin miners/pools.