[ryebit]

What would a successful attack even look like?

My understanding was that malicious validator has to publish votes for two different blocks in one round; which then can be used to slash them. Unlike PoW they can't "sit" on their second vote, because voters are known ahead of time, and once vote is done, opportunity is gone.

They also can't choose transactions to go into block unless they're the proposer, so that's only time they can control whether attack will even benefit them.

So they'll have to wait to get randomly assigned as proposer, in a committee where they control enough of the other randomly selected validators, and have pending txns at the ready to double spend (while receiving party has been sitting waiting for funds).

And even then, won't that just create a fork where the minority of the validators recognize the double vote, and slash them anyways? And what users / services will stay w original fork given that proof?