EOS Block Producers Ordered to Freeze 27 Accounts

Francisco Memoria
  • 23 Jun 2018
  • /
  • In #EOS
  • EOS' 21 block producers were ordered by a body created to resolve comunity disputes to freeze 27 different accounts.
  • The order saw various users question the crypto network's decentralization.

EOS, the cryptocurrency whose multi-billion-dollar blockchain recently went live, is currently embroiled in controversy as the EOS Core Arbitration Forum (ECAF), a body set up to resolve community disputes, recently ordered its 21 Block Producers (BPs) to freeze 27 accounts.

The move, which came through an “Emergency Measure Protection Order,” directed the block producers to stop processing transactions from the 27 accounts, and notably didn’t explain why, as it claimed “the logic and reasoning for this Order will be posted at a later date.”

The Order, dated June 22, was signed by Sam Sapoznick, in the capacity of interim emergency arbitrator. This isn’t the first time EOS’ block producers were ordered to freeze accounts, as a few days ago they had to freeze 7 accounts associated with scams.

While it isn’t clear why the freeze on these 27 accounts was now ordered, various users believe they’re associated with phishing scams that took advantage of users when it was still unclear how to vote, before the cryptocurrency’s mainnet went live.

It’s worth noting EOS’ approach to governance is new in the crypto space. The network is designed to deal with a high transaction throughput, and as such doesn’t use bitcoin’s proof-of-work (PoW) consensus mechanism.

Instead, it uses a delegated proof-of-stake (DPoS) consensus mechanism, that sees holders vote to elect 21 block producers, which are responsible for maintaining the network. Seemingly, this gives them power to censor transactions and freeze accounts.

As some critics pointed out, this move questions EOS’ decentralization, as a group of entities has the power to freeze accounts without even giving the community a proper explanation as to what is going on. Supporters, on the other hand, note that it’s good to weed out bad actors.

Some critics compared the move to civil asset forfeiture, which sees law enforcement seize private property based on the suspicion that a crime has been committed. These types of moves make it clear EOS is unlike Bitcoin, which some argue rose to prominence because of its decentralized, permissionless, censorship-resistant nature.

Industry veteran Charlie Shrem slammed ECAF’s supporters who argued the move was necessary for mass adoption on Twitter, arguing that if someone has the power to freeze accounts and control others’ money, then mass adoption isn’t desirable.

At press time, it’s unclear whether the 21 EOS block producers – one of which is cloud mining company Genesis mining – will comply with the order and freeze the accounts.

Block.one Conceptualizes Passwordless Authentication & Authorization System

Block.one, a Cayman Islands-registered firm that publishes open-source software and protocols for EOS, one of the largest platforms for deploying enterprise-grade decentralized applications (dApps), has argued that “current methods of authentication suffer” from the “Hearsay Problem.”

Explaining what Hearsay means, in general, Block.one noted in its blog post, published on April 17th, 2019, that Hearsay is “any information received from one party about the statements or actions of a second party that cannot be adequately substantiated.”

Current “State-Of-The-Art Methods” Of Authentication May Not Be Reliable

Block.one also noted in its official blog that its stance on this matter is that “all information sourced from systems which rely on current state-of-the-art methods of authenticating users would qualify as mere hearsay if any of the involved parties were to call the validity of the information into question.”

Going on to mention that this “characteristic is referred to as repudiability,” which is a property whereby a statement’s claim or validity can be rejected, Block.one’s post explained that “two primary factors” could potentially “lead to this characteristic of repudiability.” According to Block.one, the “first factor is an authentication scheme that requires disclosure of a secret in order to validate the possession of that secret.”

For instance, “security schemes” such as “passwords” which are “subject to this factor,” make it “impossible to create logs of user activity that are verifiable by anyone other than the party and the counterparty,” Block.one’s blog stated. Moreover, the software publisher’s post noted that the “second factor is the lack of means to prove that the data within a system that actually represents the intent of the user,” which results in another issue, referred to as “The Blank Check”.

“The Blank Check” Problem

As mentioned in Block.one’s blog, the “Blank Check problem is present in any system that can take action on behalf of the user without needing the user’s explicit consent on that specific action.”

This same problem “is also present if the means of capturing the user’s consent is anything short of a log of proof that the user was informed of the implications of every individual action and explicitly consented to each action,” the software development firm wrote.

“Nothing Preventing Banks From Liquidating Or Locking User Funds”

From strictly a technical perspective, Block.one believes “there is nothing to prevent your bank from liquidating or locking your funds, and there would be no means of proving any wrongdoing, as the Bank could fabricate records of seemingly legitimate transactions. This would no doubt pose grave consequences that affect many stakeholders in a material way.”

These issues can be attributed to “the lack of provable auditable logs,” Block.one claims. It adds that technologies which “address this fundamental shortcoming” on existing platforms are not designed to be user-friendly.

According to Block.one, systems that “rely on passwords” for authentication and authorization are “subject to the Hearsay Problem and the Blank Check problem.” In order to provide robust security, while accurately determining whether a user should be allowed to access a system, Block.one proposes creating what they refer to as the “Pass Manager.”

Pass Manager: Ultimate Authentication And Authorization System?

As described in its blog post, Block.one noted that a Pass Manager could be implemented using “a blend of technologies [that could] work in tandem to produce superior security and usability for users, including cryptographic signing, hardware keys, and biometrics for credential security, as well as a transport-agnostic protocol for portability.”

Creating Non-Repudiable Logs

Going on to describe how an actual Pass Manager-enabled system would work, Block.one stated that “anytime a user’s consent is sought by a Pass Manager, human-friendly descriptions of the action should be shown to the user, and that description (or a cryptographically verifiable derivative of it) should be included in the signed response from the Pass Manager.”

The software publisher further noted that the “use of keys means that logs are non-repudiable and can be verified by third parties, and the inclusion of the human-friendly description in the signed response can serve as proof of the user’s intent. These characteristics solve both the Hearsay and Blank Check problems,” Block.one’s developers claim.

As explained, a Pass Manager-powered verification system would not require users to input passwords - which would arguably make the authentication and authorization process more secure.