Exciting to see the fast progress of the validator community! I have been working on a risk assessment for validators, inclusive of everything it should take to run a validator. Please check it out: https://bubowerks.io/blog/2018/08/03/risk-assessment-of-cosmos-tendermint-validators/
I would appreciate any feedback before the next step: figuring out the best means of dealing with each of the threats presented.
In the process of looking at the risks, I came up with something I’m dubbing the Stake Flip Attack: https://bubowerks.io/blog/2018/08/08/stake-flip-attack/
Basically the idea is that an attacker could delegate some of their stake to a legitimate validator(s) and then pull it out when they want to elevate their validator. It doesn’t decrease the amount of stake an attacker would need to take over the network, but would be a rather unexpected way to promote a validator, so it is worth thinking about. Probably the more general question is: how does Cosmos Hub intend to prevent a very resourceful attacker (think nation state) from buying enough stake to get over two-thirds voting stake in the network, especially if they do so through many separate entities?
Thoughts on both the risks in general and the stake flip attack appreciated!