Celeste — a brief primer

We can’t currently force them to use Honey for this part of the process (technically speaking) and I’m not sure it’s of much benefit if we could. In the future we expect there to be many Garden DAO’s which copy the 1Hive model, for them to function they will need their own token, and I think they should be able to choose to use their own token as collateral for these actions.

1 Like

Oh well, just thought since celeste is a product of 1Hive we could find a way to make users have some exposure to HNY, i don’t know maybe make them stake some defined quantity or something. But i totally get it if they are allowed the freedom to use their tokens.

To have Celeste decide on the outcome of a dispute, Honey must be paid.

2 Likes

As I understand, decisions that benefit community, will be passed, because of majority of votes.

How will one know if it is the best interest for community?

@lkngtn Luke… mate always is great to read your posts. I have a few questions now that Celeste is actually released and I have been exploring it a bit:

  1. I know you suggested use of BrightID is going to limit how much individuals can stake - but considering the general convo i have had in discord with regards to the 1Hive faucet being gamed as a result of people exploiting BrightID by possibly creating multiple accounts… Do you think this leaves an attack vector open? What is the consequence and how much trust are we placing on BrightID for our sybil resistance?
  2. So I can already see that with my really small HNY, I will not be an ‘Unlikely’ chance to be picked up to arbitrate or vote, what if someone does make a proposal and have enough HNY in multiple accounts to almost guarantee on a few attempts to be able to game the system? (Like the current proposal #2 - I know luigy probably is just having fun testing it - but what if a malicious actor actually pulls it off due to our reliance on BrightID)?
  3. What other ways can be looked into to have sybil resistance?

@CurlyBracketEffect - mate it was great to be part of the 1Hive AMA you did with Luke, I could see another AMA specifically for Celeste and going through a proposal and getting it through Celeste while talking about the attack vectors and how resistant we are currently to these would be great for the community! hahaha… no pressure … just saying!

1 Like

I asked similar questions when we were doing testing for Celeste. From what I understand it would be financially infeasible for a bad actor to pull something like this off. The likelihood of a Keeper being selected for a dispute is based on the amount of Honey they have activated, as you mentioned. So a malicious actor would need to control enough BrightID accounts with enough Honey activated in order to have a chance to pull this off. My numbers may not be exact here but should provide an illustration, roughly speaking they would need to control 50% of all the Honey activated in Celeste in one account just to give them a 50% chance for ONE of their accounts to be selected as a Keeper for the dispute that is dealing with their proposal. Keep in mind that in the first round there are 3 Keepers selected and there needs to be a plurality in order to decline or accept the dispute. So a malicious actor would then need to have 100% of the funds activated in Celeste in order to give 2 accounts 50% chance each of being selected. At which point surely they would be able to pass the first round, but in this scenario, there are a couple of other things in question:

  1. How can a malicious actor have 100% of all the activated funds in Celeste? ie Where are all the “good actors”
  2. Even if they were able to get that much Honey, they would have bought so much that the price would have gone hyper parabolic.

And this would be for just the first round. If they were able to do that then any other good actor could come along and dispute the result again. Which both parties would then need to lock more funds, and another round would start, this time 9 Keepers would be selected (3x the first amount). This would make it even harder for the malicious actor to ensure they had enough Honey activated across enough accounts to get a majority of the Keepers selected. If somehow they were able to deny the dispute again, it can be disputed a 3rd time with 27 Keepers (another 3x), making it harder again still. Lastly if they somehow, against all odds, were able to pass that round, we dispute again and go to the final round where everyone gets selected as a Keeper and surely there would be no practical way for them to have enough Sybil accounts to sway that vote.

This was a fun little thought experiment, but in fact, there is another reason why a malicious actor would not be able to pull it off, and that is because there is a maximum amount of Honey that a single account can activate. This is based on some maths that I am unsure of, but I know that the maximum it could ever be is 30HNY and decreases as the total amount of Funds activated in Celeste increases. When put in those terms a malicious actor would need to control an immense amount of Sybil accounts each with the maximum amount they were able to activate, and that would only give them a mediocre chance of pulling it off. This maximum stake is enforced using BrightID. It would be easy enough to prevent a single ETH address from staking more based on the same rules, but it’s quite easy to create ETH addresses, so BrightID adds an additional layer. The malicious actor would need to take an extra step for each Sybil account they wanted to use in the attack.

Yes, the faucet was able to be gamed, which is part of the reason why it will not be supported anymore. However, there are also talks of creating our own 1Hive specific BrightID verification algorithms so that it would become even harder for a malicious actor to even be able to sign multiple accounts up for Celeste in the first place. This will come in time. As it stands BrightID doesn’t ensure 100% Sybil resistance, but it certainly increases it.

Considering how improbable it would be for a malicious actor to pull off this kind of attack I would suggest that they just buy a lottery ticket instead…probably better odds lol

2 Likes

Thanks! I am definitely down to do more of them, and yeah Celeste would be a great topic to dig into more. As well as the other swarms that we have going. Lot’s to cover. Keep an eye out for the next installment.

1 Like

Thanks bud… That’s was a really detailed explanation… I guess I get that it will become progressively harder for malicious actors as more and more HNY is activated… But right at start there seems to be a small window that could be exploited…! I guess as it says it’s probabilistic and we assume most actors are normally not malicious and hence we can trus iltye mechanism enough to keep Celeste fair! I will also be looking out for any future AMAs… If i can will help out with newbie questions based on the topics… Just @me in discord or DM.

It seems you’re not the only one who thought there was a window of opportunity early on in the system’s life, judging from the proposals submitted right after it went live :wink:

Haha… interesting i thought there was only the 1 proposal by lemon which was funny anyways. Was there others also following lemons path? I did not know that. Off to 1Hive to see what other new proposals have been made!

I deposited something of my son in celeste but I do not understand much what can be done there. how long does it take to be a guardian?