A comprehensive overview of the technical details and underlying reasons for ETH Merge and ETC migration

Written by: @0xTodd, Partner at Nothing Research

First of all, does ETH meet the conditions for a fork?

It basically does not, because the value of the ETH network is not just the Ether coin, but more so the tokens built on it. If a PoW fork is retained, it can only be said that the new Ether coin might still have some value, but USDT, USDC, etc., would basically be worthless, because if you were Tether or Circle, you would definitely choose to follow Vitalik.

What is the process of the Merge like?

If we roughly divide it, ETH can be split into two layers: the consensus layer and the execution layer. The former is similar to leaders in a company, while the latter is akin to employees. A batch of new leaders (PoS nodes) parachutes in, replacing the old leaders (PoW miner nodes), but the employees (EVM) remain the same, as they are only responsible for execution. Therefore, as a user, you wouldn't feel any difference.

So what happens if PoW refuses to upgrade the client?

Some may ask, what if the old leaders refuse to leave their offices? Refer to the previous president in "People's Servants" who just wouldn't leave. The difficulty bomb is the solution to this problem; theoretically, if PoW refuses to upgrade the client, the ETH PoW chain will become increasingly difficult to mine, gradually increasing from the current 13 seconds per block to tens or even hundreds of seconds.

What happens if mining slows down?

As everyone knows, in a distributed system, the longest chain is the valid chain. With the difficulty bomb in place, the old client cannot outpace the new client. The PoS ETH standard is 12 seconds per block, which is fixed, so TPS also slightly increases.

So can't the old PoW miners just upgrade to the new client and mine hard?

No, because there is a field in the ETH block called "ommers," which has been set to 0. Additionally, the original difficulty field has been changed to random. This means that there will be no block difficulty in the future; blocks will be randomly produced among validators.

Wait, how is this randomness generated?

If you hold 32 ETH, you can become a validator. Then, every 12 seconds, the network randomly selects a healthy node to package a block (previously, it was about who could compute the hash the fastest, so the KPIs for the consensus layer have changed).

Is this randomness really random?

Unfortunately, it is not truly random. Although blockchain hashes are often used for lotteries, in fact, such distributed systems cannot produce true randomness because miners can control the generation of hashes.

So how is the random number problem solved?

Thus, ETH is also looking for solutions. In the fifth phase after the ETH merge, called splurge, Ethereum will adopt VDF technology (verifiable delay function), which will allow for true random numbers to be easily obtained, thus completely solving the random selection problem for PoS.

Will there still be mining pools in the future?

I think there will still be. Currently, there are 410,000 nodes on PoS ETH. This means that on average, if you have 32 ETH, you can expect to randomly get a block once every 56 days (410,000 * 12 seconds). And everyone has learned probability theory; this 56 days is just an expected value without a guaranteed minimum. Therefore, joining a mining pool to share profits is a good choice.

What is the annualized return for participating in ETH PoS mining?

Overall, the expectation is around 5%, but considering fees, it might reach around 9%. The general rule is that the more total ETH staked, the higher the total yield, but the income per validator decreases, and this curve is nonlinear.

Back to the fork, if one must fork, how should it be done?

First, take a snapshot, then restore the fields that were deleted, and then persuade the miners to join. Miners indeed have nowhere else to go, but if the income from the new chain's tokens cannot cover electricity costs and GPU depreciation, it will not be sustainable.

How much is the new chain's token worth?

Frankly speaking, it depends on the exchanges. If an exchange is willing to list the token, then even if the project is terrible, someone will buy it. I hope exchanges remain honest and calm. Referencing BCHA, which has no backing, still has a price simply because it was listed on exchanges. If the new chain's token is not listed, its value will be very limited, and miners will quickly shut down.

What about ETC? Will miners go to ETC?

They definitely will. However, the capacity is very limited.

Always remember, it is the price that guides the hash power, not the hash power that guides the price. Bitcoin is strong not because it has many supporting miners, but because Bitcoin is valuable, which is why miners are willing to support Bitcoin to cover their electricity costs. Otherwise, BCH would have flipped BTC long ago, considering it had so many miner supporters back then.

What is the limited capacity of ETC?

ETC has a hash rate of 25 TH/s, while ETH has 924 TH/s, roughly a 1:37 ratio. Currently, ETC is priced at 32, while ETH is priced at 1600, roughly a 1:50 ratio. So this capacity is really small. If forced in, the payback period would be very long. ETH GPU mining rigs consume less power than Bitcoin, so the price drop is not as severe as BTC, making it possible to mine ETC, but it’s very competitive.

Unless…

Unless ETC can rise to four digits, then ETH hash power can completely shift over, and the payback period remains unchanged.

But…

Yes, there are definitely buts; this is a chicken-and-egg problem. The price guides the hash power; if the price doesn't go up, the hash power cannot come.

So what does ETC rely on?

To be fair, ETC is the real ETH (just kidding). But honestly, ETH is the chain that forked off; the original thing created by Vitalik is ETC, which is why it is called classic. Due to the DAO incident, which you can look up if interested, ETC decided to roll back a hacker's transaction, which is how ETH was born.

Does ETC have EVM? Is there DeFi?

Yes; yes.

The EVM on ETC is exactly the same as on ETH, after all, these two were once one. However, the ETC network is very vulnerable to attacks, which is why the DeFi ecosystem has always been lukewarm. Currently, the total TVL on ETC is around several hundred thousand dollars, mainly consisting of two swaps, which is quite small.

Why is ETC vulnerable to attacks?

Because it uses the same type of mining rigs as ETH, and hash power can be rented on some platforms. Therefore, as long as a hacker rents 1% of ETH's hash power, they can easily reach the threshold for a 51% attack on ETC. Moreover, there have indeed been multiple attacks on ETC in the past.

How do attacks happen?

This is basic knowledge of PoW blockchains, called double spending. For example, I use 100 ETC to buy your antique vase. Then I rent hash power to regenerate blocks, ensuring that the regenerated blocks do not include the transaction "I sent you money," and then it becomes the longest chain. Thus, my ETC is not sent to you, and both my ETC and the antique vase remain with me, leaving you at a loss.

How much does it cost to attack once?

If you rent hash power from Nicehash, attacking ETC for a whole day would cost about 20-30 BTC. So, you wouldn't dare to engage in DeFi on it; who can tolerate a blockchain that frequently rolls back? Currently, exchanges require several hundred blocks for ETC deposits to be confirmed, but I think even several hundred confirmations might not be enough.

What would happen if a large amount of hash power flooded into ETC?

It would improve the fundamentals; if a large amount of hash power flooded into ETC, it would indeed be beneficial for ETC. However, the premise is that the secondary market must be willing to buy into it.

You will find that we have entered a strange loop. To get the secondary market to buy in, you need an ecosystem; to have an ecosystem, you need security; to ensure security, you need high hash power; to achieve high hash power, the secondary market must buy into you.

PS: This is basically consistent with the logic of the ETH PoW fork, with not much difference (mainly because I can reduce one thread, haha).

What about attacking ETH? What are the costs?

Attacking PoW ETH for an hour, according to https://51attack.info/, would cost around 900,000 USD. However, the problem is that you cannot rent that much hash power; you must buy mining rigs. If you buy 51% of the world's ETH mining rigs, you would already be a major player in ETH, and there would be no need to attack it. So it is mainly based on economic assumptions.

What about attacking PoS ETH? What are the costs?

This is also the brilliance of PoS; attacking it is very difficult. Because it is PoS, it requires miners to stake, and each block can ensure that its state is final.

What does it mean for the final state to be determined?

For example, still using ETC, if I want to buy your antique vase and pay you, due to the longest chain principle, you do not know whether the payment has been received or not, so its state is uncertain. Although the wallet shows that it has been received, this transaction could potentially roll back.

But wait, doesn't that mean BTC and ETH are also not secure?

No, the reason BTC and ETH require several block confirmations is simply that from a probabilistic standpoint, after several blocks, it becomes nearly impossible to chase the longest chain, so it is only 99.9…9% secure, as discussed in Satoshi's paper. As long as it is 99% enough, it can be considered basically secure.

Wait, you’ve confused me…

What does it mean to be 99.9…9% secure? It means that if I pay you 100 USDT, you received it, but if my mining rig has an incredible streak of luck and mines N blocks in a row, I can cancel that transaction, although the probability of that happening is extremely small. The so-called "final state is deterministic" raises the security probability to 100%!

How does PoS ETH achieve final determinism?

In PoS ETH, all nodes must "line up" for each block. Only when a certain block receives 2/3 of the locked ETH votes from the entire network is it considered valid.

In PoW, it is common for two miners to solve a problem simultaneously, hence the competition for the longest chain. However, in PoS, it is impossible for two blocks at the same height to simultaneously receive 2/3 of the votes because 2/3 + 2/3 > 1.

So what?

So under the PoS mechanism, once a block is on the chain, it can never roll back; it is deterministic. You can always trust PoS ETH; what you see is what you get, this is the final state, and it is as it appears.

I heard that ancient PoS had a very sneaky attack method…

If you are a big holder with 100 million tokens, one day, you sell all 100 million tokens for USD.

Then, you start attacking from the block before you sold, because you (once) had many tokens, you can quickly create a new longest chain and cancel that transaction where you sold for USD, thus becoming the longest chain. You can then have both the USD and the tokens back.

Could this method attack today's ETH?

The current deterministic staking PoS method has completely defended against this attack method—because rollbacks are not allowed.

So what should one do to attack PoS ETH?

You would need to own 2/3 of the staked ETH across the network, which, at current prices, amounts to 140 million USD, and you cannot use flash loans, making it extremely difficult for hackers. Moreover, even if hackers gather the funds, ETH has means to prevent such attacks. You can refer to https://arxiv.org/pdf/2003.03052.pdf.

With so much effort, what are you trying to say?

Do not be overly deceived by the narrative of L1; ETH itself, from theoretical proof to technical implementation to community accumulation, is very formidable, considering all aspects thoroughly, which gives a sense of trust in a secure foundation. Of course, Bitcoin also does well; Bitcoin even maintains backward compatibility in upgrades, making such a stable system worthy of being the foundation of the future financial system.

Thus, ETH is very hard to overturn, even if the opponent is a large miner.

So ETH to the moon.