Stellar Lumens Network Halt: Trading Off Double Spends for Downtime
The Stellar Lumens Network came to a grinding halt after network validators were unable to reach consensus. The Stellar Development Foundation revealed the measures they will take to reduce such downtime in a blog post, May 17, 2019.
Stellar Network Went Down for an Hour
On May 15, 2019, the Stellar network completely shut down for nearly an hour after consensus was unable to be maintained. During the downtime, there were no double spends, the ledger just stopped functioning and no transactions were processed.
Despite community concern, safety was not compromised one bit as this was developed as Stellar’s temporary cyanide pill to ensure the ledger stays immutable and user funds are not affected. Stellar validators had lost contact with certain other validator nodes that were temporarily removed from their quorum set.
The network caters to over three million accounts and 150,000 transactions a day; while the trade off between uptime and double spends is reasonable, a protocol that aims to penetrate institutions cannot be allowed to have long outages. At the same time, these same institutions likely prefer the network coming to a stop for a while rather than their funds being compromised, so the differing perspectives make prioritizing slightly more ditficult.
Stellar Development Foundation is working on new updates to make sure downtime is limited and validators are able to see when they lose connection with other validators. In the recent past, Stellar has added a lot of new validator nodes; the foundation believes younger validators took on too much consensus too early and this was a contributing factor to the outage.
As a design choice, Stellar leans toward resilience and immutability over liveliness; this was corroborated by Ripple Inc CEO, David Schwartz, who said that Ripple and Stellar both decided it was best to compromise on uptime to ensure the ledger was resilient to attacks.
Safety Over Functionality
While Stellar understands they must limit such downtime, they rightly choose safety over functionality. At nascent stages of DLT, it is important for new users to have faith in the safety of the system – functionality can be improved and rolled out as time passed by, but safety is a fundamental requirement of a financial system.
Various measures are being taken to ensure validators that are down can be identified and restarted much quicker than they currently can, but this outage legitimately shows Stellar’s ability to ward off non-consensus decisions. Rather than seeing this as a negative this should be seen as a strong indicator of network safety; failed attacks make every network more resilient to future contingencies.