Less than a week ago, we at EOS Go in collaboration with the security engineer Dexaran, published an analysis of some stress tests performed on the EOS mainnet. The analysis showed that with a minimum amount of EOS it is possible for an attacker to send the network in congestion state. Additional resources stress tests led Block.One to consider and propose a solution.
Network congestion mainly results from the distribution of free bandwidth, which leads users to the mistaken belief that they are entitled to a higher amount of resources than the actual amount. Indeed, as explained by Block.One, "The underlying principle of EOSIO is that if you own 1% of the tokens you may utilize 1% of the available bandwidth". However, to date unused bandwidth can be freely used by others proportional to their tokens as a Free Surplus Bandwidth.
When the network enters the congested state, the free surplus bandwidth is automatically removed, bringing back the correct distribution of resources with respect to the proportion of EOS tokens held. Users who do not understand the underlying operation of EOSIO, see the removal of free surplus bandwidth as a limitation of their resources, when on the contrary its existence is a bonus in their favour when the network does not experience high volumes.
With the release of REX you can rent resources from other users at a very low cost, currently with just 1 EOS/month you can perform 100,000 transfers per month. In addition, with the upgrade to EOSIO v1.8, smart contract owners, i.e. dApps, will soon be able to pay for resources in respect of their users. Given these two features, Block.One believes that in the specific case of the EOS mainnet, we must now assume that the network operates constantly at high volumes. For this reason it is necessary to remove the Free Surplus Bandwidth, from which we can expect 4 important results/benefits:
At the moment the Block.One team is already working on a feature that allows BPs to remove the free surplus bandwidth gradually. In the meantime Block Producers can already use the grey list feature to limit the operations of users who are abusing the free bandwidth.
"The advent of REX and EOSIO 1.8 now eliminates the need to offer free bandwidth during uncongested mode in order to keep bandwidth costs extremely low. The maturation of public blockchains running on EOSIO to allocate network resources solely to “staked” participants will introduce stability and predictability in line with proven best-practice models for network and hosting resource allocation."