Pluggable consensus and rollbacks

It’s very impressive just how long you — and your entire team — have persevered. I learned of MaisSAFE back in 2012 when researching distributed networks. And around 2016 I really got into learning about its design.

I really like a lot about it — and I wish there was a way to add a bit more flexibility into the consensus algorithm and make it pluggable. Over the years, there are only two things I wish to change with SAFENework, and they are easily enabled:

  1. Non-divisible coins. This is a minor point. MaidSAFE was brilliant for treating safecoins as files, and it would just need denominations and so on, to allow arbitrary balances to be transferred. But even without that, MaidSAFE could be THE platform for NFTs (non fungible tokens, the next big craze) as they are non divisible so they are perfect for hosting on MaidSAFE if it was launched now. Instead many will be launched on Ethereum and other blockchains which are totally overkill for NFTs.

  2. This is the big one. Ability to have a different consensus model. I think both I and Vitalik Buterin have expressed concerns over the years that a section should be able to recover from a consensus failure. There are ways to do consensus in much more robust ways, and eventually recover from attacks on even 99% of the nodes.

Nodes that have provably signed conflicting or nonsensical messages would be placed on a blacklist gossipped by all honest nodes, and after some churn, the blacklist could be discarded so it doesn’t grow indefinitely. Periodically, there could be network-wide consensus about one random scalar value, which could help do checkpointing (after which a blacklist wojld be discarded).

Anyway, there are other reasons for a pluggable consensus. A major one is ability to do reliable smart contracts and code that runs as “stored procedures” on this wonderfully secure network. However, for this to happen, the vaules need to be able to execute code and roll back transactions on a certain command, rather than execute anything that was signed by one of the “owners” of the resource. Right now the owners are a trusted party for the purposes of business logic, but in 2021 we want smart contracts, not trusted parties, and it’s a shame if MaidSAFE falls short in that department.

These expansions could all be possible with one small tweak: making the consensus algorithm pluggable. Allow vaults to run virtual machine code (and perhaps charge for it, but a section running code would be nowhere near the cost of the entire network doing it) and one of the opcodes would be to rollback. Realistically, the EVM is the most popular compilation target, but if you want you can even make the virtual machine opcodes pluggable and only care about implementing rollbacks.

If you do ever implement support for smart contract code at the vault level, to allow them to execute the code and process a rollback — then I can get the Intercoin and Qbix projects to work on top of SAFE as a backend and take advantage of ALL the rest of the features. It would save us a huge amount of work and extend your network by tens of thousands of machines.

Please see these three links:

About Qbix being able to deploy tens of thousands of nodes, we were the first to try to put mining in our apps as a way to pay for them. We are not super proud of this news story three years ago (which broke while I was on a cruise) but it did get into all the major tech publications and even BBC and Newsweek due to how many users we have:

Since then we have even more nodes we could deploy to run MaidSAFE with consentual opt-in agreemenrs with our users. But we would need to achieve our business objectives, which are listed here:

Frankly, if you made MaidSAFE support the EVM, then not only we but most of the DeFi world would take a serious look at MaidSAFE as an infrastructure for executing smart contracts. Today they think of silly financial games, like flash loans and yield farming, but we could do voting, governance, roles, permissions, community currencies, universal basic income, and autonomous smart contracts manipulating entire datasets. Something to think about for an autonomous network!


Excellent post, I will come back to it (heading to bed now), but this point is important. These nodes must be penalised, maybe killed.

This part is interesting, we are moving to very simple, but solid consensus/agreement mechanism now. That means we have a consensus where the work is done by the proposer (it means spammers etc. have a hard time and the network always has an easy time).

We need to write this up, but consensus should not be a one size fits all. We have different models. The most basic differences are:

  1. Data that can fork and resolve forks (like document editing, git etc.)
  2. Data that can never fork (like cryptocurencies)

These 2 fundamental types are important to quantify and many networks don’t, they go for one or the other and IMO that is a mistake.

The other part is consensus needs to be simple, so no Dag’s, no weird calculus etc. but simple and solid. The aim is unfailable operations and off-line first ops. We are now at this place and I hope it moves the whole state of the art forward. There is no need for complexity here. In saying that that background thinking (like CRDTs) is hugely complex, but the API/outcomes are simple. We need that simplicity and solidity to make this all come together. If nothing else it will prove that total order/time etc. are not required and also there is no one size fits all consensus algorithm and that should open a lot of eyes. At least I hope it does. This all needs to be simple.

Anyway, I do need to sleep now, but nice post Greg. Thought provoking.


Cool to have you here Greg!

I don’t think the network should cater to other networks though. At least not the core network. Creating a similar consensus mechanism that allows for interoperability could always be built on top. Also a non divisible token for NFT’s and the like could be created with a data type and wouldn’t be reliant on Safe Network Token itself.

I bet you guys could be the ones to tackle it. Someone here or there will have to pick up the hot potato before tossing it off to the next group.


How about you stake some SafeNetwork Tokens when you are running a node, if the node shows bad behavior it will directly lose it’s stake. I believe the stake would be not too high so still many people can run nodes and earn SNT, but high enough to make it unattractive to even perform one bad behavior.

The stake if taken away could then be used to pay well behaving nodes and show that we want to reward those nodes extra.

1 Like

We kinda do, but don’t require a stake. A node earns as it goes, but does not get a payment until the node gets promoted (age increase). So that allows folk to run a node free but payments are all held on it’s behalf. I am not 100% if we currently remove those rewards on bad behaviour, but we will do. @oetyng is our man on the ground in rewards at the moment.


It’s a sort of proof of work/farm - as the labor is your stake, but if you are caught not performing it properly, you lose the reward.


Does this hinder new nodes? What happens for nodes that have no tokens yet?

I feel like staking the node age (ie bad behavior → age reduced) is probably enough and avoids a lot of complexity.


Yes you are right, as long as there is a good penalty, full age reset/blacklisting and losing all pending reward seems to be good.


I’d say NFT ownership should be relatively easy to implement at the application level, using sequence data types. Better still, the actual digitised content can also be stored directly on the safe network. I believe this is already better than what you can do with blockchains.

To elaborate, it should be relatively trivial to associate a sequence with an immutable data item. This sequence could define the most recent owner, along with all previous owners. An ownership change could be initiated by both the sender and receiver signing the transaction.

I mused over an outline concept and some extended use cases here, but there are probably many ways to improve on this approach:

Arguably, private NFTs could be a feature, but as with any data, there is nothing to stop the seller taking a copy before it is transferred. In this sense, tracking ownership is more important, imo.

I’m wondering what all the recent fuss is around NFTs though. Haven’t they been feasible on blockchains for a while? I thought they’d been done years ago (can’t remember the project), but it does seem like there is a lot of hype around them atm.


NFTs appear to be nonsense.


Still can’t believe how much money this asshat made off them -

I’d argue NFTs are still not feasible on blockchain. Take digital art, for example. The data (I.e. art) can’t be stored on chain as it costs ~$4M to store a gig of data on Ethereum’s chain. This means that the underlying digital asset can’t actually be secured or truly owned. It also makes for a horrifically expensive and terrible user experience for the artist, buyer and future seller. Safe could easily address all of these issues.


One of the areas where I think NFTs have great potential is in-game economies to track ownership of items in a game and making it easier to transfer items or even characters between games. An item could be signed by a game creator and the content could be something like the stats of the items and a 3d model of the item, then with a ledger you can see if a user has ownership that can be traced back to the original game creator.

The item stats or 3d model could be copied, but that’s not the important part, the ownership is. Games could be made to recognize those stats only if it can proven to be the item originally created by the game creator. Also then any game could decide to allow import of items from any other game if they choose to.

I imagine SAFE could be integrated with MMOs (massively multiplayer online games) in various ways in the future. Perhaps even as a backend at some point, though there’s lots of issues there related to latency. One way around this might be that the clients themselves do most of the calculations, but then SAFE nodes with compute or some plugin could also run calculations, e.g. a physics engine. Normally each user would just calculate on their own computer and GPU what’s happening, where bullets are moving etc, but if there’s a disagreement, for example if one users tried to cheat with a modified client, nodes could come in to settle the dispute and the cheating client could get punished. Sending keyboard and mouse movements between users needs to be very fast, not sure if SAFE consensus with be fast enough, but a game could choose to send this data between users who are at same location directly, peer-to-peer, or through an intermediate node to preserve anonymity between users. The data would also be sent to the SAFE network in case a dispute resolution is needed. Would be great if consensus on SAFE would be fast enough though, for a game like online chess it would be for sure, but we’ll see what tricks game developers come up with for realtime games, even today with just servers many tricks are used.


Ethereum have a page up with some use cases too, including the above:


Yup, there’s already examples of this. People selling tweets as NFTs and then deleting them afterwards.

1 Like

Interestingly, using ‘safe xorurl ’, you can generate an XORURL for something which does not yet exist on the safe network too. This presents an interesting angle. You could create a NFT, based on an XORURL, while keeping the digital content private.

As far as I understand it, an XORURL is essentially a hash. Given hashes are used to validate the source data is a match, without being able to reconstruct it, this is useful. It means the NFT could pass ownership of a verifiable, but not publicly known, data item. So, the transfer of the item could be handled out of band (if desirable), but still validated as being genuine.

It could also be published at any time, to make it public and validate to everyone else that it is genuine, as it is attached to a safe URL. Maybe of some use some how… :slight_smile:

EDIT: If there was a way to confirm the sequence of events (a network tick/timer of some sort - heretic, I know! :D), publishing the NFT referencing the content, prior to the content, would guarantee the direct association between NFT and data. I.e. if you know where the data will go, before it goes there, you have prior knowledge of the data before anyone else does.


I think they might have a use case when vast amounts of the public are wearing augmented reality goggles, glasses, and contacts most of their waking hours. People will be able to see public NFT sculptures. Hang art in their house that is seen through the AR by anyone in the home. If you want one for your house you’ll need to buy one somewhere.
I know it will take a few years but such sets will be as common as cellphones at some point. You might even overlay clothes by designers that the public sees and these also could be tradable NFTs. It’s weird to me. Personally I will prefer organic reality. I think many will prefer digitally overlaid reality over analog.


Sellers can make a copy of NFTs, anyone can. I remember an active WaReZ and CrAckZ scene growing up for all kinds of licensed software. NFTs shouldn’t be about read access.

NFTs should be about permissions to write to a section of a certain space (namespaces, domains, geographical grids etc.) and get others to see it. Think MillionDollarHomePage.

1 Like

I am going to start a new thread just about making SAFE support smart contracts.


Yes Safe is a perfect way to store NFT’s since you store the item on Safe and then the address of the chunk or the address of the datamap becomes the key and we could allocate a specific tag for each type of NFTs and like NRS there is a address of the item and any other relevant info for the item (meta data if you want) stored in the NFT record.

A game expecting a large number of NFT items could allocate their own tag, or just use a general one.

No need for blockchains or such thing.