After reading over what little documentation exists on safecoin some attack scenarios came to mind, the first is that safecoins are minted and granted to users based on a users “resources”, no literature exists to show how the network would authenticate that the user was in fact actually in posession of and providing said resources aside from a consensus of nodes which could easily be lied to by said user, except for say bandwidth.
The second issue falls in line with the first, how safecoins are transferred. Alice sends Bob 1 safecoin, the network receives this broadcast and finds 32 nodes with the closest XOR distance to Alice and accepts a consensus of 28 to validate the transaction, an attacker only has to setup 28 nodes with XOR distance closest to its target to steal Alices coin.
Whereas POW requires an actual result be produced to satisfy the test, and POS requires visible ownership of coins to validate trust, POR requires that each individual farmer honestly reports (or moreso doesnt hack a client to fraudulently report) their resources. This becomes more problematic when an attacker like for say in issue two sets up many hundreds or thousands of fraudulent nodes and has each report falsely the abundance of eachothers resources.
And whereas POW/POS blockchain solutions use a permanent public longest-chain approach to ensure miners are working together (and hopefully honestly if no one miner holds a majority of power), POR allows anyone to setup nodes with XOR distances close to their target and manipulate their transaction without any public knowledge.
Id be interested to hear what solution there may be to the first issue as this seems all to easy to game and undo the entire concept of safecoin, as for the second issue i see a solution but would like to hear what the developers have in mind.