Securities

There are several security concerns with the current protocol for distributing rewards in our network. These concerns involve both clients and miners who might act dishonestly.

1. Malicious Clients: Sometimes, clients might give unfair negative reviews to honest service providers. To deal with this, the system can compare a client's reviews with others. If a client consistently gives different feedback from the majority (for example, rating a service as bad when most rate it as good), their access to the reputation system could be restricted for a set time. If they continue giving biased reviews, this restriction time could increase exponentially, like doubling with each offense.

2. Malicious Miners: On the other hand, miners might refuse to provide services or deliver poor quality services. This would quickly reflect in their reputation scores. While a low reputation score doesn't directly affect their rewards, it does reduce their chances of being assigned new tasks. Miners with better reputations are more likely to be chosen for service requests.

3. Attacking the Reward Protocol: A more complex attack involves someone acting as both a miner and a client to manipulate the reward system. They could create fake service exchanges to inflate a miner's contribution unfairly. To prevent this, the system could use a mechanism where coordinator nodes, instead of clients, choose service providers based on their reputation and a random selection process. This process is inspired by the verifiable random function (VRF) used in systems like Chainlink. Essentially, a random number generated by VRF is used to help pick a miner, with those having higher reputation scores more likely to be chosen.

To further protect against such attacks, the system might limit how many requests a client can make. Once a client reaches this limit, they are temporarily blocked from making new requests. This helps prevent flooding the system with fake requests.

4. Uncharged Protocol for Decentralized AI Services: The system also includes a protocol for requesting AI services. Here’s how it works:

1. Token Lock and Service Pass Acquisition: A client begins by locking in some tokens. In return, they receive a service pass.

2. Service Request Initiation: The client uses this service pass to make a request for a specific AI service.

3. Service Pass Verification: The system checks the validity of the service pass before proceeding.

4. Service Provider Selection: A service provider is chosen through a reputation-based random selection process. This ensures that providers with higher reputations have a better chance of being selected.

5. Service Provision or Queueing:

   • If the selected service provider is available (status: ready), they will proceed to fulfill the service request.

   • If the provider is currently busy, the request is placed in a queue to be addressed later.

6. Feedback and Reputation Update: Once the service is provided, the client gives feedback on the quality of the service. This feedback is then used to update the service provider's reputation in the system.

This approach helps to ensure that the reward distribution is fair and secure, protecting against potential abuses from both clients and miners.