Vitalik on blockchain minimalism: Ethereum's community consensus is necessary, but don't let it overload

Ethereum co-founder Vitalik Buterin recently published a new article titled "Don't Overload Ethereum's Consensus," in which he mentioned various use cases of Ethereum's consensus and the potential issues of overuse. At the same time, he also urged to maintain the blockchain's simplicity and avoid irreversible consequences caused by expanding Ethereum's consensus.

This translation and summary are based on the original article. If there are any doubts, please refer to the original text.

Reusable Validators Low Risk and Community Consensus Overload High Risk Distinguished Cases

• Alice created a social network based on web3. If users can cryptographically prove that they control the private key of an active Ethereum validator, they will automatically gain a "verified" identity. This falls under "low risk".
• Bob cryptographically proves that he controls the private keys of ten active Ethereum validators to prove he has enough wealth to satisfy certain legal requirements. This falls under "low risk".
• Charlie claims to have disproved the Twin prime conjecture and knows the largest p that makes p and p+2 both prime numbers. He changes his staking withdrawal address to a smart contract where anyone can submit a counterexample q > p along with a SNARK proof that q and q+2 are prime numbers. If someone submits a valid proof, Bob's validator will be forced to exit, and the submitter will receive all remaining ETH from Bob. This falls under "low risk".
• Dogecoin decides to transition to Proof of Stake and allows Ethereum stakers to engage in "double staking" to increase its security pool and join its validator set. Ethereum stakers need to change their staking withdrawal address to a smart contract, where anyone can submit evidence when they violate Dogecoin's staking rules. If someone submits such evidence, the staker's node will be forced to exit, and the remaining ETH will be used to buy and burn Dogecoin. This falls under "low risk".
• eCash follows a similar approach as Dogecoin, but with an additional announcement: if the majority of participating Ethereum validators collude to review eCash transactions, they expect the Ethereum community to hard fork to remove these validators. eCash argues that this is beneficial for Ethereum as these validators have been proven malicious and unreliable. This falls under "high risk".
• Fred creates an ETH/USD price oracle that operates by allowing Ethereum validators to participate and vote, but without incentives. This falls under "low risk".
• George creates an ETH/USD price oracle that allows ETH holders to participate and vote. To prevent laziness and potential bribery, they add an incentive mechanism: "Participants who provide answers within 1% of the median will receive 1% of the ETH from those whose answers deviate by more than 1% from the median." When asked, "What if someone bribes all participants, and everyone starts submitting wrong answers, causing honest people to lose 10 million ETH?" In this case, if George responds, "Then Ethereum would have to fork to remove the bad actors," it falls under "high risk". If George evades the question, it falls under "medium-high risk" as the project may attempt to address such forks through incentive mechanisms. If George answers, "Then the attacker wins, and we will abandon using this oracle," it falls under "medium-low risk" as not entirely "low risk" since this mechanism could incentivize participants and advocate for forks to protect their deposits when a 51% attack occurs.
• Hermione builds a successful L2 claiming that because this L2 protocol is the largest, it is also the safest. If a bug causes funds to be stolen, the losses would be significant, forcing the community to fork to recover user funds. This falls under "high risk".

From the complex and diverse cases above, one can infer a straightforward context: if a protocol collapses entirely, the losses are limited to validators and users who choose to participate and use that protocol, making it low risk. However, if attempting to rely on the broader Ethereum ecosystem consensus to fork or reorganize to resolve issues, it becomes high risk.

Protocols in the middle of risk typically start as low risk but through incentive mechanisms, may transition to high risk. The mentioned SchellingCoin mechanism is a common example, as deviation from the majority consensus can result in severe penalties.

So, What Are the Problems with Overutilizing Ethereum Consensus?

To explain, Vitalik crafted a story.

In 2025, a group disappointed with existing options decided to create a new ETH/USD price oracle. This oracle allowed validators to vote hourly, with unconditional partial transaction fees as rewards. However, participants soon became lazy. They linked to centralized APIs, reporting false prices, or withdrew from voting when the API was attacked. To address this, they introduced an incentive mechanism. This oracle not only voted on real-time prices but also retrospectively voted on prices from a week ago. Severe penalties were imposed if real-time or retrospective votes deviated by more than 1% from the median, with fines distributed to those who "correctly" voted.

After a year, over 90% of validators participated. But someone asked, "What if Lido and other major stakers colluded to forcefully pass a false ETH/USD price through a 51% attack and heavily penalize non-participants?" Supporters believed that in such a scenario, Ethereum would fork to exclude the bad actors.

Initially limited to ETH/USD, the scheme seemed stable. Over time, other indices were added, including ETH/EUR, ETH/CNY, and eventually exchange rates of G20 countries.

In 2034, trouble began. Brazil faced an unexpected severe political crisis, leading to disputed elections. One party controlled the capital and 75% of the country, while another held a portion in the north. Mainstream Western media claimed the northern party was the legitimate winner, as their actions were legal, branding the southern party as illegal and fascist.

Official sources from India, China, and Elon Musk argued that the southern party actually controlled most of the country and that the international community should accept the outcome instead of trying to act as the world's police. By this time, Brazil had a central bank digital currency (CBDC), splitting into two branches: BRL-N in the north and BRL-S in the south. In the oracle voting, 60% of Ethereum stakers provided the ETH/BRL-S rate. The main community leaders and businesses condemned these stakers for bowing to fascism and proposed forking the blockchain. The goal was to include only "good validators" providing the ETH/BRL-N rate and reduce the balances of others to near zero.

In the social media sphere, they believed victory was assured. However, when the fork occurred, the power of BRL-S was unexpectedly strong, turning the anticipated overwhelming victory into a 50-50 community split.

At that moment, the two factions existed in separate universes, each with its own blockchain and no way to rejoin. Ethereum, as a global and permissionless platform aiming to free itself from national geopolitics, split in half due to an unexpected severe internal problem in one of the G20 member countries.

This is a high-quality science fiction story, even movie-worthy. What can we learn from it?

The "purity" of blockchain refers to its nature as a pure mathematical structure that seeks consensus in the realm of pure mathematics, which is a significant advantage of blockchain. However, once blockchain attempts to connect with the outside world, external conflicts begin to influence it.

Vitalik notes that the story essentially satirizes actual events in large countries with populations exceeding 25 million over the past decade. Extreme political events are not necessary; even price oracles have the potential to divide communities.

Here are several possible scenarios:

• One of the currencies tracked by the oracle, even the US dollar, experiences severe inflation, causing market collapse where the actual market price becomes uncertain after a certain point.
• If Ethereum introduces a price oracle for another cryptocurrency, situations similar to the controversial splits in the story are not mere speculation. Such events have occurred in Bitcoin and Ethereum's history.
• If strict capital control measures are implemented, determining which price to report between two currencies as the legitimate market price becomes a political issue.

However, there is a Schelling Fence: once blockchain starts incorporating real-world price indicators into L1 protocol functions, it may face challenges explaining more real-world information. Introducing L1 price indicators also increases blockchain's vulnerability to legal attacks, as blockchain is no longer just a neutral technical platform but explicitly a financial tool.

Aside from price indices, are there other risks?

Any extension of Ethereum's "responsibilities" increases validators' operational costs, complexity, and risks. Validators need to invest human resources to monitor, operate, and update other software to ensure compliance with protocol requirements.

Other communities may externalize their dispute resolution needs to the Ethereum community, forcing validators and the community to make more decisions, each of which could lead to the risk of community division. Even without a split, the expectation of avoiding this pressure creates additional incentive mechanisms, externalizing decision-making to centralized organizations through staking pools.

Moreover, the possibility of splits enhances the "too big to fail" mechanism. Ethereum hosts many L2 and application-layer projects, and the Ethereum community cannot practically fork to resolve all issues, limiting community consensus.

As a result, larger projects have a higher chance of receiving rescue. This leads to larger projects establishing a moat effect: "Would you be more inclined to place tokens on Arbitrum or Optimism in case of problems? Or choose smaller projects like Taiko?" If the former, Ethereum may fork to save these projects. However, if the latter, due to their smaller scale and non-Western nature with less community connection to the core development circle, the likelihood of assistance from L1 is lower.

But Bugs are a Risk, and We Need Better Oracles. What Should We Do?

Vitalik believes that the best solutions to these issues should be tailored to various problems. Here are some solutions:

• Price Oracles: They can be a partially cryptoeconomic decentralized oracle or an oracle based on validator voting. These oracles explicitly commit to not relying on L1 consensus or a combination of both for emergency recovery strategies.

  For instance, oracles can establish trust assumptions that participants will degrade slowly, alerting users to an attack in advance and allowing them to exit any system dependent on that oracle. Additionally, such oracles can deliberately delay reward distribution to prevent participants from receiving rewards when the protocol loses utility—for example, oracle failure and community shift to another version, where participants cannot claim rewards.

• For more complex truth oracles subjectivity: Build a decentralized court system on a non-fully cryptoeconomic DAO.
• L2 protocols:
  Short-term solution: Rely on partially trained auxiliary tools.
  Medium-term solution: Rely on multiple proof systems, including trusted hardware such as SGX, but strongly oppose using systems like SGX as the sole security guarantee.
  Long-term solution: Aim to incorporate complex functionalities like "EVM verification" into the protocol.
• Cross-chain bridges: Similar to oracle logic but attempting to minimize reliance on cross-chain bridges. Assets should remain on the original chain, transferring value between different chains using atomic swap protocols.
• Utilize Ethereum validators to protect other chains: In the example above, one reason Dogecoin's approach may lack security is that while it can prevent a 51% finality-reversion attack, it cannot prevent a 51% review attack.

  However, if relying directly on Ethereum validators, the potential direction is to completely abandon managing an independent chain and instead become an effective validation system anchored by Ethereum. If a chain adopts this approach, it would offer as strong protection against finality-reversion attacks as Ethereum and secure up to 99% against review attacks, not just 49%.

Vitalik's Conclusion

The community consensus of the blockchain community is fragile but necessary. Upgrades, bugs, and 51% attacks are always possible. However, this consensus easily leads to the risk of chain forks, and caution should be exercised in mature communities.

Naturally, people wish to expand blockchain by adding more features to its core functionality as it holds the most extensive economic influence and community attention. However, each expansion makes the core more fragile.

We should be wary of application layer projects taking action, risking expanding the blockchain consensus "scope," unless these actions adhere to validating the core Ethereum protocol rules. It is natural for application layer projects to attempt this but often lacks awareness of risks, which may conflict with the community's goals.

This process lacks limiting principles and could lead blockchain communities to increasingly have more authority over time, facing an awkward choice: either risk high fork risks or form a bureaucratic system that effectively controls the chain.