NOTICE: This question is now outdated; it refers to one of the older plans for the Casper Proof of Stake validation concept (including validators voting on multiple heights at once). The updated (hybrid Proof-of-Stake and Proof-of-Work) model can be seen detailed here
I understand from the Casper Proof of Stake FAQ that the roadmap for Ethereum is to implement a BFT-style (Byzantine Fault Tolerant) Proof of Stake block-creation scheme, where all users who have a stake can vote on individual block proposals to help them become finalized.
For Proof of Work, it's very clear what blocks should be "voted" upon by honest peers (ones whose hash is below the difficulty threshold, and whose timestamp is less than any other block that also meets the difficulty threshold). But how does that work for Proof of Stake; what criteria should honest peers/miners/stake-holders use to vote for blocks?
It seems to me if anyone with a stake can create a new proposed block, won't they all craft a block that grabs the highest gas-paying transactions out of the mempool and create a coinbase that pays it all to themselves? What incentive is there for stake-holders to vote for someone else's block (giving the coinbase to someone else) rather than for their own?
If those with a larger portion of coins get a larger vote, won't they be able to just outvote everyone else so their blocks (which pay themselves) get finalized more frequently, and lead to an ever-increasing split in wealth (the wealthy get more wealthy faster than those with less)?
Best Answer
The proposed proof of stake algorithm isn't a winner-take-all affair. Different validators bet on the accepted block. The winning block is the one that receives the most votes; votes are weighted by holdings, so, yes, a malicious actor could cause mayhem on proof of stake. However, they'd have to out-bet all other validators while still adhering to the Ethereum protocol (e.g., they cannot add arbitrary transactions) or else they forfeit their bet. So instead of needing 51% of hashing power, the bad actor would require 51% of the ether used for validating transactions. This is why the DAO attacker, with a large percentage of all ether, would have posed a problem for the transition to Casper.
And, yes, the rich get richer here, but these validators lose out on the opportunity to invest elsewhere. It's a bit like putting your money into a savings account instead of the stock market.
In terms of what honest peers vote for, they'd do the same thing as miners do now: try to include as many transactions that include enough gas fees in each block. Right now, a sufficiently powerful miner (51% attack) can effectively censor a transaction. And, as mentioned, they can't make transactions out of thin air: the rest of the nodes would confiscate the validator's deposit. It has been, and will remain the case with Casper, that the miners/validators choose which transactions to include. Honest miners assume that most miners are honest (otherwise, they're assuming a 51% attack) and will thus bet on the same block as they will, since they are following the same rules.
Clarification of (dis)honest stakers/miners
In North America, the law dictates we drive on the right-hand side of the road. During rush hour traffic, it might be beneficial to drive against traffic (if no one is using the left lane). If one person started driving on the left, the results would be more deadly to that person than society as a whole. But if most people start driving on the left, then it becomes more dangerous to drive on the right! The system is self-correcting so long as more people are driving on the correct side of the road.
Now, suppose there is a transportation company that accounts for 51% of all the road traffic. If that company decides to tell all its drivers to drive on the left side of the road, everyone else had better take heed! Alternately, if self-driving cars owned by individuals were all programmed to drive on the left if-and-when they became the most popular form of transportation, everyone else should follow suit and drive on the left.
Something similar happens in staking and mining. There might be a small benefit to disobeying the rules for drivers, but in Ethereum, if you're driving on the minority side, you will be run over (the Ethereum protocol will penalize you for being on the minority side in staking; you create a fork if you do it while mining); a minority staker cannot win against a majority staker. But if a majority is reached where different rules are followed, everyone else will be dragged along.
So why are drivers safe on the road even though most only own one or two vehicles? It's because they all assume everyone else will drive on the right because they, too, only own one or two vehicles. Similarly, your best bet for staking is that everyone has agreed that the Ethereum rules are good and should be followed (everyone should drive on the right side) and that everyone is going to drive on the right.
If every car decided to go in an unpredictable direction, there would be no traffic flow (every staker trying to exclude every other staker results in everyone getting penalties from CASPER, unless there is a majority staker, who then wins). So there is no reason for any individual driver/staker to break the rules and a strong disincentive to do so. And if a majority of stakers are following the rules, then they are all behaving the same way (driving on the same side of the road) and will, as a group, penalize/run over any staker who is breaking the rules.
Summary: non-colluding small miner can either lose everything staked by trying to be the sole validator or cooperate and earn some ether (unless the network is being successfully attacked). That is what is stopping the small miners from trying to get greedy.
Staking according to the rules when there is no monopoly or cartel is a Nash equilibrium.