Right, looks like the white paper needs to be rewritten then. I am still skeptical of using federated nodes with high stake in any context, including at a network level with relay validation, as there is a risk of cartelization and collusion (the high stake excludes most people who can’t afford it), rent seeking with higher relay fees, censorship risk, and a resulting poorer experience for users. Even the paper identifies a one-kill-at-a-time collusion attack, without proposing a solution, while transactions could also be censored. Speculating, maybe liveness faults could occur if a cartel of federated nodes blocked all relays as invalid for a time, although I suppose that new nodes could fairly quickly form to replace the cartel.
A cartel or majority could also commit a takeover bribing attack, while federated nodes do not participate in consensus, they could still potentially control a longer running new canonical chain to be created by relaying blocks that are created by validators randomly shuffled as block proposers that enter into a bribing contract, which would potentially create liveness faults or block skips if validators that aren’t in the bribing contract propose blocks and such blocks don’t get relayed due to being voted by the majority cartel as invalid. Relying on a user-activated soft fork to overcome such attacks is not a good thing to do, IMO.
See also:
https://research.pokt.network/t/an-alternative-to-federated-nodes-for-relay-validation/40