I think this is an important point. Changing the state arbitrarily or executing invalid transactions should indeed be impossible without corrupting 2/3 of the nodes (or 2f+1 to be precise), but I think we can already have bad attacks with only 1/3rd or > f corruptions. This is because we want to reach consensus without making any assumptions on the network. So unlike bitcoin, where things rely on everybody seeing the longest chain, we do not want to make such assumptions. This problem of asynchronous consensus can only be solved with f < n/3 corruptions (see eg wikipedia). That means that also in the internet computer, if you can corrupt f+1 parties and in combination with that you can do a network attack, then you can already “fork” the blockchain (two distinct chains could be finalized). This already allows double-spending attacks. So in summary, I think we should do all calculations aiming to keep f < n/3.
4 Likes