I'm a Decred holder, mainly as a optional bet on Bitcoin suffering from lack of a governance model and PoW centralization. However maybe Decred also have some possible weaknesses? I see 2 weaknesses of PoS-only based securing of the integrity of the chain and voting in proposals. These are, using real world examples: 1 Peercoin where PoS is the only mechanism to secure the blockchain (save for checkpointing) suffers from the fact that people are content with holding their coins on exchange even though they can't mint with the coins when they do (don't ask me why... I even done this myself). This means that a malicious exchange could attack Peercoin using these coins, because they control the private keys. I understand that Decred offers some protection against this, because Decred is also secured by PoW, but an exchange would still be able to vote. 2 The PoS secured NuBits (https://www.nubits.com) offered voting on the blockchain. This did not fully protect the project from being attacked from within. From what I gather its creator, Jordan, had too many coins and therefor also voting power. As a DAO/DAC NuBits wasn't strong enough and many of the project members who considered blockchain based voting/governance model a feature, changed their minds about it and doesn't think it's a good idea any longer. I'm very curious to know what I'm missing here and why Decred doesn't have these kinds of weaknesses? I'm also curious to know if there are any former Peercoin/NuBits people here, who knows what I'm talking about here and don't see the above as a problem.
I'm not particularly intimate with the details of those PoS system or even Decreds, so my response might be a bit off, but here's my take: 1) The number of DCR a person (or exchange) has means nothing to PoS. It's the number of tickets you have. DCR used to purchase tickets are also locked until the ticket they purchased votes. This means that DCR involved in PoS are effectively nontransferable. For an exchange to use their customers DCR for voting, they would have to transfer them out of the wallets and lock them for up to 5 months. People would notice their balances change (DCR locked in PoS will not show as spendable) and they would not be able to withdraw any funds so the exchange would suffer a large loss of liquidity. Further there is a hard limit of 20 tickets added per block so no exchange could flood the pool faster than this. Finally, there's a soft cap on the total number of tickets in the pool. Every 144 block (2880 tickets) the ticket price is adjusted based on the number of tickets in the pool and the rate that new tickets were added in the last window. Eventually the ticket price would be so high that even an exchange wouldn't be able to buy many tickets. And remember that even if they did that their DCR are locked so they can't buy more when the price drops again. However, it IS possible for a stake pool to vote however they want with the tickets they hold, even if it is against the wishes of the purchaser. This ties in with your second comment and is addressed below. 2) Again, the pool size limit above applies here. This stops one person/group flooding the PoS pool with large numbers of their own tickets. Even if they bought up the whole pool (with huge fees) I'd say the most they'd get is about 4000 tickets (have a look at previous ticket cycles. The ones around 30DCR usually go up to 100 for the next cycle, and the max for the one after that is close to 300). So you could probably buy 2 windows out. A window at 30 would be 86400DCR then the next at 100 would be 288 000DCR. So it would cost 374 400DCR to buy 5760 tickets. The current pool size is just under 44 000 tickets. So 374400 DCR would give you about 13% of all tickets. Now you could wait a couple of days for the price to drop then start buying back up again. Except that most of your DCR will be locked in the ones you bought earlier (some will have voted) so your buying power for the new window is greatly reduced. But lets say you have super capital and bought all the DCR on all exchanges thus skyrocketing the price to BTC levels (thanks, by the way). So you were able to buy another two windows and replace those tickets that voted and were successful in buying all the tickets. Let say that take you up to about 25% of the tickets. Tickets for a block are chosen with a random distribution. To force a vote to go a certain way you would need 3 out of 5 votes for a given block which is 60%. You're less than half way there. And a vote isn't decided on a single block so you would need 60% of 75% (or whatever the final block tally is) of blocks in the voting period. And THEN you still need the PoW miners to confirm the votes. If they think someone is trying to game the system I believe that they can choose to invalidate blocks. So basically this is close to impossible, even if a single person has a HUGE percentage of DCR. But then we come to the stake pools. Stake pools, while not having access to any of their users funds, do have the ability to change votes on tickets assigned to them. This is why it is suggested that when joining a stake pool, people don't just go for the largest one. Decred is short for 'decentralised credit' so part of the spirit of PoS is ensuring that the PoS stake pools don't get too large in relation to the others. However, even Dyrk's stake pool, which is the largest at almost 20% would still only get on average one vote per block. So Decred was specifically designed to minimise impact from both large PoW and PoS pools as well as individuals (including developers) with large holdings.
Well said @Shadowlance. You said you aren't intimately familiar with Decred's PoS system, but your explanation is spot on!
Thanks for the well written comment @Shadowlance. My initial thought is that this sounds very good and promising.