The miner reward block can be reliably forked away using gap transactions

[PlasmaPower]

As brought up on Discord, by submitting a reward block replacement ahead of time to nodes, the reward block can be replaced by either a malicious miner or a malicious user. The nodes will use the transaction they got first, even if they didn't have the user block yet.

[anarkrypto]

As mentioned in Discord, in fact the vulnerability is present in the current version of P2PoW. But the solution has already been thought of and will be incorporated in version 3.0 of P2PoW.

Solution:
The user sign and send to the worker several possible valid user blocks using the same previous, each with their own reward block. Suppose 20 user block and 20 reward block for each worker.

What will be different in each of these transactions is the representative field. Soon each block hash will be different.

The worker decides randomly which one to use. The user and other workers does not know, so it does not pay to validate a fork as this would be more expensive. In this case, the chance of success would be 1 in 20. The attack becomes impractical.

The update may take a little longer for the user to sign the extra transactions, to keep it as low as possible. In current tests 20 transactions took ~ 400ms in javascript directly in the browser. But it can be improved significantly with multiple web workers + web assembly as suggested. In non-web implementations the signature can be done directly in low level (c, c++, rust)

Thank you very much for your contribution @PlasmaPower