The minority of honest nodes, even if it's just one, would have valid copies of both transactions proving the double spend.
And? Which transaction would be valid? Alice -> Bob or Alice -> Charlie? Or none of them? Who will decide, which version was first, and which was second? Not to mention, that if there is only one honest node, then by just sybil attacking it, the rest of the network can go in its own direction. At the end of the day, by hacking the nodes owned by some exchange, where your token will be listed, the price will dump. And because of no Proof of Work, the voice of the honest node will never propagate across the network, because nobody is forced to accept a second valid signature (because it is not needed for anything, and the chain of signatures is valid without conflicting transactions), while everyone is forced to accept a valid block with Proof of Work (because other nodes accept the heaviest chain as valid).
And any nodes that don't report both transactions are obviously participating in a Sybil attack and would be added to a block list for misbehaving.
In this way, any node can be quickly blacklisted. What if there were three valid transactions? Or four? Or five? And what if the private key was broken? If any node can be blacklisted by just not having a particular transaction, then any new node would be blacklisted by default. Because what about new nodes, which never heard about any conflicting transactions from the past? Which version they should download from their peers? All of them? If so, then it can be cheaply abused, by publishing the private key, and creating billions of conflicting valid transactions, and forcing everyone to download all of that.
On the other hand,
this is extremely disconcerting.
When Proof of Work is abused, the attacker have to constantly keep mining, and spend a lot of resources, to keep dominating the network. In any signature-based consensus, there is "once 51%, always 51%" rule instead. So, of course, there could be times, where Bitcoin would be attacked by 51% attacks. But at least it is possible to compete with those attackers, and the network is not doomed to be always controlled by a single entity.
Also, after reaching 51%, the attacker have an incentive to not put more resources into mining, because it starts competing with itself, and raising its own difficulty. Then, by just decreasing its own hashrate, it can save some money on electricity bills, because then, the difficulty is so high, mainly because of his own actions.
Another thing is: having 51% does not mean, that the network is under attack. It would be, if there would be some valid chain of blocks, and it would be overwritten by the new version. Then, old nodes would see both (or more) chains, while new nodes would see only the heaviest one. Which means, that in case of Proof of Work, if the attacker would start reversing transaction, then it would be possible to prove, that it is really happening. While in signature-based consensus, each signature is equal, and nodes don't know, which signature was replaced by which one.
Also, double-spending things, and overwriting the chain would mean, that the attacker would risk losing 51%, just by doing that, because then, he would spend a lot of computing power to mine the same blocks with a different content, over and over again. Which means, that if someone would have 60%, but would mine every block twice, then it would have only something around 30% of the real hashrate, and everyone would see a lot of stale blocks, similar to what can be seen in testnets, where CPU-mined blocks are reorged:
https://fork.observer/
