Opportunistic Algorithmic Double-Spending: How I learned to stop worrying and hedge the Fork

In this paper we outline a novel form of attack we refer to as Opportunistic Algorithmic Double-Spending (OpAl). OpAl attacks not only avoid equivocation, i.e., do not require conflicting transactions, the attack is also carried out programmatically. Algorithmic double-spending is facilitated through transaction semantics that dynamically depend on the context and ledger state at the time of execution. Hence, OpAl evades common double-spending detection mechanisms and can opportunistically leverage forks, even if the malicious sender itself is not aware of their existence. Furthermore, the cost of modifying a regular transaction to opportunistically perform an OpAl attack is low enough to consider it a viable default strategy for most use cases. Our analysis suggests that while Bitcoin’s stateless UTXO model is more robust against OpAl , designs with expressive transaction semantics, especially stateful smart contract platforms such as Ethereum, are particularly vulnerable.

[1]  Nicolás Arqueros,et al.  A Formal Specification of the Cardano Ledger , 1970 .

[2]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[3]  Zhendong Su,et al.  Temporal search: detecting hidden malware timebombs with virtual machines , 2006, ASPLOS XII.

[4]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[5]  Ghassan O. Karame,et al.  Two Bitcoins at the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin , 2012, IACR Cryptol. ePrint Arch..

[6]  Ghassan O. Karame,et al.  Double-spending fast payments in bitcoin , 2012, CCS.

[7]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[8]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[9]  Meni Rosenfeld,et al.  Analysis of Hashrate-Based Double Spending , 2014, ArXiv.

[10]  Joshua A. Kroll,et al.  Why buy when you can rent ? Bribery attacks on Bitcoin consensus , 2015 .

[11]  Ghassan O. Karame,et al.  Misbehavior in Bitcoin: A Study of Double-Spending and Accountability , 2015, TSEC.

[12]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[13]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[14]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[15]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[16]  Vincent Gramoli,et al.  The Blockchain Anomaly , 2016, 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA).

[17]  Kartik Nayak,et al.  Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[18]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[19]  Elaine Shi,et al.  The Ring of Gyges: Investigating the Future of Criminal Smart Contracts , 2016, CCS.

[20]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[21]  Aviv Zohar,et al.  Bitcoin's Security Model Revisited , 2016, ArXiv.

[22]  Christopher Krügel,et al.  TriggerScope: Towards Detecting Logic Bombs in Android Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[23]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[24]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[25]  Edgar R. Weippl,et al.  The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy , 2016, Financial Cryptography.

[26]  Laurent Vanbever,et al.  Hijacking Bitcoin: Routing Attacks on Cryptocurrencies , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[27]  Jonathan Katz,et al.  Incentivizing Blockchain Forks via Whale Transactions , 2017, Financial Cryptography Workshops.

[28]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[29]  Massimo Bartoletti,et al.  A formal model of Bitcoin transactions , 2018, IACR Cryptol. ePrint Arch..

[30]  Ilya Sergey,et al.  A Concurrent Perspective on Smart Contracts , 2017, Financial Cryptography Workshops.

[31]  Guillermo Navarro-Arribas,et al.  Analysis of the Bitcoin UTXO set , 2018, IACR Cryptol. ePrint Arch..

[32]  Ethan Heilman,et al.  Atomically Trading with Roger: Gambling on the Success of a Hardfork , 2017, DPM/CBT@ESORICS.

[33]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[34]  Aggelos Kiayias,et al.  Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability , 2018, IACR Cryptol. ePrint Arch..

[35]  Jeremy Clark,et al.  A first look at the usability of bitcoin key management , 2018, ArXiv.

[36]  Hannes Hartenstein,et al.  Exploiting Transaction Accumulation and Double Spends for Topology Inference in Bitcoin , 2018, Financial Cryptography Workshops.

[37]  Sarah Meiklejohn,et al.  Smart contracts for bribing miners , 2018, IACR Cryptol. ePrint Arch..

[38]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[39]  Aggelos Kiayias,et al.  SoK: A Consensus Taxonomy in the Blockchain Era , 2020, IACR Cryptol. ePrint Arch..

[40]  Uwe Zdun,et al.  Smart contracts: security patterns in the ethereum ecosystem and solidity , 2018, 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE).

[41]  Aggelos Kiayias,et al.  Stake-Bleeding Attacks on Proof-of-Stake Blockchains , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[42]  Edgar R. Weippl,et al.  (Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice , 2018, IACR Cryptol. ePrint Arch..

[43]  Bart Preneel,et al.  Lay Down the Common Metrics: Evaluating Proof-of-Work Consensus Protocols' Security , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[44]  Friedhelm Victor,et al.  Measuring Ethereum-Based ERC20 Token Networks , 2019, Financial Cryptography.

[45]  Edgar R. Weippl,et al.  Pay-To-Win: Incentive Attacks on Proof-of-Work Cryptocurrencies , 2019, IACR Cryptol. ePrint Arch..

[46]  Ari Juels,et al.  Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges , 2019, ArXiv.

[47]  Rachid Guerraoui,et al.  The consensus number of a cryptocurrency , 2019, Distributed Computing.

[48]  Ghassan O. Karame,et al.  Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks , 2018, NDSS.

[49]  Jeremy Clark,et al.  SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain , 2019, Financial Cryptography Workshops.

[50]  Prateek Saxena,et al.  Exploiting the laws of order in smart contracts , 2018, ISSTA.

[51]  Robert Norvill,et al.  ÆGIS: Smart Shielding of Smart Contracts , 2019, CCS.

[52]  Aggelos Kiayias,et al.  SoK: Communication Across Distributed Ledgers , 2019, IACR Cryptol. ePrint Arch..

[53]  Ittay Eyal,et al.  SoK: Algorithmic Incentive Manipulation Attacks on Permissionless PoW Cryptocurrencies , 2020, IACR Cryptol. ePrint Arch..

[54]  Klaus Kursawe,et al.  Wendy, the Good Little Fairness Widget , 2020, IACR Cryptol. ePrint Arch..

[55]  Ittay Eyal,et al.  Pay To Win: Cheap, Crowdfundable, Cross-chain Algorithmic Incentive Manipulation Attacks on PoW Cryptocurrencies , 2020 .

[56]  Daniel Tschudi,et al.  Afgjort: A Partially Synchronous Finality Layer for Blockchains , 2020, SCN.

[57]  David C. Parkes,et al.  Double-Spend Counterattacks: Threat of Retaliation in Proof-of-Work Systems , 2020, ArXiv.

[58]  Yinqian Zhang,et al.  TXSPECTOR: Uncovering Attacks in Ethereum from Transactions , 2020, USENIX Security Symposium.

[59]  Manuel M. T. Chakravarty,et al.  The Extended UTXO Model , 2020, Financial Cryptography Workshops.

[60]  Min Suk Kang,et al.  A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network , 2019, 2020 IEEE Symposium on Security and Privacy (SP).

[61]  Katharina Krombholz,et al.  User Mental Models of Cryptocurrency Systems - A Grounded Theory Approach , 2020, SOUPS @ USENIX Security Symposium.

[62]  Gernot Salzer,et al.  Wallet Contracts on Ethereum , 2020, IEEE ICBC.

[63]  Srinath T. V. Setty,et al.  Byzantine Ordered Consensus without Byzantine Oligarchy , 2020, IACR Cryptol. ePrint Arch..

[64]  George Danezis,et al.  Replay Attacks and Defenses Against Cross-shard Consensus in Sharded Distributed Ledgers , 2019, 2020 IEEE European Symposium on Security and Privacy (EuroS&P).

[65]  Yajin Zhou,et al.  EthScope: A Transaction-centric Security Analytics Framework to Detect Malicious Smart Contracts on Ethereum , 2020, ArXiv.

[66]  Xinming Wang,et al.  ContractGuard: Defend Ethereum Smart Contracts with Embedded Intrusion Detection , 2019, IEEE Transactions on Services Computing.

[67]  Murdoch James Gabbay,et al.  UTxO- vs account-based smart contract blockchain programming paradigms , 2020, ISoLA.

[68]  Ari Juels,et al.  Order-Fairness for Byzantine Consensus , 2020, IACR Cryptol. ePrint Arch..

[69]  Raimundas Matulevičius,et al.  Exploring Sybil and Double-Spending Risks in Blockchain Systems , 2021, IEEE Access.

[70]  Arthur Gervais,et al.  High-Frequency Trading on Decentralized On-Chain Exchanges , 2020, 2021 IEEE Symposium on Security and Privacy (SP).

[71]  Ivan Visconti,et al.  Shielded Computations in Smart Contracts Overcoming Forks , 2021, Financial Cryptography.

[72]  Aggelos Kiayias,et al.  Securing Proof-of-Work Ledgers via Checkpointing , 2021, 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).

[73]  Sreeram Kannan,et al.  Order-Fair Consensus in the Permissionless Setting , 2022, IACR Cryptol. ePrint Arch..

[74]  Hayden Adams,et al.  Uniswap v3 Core , 2021 .

[75]  Arthur Gervais,et al.  A2MM: Mitigating Frontrunning, Transaction Reordering and Consensus Instability in Decentralized Exchanges , 2021, ArXiv.

[76]  Xiaoming Huang,et al.  Transaction-based classification and detection approach for Ethereum smart contract , 2021, Inf. Process. Manag..

[77]  Antonio Ken Iannillo,et al.  The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts , 2021, IACR Cryptol. ePrint Arch..