Low-cost attacks on Ethereum 2.0 by sub-1/3 stakeholders

We outline two dishonest strategies that can be cheaply executed on the Ethereum 2.0 beacon chain, even by validators holding less than one-third of the total stake: malicious chain reorganizations (“reorgs”) and finality delays. In a malicious reorg, an attacker withholds their blocks and attestations before releasing them at an opportune time in order to force a chain reorganization, which they can take advantage of by double-spending or front-running transactions. To execute a finality delay an attacker uses delayed block releases and withholding of attestations to increase the mean and variance of the time it takes blocks to become finalized. This impacts the efficiency and predictability of the system. We provide a probabilistic and cost analysis for each of these attacks, considering a validator with 30% of the total stake.

[1]  Ertem Nusret Tas,et al.  Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma , 2020, 2021 IEEE Symposium on Security and Privacy (SP).

[2]  David C. Parkes,et al.  Defending Against Malicious Reorgs in Tezos Proof-of-Stake , 2020, AFT.

[3]  Daniel J. Moroz,et al.  Selfish Behavior in the Tezos Proof-of-Stake Protocol , 2019, Cryptoeconomic Systems.

[4]  Ari Juels,et al.  Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges , 2019, ArXiv.

[5]  S. Matthew Weinberg,et al.  Formal Barriers to Longest-Chain Proof-of-Stake Protocols , 2018, EC.

[6]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[7]  Yongdae Kim,et al.  Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin , 2017, CCS.

[8]  Kartik Nayak,et al.  Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[9]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[10]  Aviv Zohar,et al.  Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[11]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[12]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[13]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.